Microsoft has now activated updates to attach 161 safety vulnerabilities in Windows and similar software, adding 3 weakness “zero” that are already under an active attack. The inaugural patch of the Redmond packages on Tuesday 2025 packages more correction that the company has sent in a pass since 2017.
Adam Barnett of Rapid7 says that January marks the fourth consecutive month when Microsoft published zero day vulnerabilities on Tuesday evaluating one of them as a critical gravity at the time of publication. Today it has also noticed the publication of nine critical vulnerabilities for the execution of the Remote Code (RCE).
Microsoft defects that already see active attacks come with CVE-2025-21333, CVE-2025-21334 and guessed IT-CVE-2025-21335. These are sequential because all reside in Windows Hyper-V, a component strongly incorporated into Windows 11 fashion operating systems and used for protection features, adding device care and data identification protection.
The Tenable Satnam Orange says that little is known in the exploitation in the window of these failures, apart from the fact that all are vulnerabilities of “climbing privileges. ” Orange said we have a tendency to see a lot of elevation of the privileges of the privileges exploited in nature as 0 days on Tuesday, because it is not an initial access to a formula that is a challenge for the attackers because they have several ways in their prosecution.
“As a elevation of privilege errors, they are used in the context of the activity after the commitment, where an attacker has already accessed an objective system,” he said. “It is a bit as if an attacker could enter a safe building, he cannot access safer parts of the installation, because he will have to prove that he has authorization.
Several insects addressed today have won CVSS scores (classification of threats) of 9. 8 of 10 possible, adding CVE-2025-21298, a Windows weakness that can allow attackers to execute arbitrary code through obtaining a goal to open a Malicious archive documents opened to desktop programs such as Microsoft Word. Microsoft has evaluated this “more likely” defect.
Ben Hopkins at Immersive Labs was based on the CVE-2025-21311, a “critical” error of 9. 8 in Windows NTLMV1 (NT Lan Manager Edition 1), an old Microsoft authentication protocol that is still used through many organizations.
“What makes this vulnerability so shocking is the fact that it is remotely exploitable, so that attackers can succeed in the commitment devices on the Internet, and the attacker does not want wisdom or important skills to download good reproducible fortune With the same payload through any vulnerable component, ”Hopkins wrote.
Kev Breen à Immersive indicates an attractive defect (CVE-2025-21210) that Microsoft has established in its full-album of Bitlocker disk encryption that the software giant has nicknamed “more likely exploitation. ” More specifically, this error maintains the option that in safe situations, the hibernation symbol created when the computer lid ends in a Windows Que
“Hibernation photographs are used when a computer sleeps and includes the content stored in RAM when the device has spread,” Breen said. “This has a significant perspective has an effect because RAM can involve delicious knowledge (such as passwords, identity data and PII) that would have been possibly in open documents or browser sessions and everyone can recover with loose equipment for hibernation files” .
Orange of Table also highlighted a trio of vulnerabilities in Microsoft Access Constant this month and was attributed to Doblared. Monitoring in CVE-2025-21186, CVE-2025-21366 and CVE-2025-21395, those are insects of remote code execution that can be used if an attacker convinces a goal of downloading and executing a malicious record through the social engineering. Deconnantonnante. AI was also identified for having discovered a failure on Tuesday Patch in December 2024 (CVE-2024-49142).
“The Vulnérababilité AutomatiSée used l’i a I will attemate Beaucoup d’Aringation, il est maid à noter of vouir ce Service attribute à los angeles reche de bogues dans dans produces Microsoft”, I observed orange. “It can be the first of many in 2025”.
If it is a Windows user who has automatic disabled updates who have not been updated for some time, there is probably time to play. Save vital files and / or the total hard drive before updating. And if you meet the disorders that install the correction lot of this month, place a line in the comments below, please.
More in the depth in Microsoft’s corrections:
Tenable blog
Without Internet Stormy Center
Ask Woody
Based on the wording of Microsoft, CVE-2025-21298 does not seem to force users to open RTF files, as are recently in this article (such as those that arrive as an attached file by email). Vulnerability turns out to be connected to the OLE so that the perspective is affected, so everything that the attacker will have to do is send an email specially designed to an objective that outlook uses. This is a somewhat vital difference (the user’s express interaction is not necessary) and I think that is why it is evaluated in 9. 8.
Speaking of Microsoft, there is an existing article on a doubt code in nucleus 6. 13 sent through a Microsoft engineer that may have caused serious disorders with safe systems.
A fun name in the problem: “Microsoft takes out a window while breaking Linux in Intel and Angers AMD processors in the process”
I just bought a Lenovo Neo 50t. He plays Ubuntu Pro 24. 04, but will have to be done through force with respect to Windows. This is a double starting machine, with Windows 11 Pro on some other score. In the installation, and now in the update on Tuesday, 11 Pro makes a Didlaner decision with the Get Starter series in UEFI and position yourself first. This forces me to return to the UEFI and reposition the Get Starter series. Even with an administrator password in UEFI.
Oh yes, I just have to like Windze! I wonder if they simply do not mind using their victory at the bank. He continues to use it.
Oh, look, going to a troll.
I am in Win10. The updates were fine.
When are we going to the writing of code in AI, which, hopefully, will produce a greater and stricter code with less damaged safety updates needs?
The AI does worse than human programmers do now.
“AI cannot do worse than human programmers do now. ” Do we hallucinate? They literally depend on human errors through thousands of millions and weigh all together. “I could,” you build the AI that has been trained in most productive practices and all those intelligent things, of course, but that is not what it is. They can’t even perceive human members yet. And when you take a tool like AI and you put it in the hands of other people who obviously do not check their paintings well enough, do you think it will be the assertive snapshot panacea? Four out of five doctors know that you can’t eat rocks in the pizza and call it well.
AI can attend the writing of the code, but they are only intelligent as their knowledge and educational supervision. They can accelerate repetitive responsibilities and recommend improvements, but without Dang review, they can reproduce or even obtain worse mistakes. In addition, you will literally find disorders with security update, this is called improvement that no one is better and AI is far from that at this time.
Does anyone else have network disorders after installing updates? Installed, you can then attach to Google and YouTube, all other sites below. Images 2 of the 3 updates, and everything works (I left the Thearraynet Framework update).
Wow is weird. Thanks for the message!
Yes. Our modem / domestic router is an old router compatible with Arris Docsis 3. 0 bought almost 10 years ago (I have to use an ancient edition of Falkon to attach to the router because its TSL edition is too low for fashion browsers). The Firewall adjusted to Alto. After the patch, on Tuesday my wife’s computer and the computer of my paint (either Windows 10) showed web access, but the browsers refused to attach to a website that we have tried. Changing the average firewall has solved the problem.
As shown a few months Apass, those who feel trapped in Windows 10 due to an older device can go to Windows 11. October 2025 is the last month to obtain security updates on Windows 10array
I have a 10 -year -old i3 computer that I updated Windows 11 See 24h2 with the procedures discussed and won very well the patches updates in December and now in January. The procedures do not break any Microsoft rule, but Microsoft warns “warns” that there would be a road disorders in the execution of Windows 11 in the device that is not completely up to the height of its standards.
The procedures were received first on the Internet and were replaced a bit. The procedures detail the internet tasks of those that come.
Obtain BSOD and consider in several rounds and laptops Win 10 after updates 2025 01. They were all raised before this week. Will continue to publish here as the updates of progress after the Mortem.
The update consisted of obtaining an error 0x800f0845 on my computer offline Ai Win 10 Pro AMD 5800H 64 GB RTX3060m, records and symbol of the constant registration formula with SFC and DISM. There is no Bsod later. Will publish if others are particularly other cases. Happy Trump 2025! Look at golf while America burns and drown! The call is kakistocracy and non -didiocracy!
@Polbel
When available, I would possibly receive the TDS vaccine in which Dr. Fauci works with the financing of Bill Gates. I hope this cannot be worse than the condition itself.
Can I realize that you did not like vaccines, with intellectual and the availability of drugs on horseback?
TDS = Trump Alzheimer’s. There is no known vaccine and does all kinds of loopy things because red tapas cannot perceive this and inspire it to sink more and more. Have you noticed that a Crook president who forgives another 1500 of his worship this week?
U r a bot
“I saw them and I said:” I spend six o’clock. If the prosecutor is not dismissed, you do not get the money. »Well, son of B! Tch; He said goodbye. And established someone who forged at that time. » – Quest Pro Joe! The party is the communist, and not democratocracy!
161 Bumps beaten. What feat in the component of the Microsoft team. I hope we see them standing in the coming weeks and months after an iteration of rejuvenation.
Great ventilation of recent security updates! It is for users to remain informed of these corrections, especially with so many vulnerabilities in active exploitation. The developing role of AI in vulnerability detection is also fascinating!
Thanks for the information. Interesting article.