VERT Threat Alert: January 2025 Patch Tuesday Analysis

Posted on January 14, 2025
Tripwire VERT Security Update

Today’s VERT Alert addresses Microsoft’s January 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1139 as soon as coverage is completed.

In-The-Wild & Disclosed CVEs

CVE-2025-21333

The first of three Hyper-V vulnerabilities this month is a heap-based buffer overflow that leads to privilege escalation to SYSTEM. Microsoft has reported this vulnerability as Exploitation Detected.

CVE-2025-21334

The second of three Hyper-V vulnerabilities this month is a use-after-free vulnerability that leads to privilege escalation to SYSTEM. Microsoft has reported this vulnerability as Exploitation Detected.

CVE-2025-21335

The final Hyper-V vulnerability this month is another use-after-free vulnerability that leads to privilege escalation to SYSTEM. Microsoft has reported this vulnerability as Exploitation Detected.

CVE-2025-21366

A vulnerability in Microsoft Access is resolved by this update. Specifically, Microsoft’s update blocks the following potentially malicious extensions from being sent in an email. Email recipients will get a notification that the attachment cannot be accessed. The included extensions are:

  • accdb
  • accde
  • accdw
  • accdt
  • accda
  • accdr
  • accdu

Microsoft has reported this vulnerability as Exploitation Less Likely.

CVE-2025-21395

A vulnerability in Microsoft Access is resolved by this update. Specifically, Microsoft’s update blocks the following potentially malicious extensions from being sent in an email. Email recipients will get a notification that the attachment cannot be accessed. The included extensions are:

  • accdb
  • accde
  • accdw
  • accdt
  • accda
  • accdr
  • accdu

Microsoft has reported this vulnerability as Exploitation Less Likely.

CVE-2025-21186

A vulnerability in Microsoft Access is resolved by this update. Specifically, Microsoft’s update blocks the following potentially malicious extensions from being sent in an email. Email recipients will get a notification that the attachment cannot be accessed. The included extensions are:

  • accdb
  • accde
  • accdw
  • accdt
  • accda
  • accdr
  • accdu

Microsoft has reported this vulnerability as Exploitation Less Likely.

CVE-2025-21275

An improper authorization vulnerability in the Windows App Package Installer allows a successful attacker to obtain SYSTEM privileges. Microsoft has reported this vulnerability as Exploitation Less Likely.

CVE-2025-21308

A spoofing vulnerability in Windows Themes could expose sensitive information to an attacker. Systems must have NTLM enabled in order to be impacted by this vulnerability, which requires that a user load a malicious file onto their system. Additionally, Microsoft has recommended enabling the Group Policy setting Restrict NTLM: Outgoing NTLM traffic to remote servers to mitigate the risk of this vulnerability leaking NTLM hashes outside your organization. Microsoft has reported this vulnerability as Exploitation Less Likely.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be highlighted.

 

TagCVE CountCVEs
Visual Studio3CVE-2024-50338, CVE-2025-21178, CVE-2025-21405
Windows Telephony Service28CVE-2025-21411, CVE-2025-21413, CVE-2025-21233, CVE-2025-21236, CVE-2025-21237, CVE-2025-21239, CVE-2025-21241, CVE-2025-21243, CVE-2025-21244, CVE-2025-21248, CVE-2025-21252, CVE-2025-21266, CVE-2025-21282, CVE-2025-21302, CVE-2025-21303, CVE-2025-21306, CVE-2025-21273, CVE-2025-21286, CVE-2025-21305, CVE-2025-21339, CVE-2025-21246, CVE-2025-21417, CVE-2025-21250, CVE-2025-21240, CVE-2025-21238, CVE-2025-21223, CVE-2025-21409, CVE-2025-21245
.NET2CVE-2025-21171, CVE-2025-21173
Windows Virtual Trusted Platform Module3CVE-2025-21210, CVE-2025-21280, CVE-2025-21284
Windows BitLocker2CVE-2025-21214, CVE-2025-21213
Windows Boot Manager1CVE-2025-21215
Windows PrintWorkflowUserSvc2CVE-2025-21234, CVE-2025-21235
Windows Kerberos3CVE-2025-21242, CVE-2025-21299, CVE-2025-21218
Windows Digital Media17CVE-2025-21249, CVE-2025-21255, CVE-2025-21258, CVE-2025-21260, CVE-2025-21263, CVE-2025-21265, CVE-2025-21327, CVE-2025-21341, CVE-2025-21226, CVE-2025-21227, CVE-2025-21228, CVE-2025-21229, CVE-2025-21232, CVE-2025-21256, CVE-2025-21261, CVE-2025-21310, CVE-2025-21324
Windows Message Queuing8CVE-2025-21251, CVE-2025-21270, CVE-2025-21277, CVE-2025-21285, CVE-2025-21289, CVE-2025-21290, CVE-2025-21220, CVE-2025-21230
Windows WLAN Auto Config Service1CVE-2025-21257
Windows MapUrlToZone8CVE-2025-21268, CVE-2025-21269, CVE-2025-21219, CVE-2025-21329, CVE-2025-21328, CVE-2025-21189, CVE-2025-21276, CVE-2025-21332
Windows Cloud Files Mini Filter Driver1CVE-2025-21271
Windows COM3CVE-2025-21272, CVE-2025-21281, CVE-2025-21288
Windows Direct Show1CVE-2025-21291
Active Directory Domain Services1CVE-2025-21293
Microsoft Digest Authentication1CVE-2025-21294
Windows SPNEGO Extended Negotiation1CVE-2025-21295
BranchCache1CVE-2025-21296
Windows Remote Desktop Services5CVE-2025-21297, CVE-2025-21309, CVE-2025-21278, CVE-2025-21330, CVE-2025-21225
Windows OLE1CVE-2025-21298
Windows Geolocation Service1CVE-2025-21301
Windows DWM Core Library1CVE-2025-21304
Windows SmartScreen1CVE-2025-21314
Microsoft Brokering File System2CVE-2025-21315, CVE-2025-21372
Windows Kernel Memory7CVE-2025-21316, CVE-2025-21318, CVE-2025-21319, CVE-2025-21320, CVE-2025-21321, CVE-2025-21317, CVE-2025-21323
.NET, .NET Framework, Visual Studio1CVE-2025-21176
Microsoft Office SharePoint3CVE-2025-21344, CVE-2025-21348, CVE-2025-21393
Microsoft Office Visio2CVE-2025-21345, CVE-2025-21356
Microsoft Office2CVE-2025-21346, CVE-2025-21365
Microsoft Office Excel3CVE-2025-21354, CVE-2025-21362, CVE-2025-21364
Microsoft Office Outlook1CVE-2025-21357
Microsoft Office Word1CVE-2025-21363
Microsoft Office Access3CVE-2025-21366, CVE-2025-21395, CVE-2025-21186
Microsoft Graphics Component1CVE-2025-21382
Windows Secure Boot1CVE-2024-7344
Windows UPnP Device Host2CVE-2025-21389, CVE-2025-21300
Microsoft Azure Gateway Manager1CVE-2025-21403
Windows NTLM2CVE-2025-21217, CVE-2025-21311
Windows Hyper-V NT Kernel Integration VSP3CVE-2025-21335, CVE-2025-21333, CVE-2025-21334
Active Directory Federation Services1CVE-2025-21193
Windows Connected Devices Platform Service1CVE-2025-21207
Windows Recovery Environment Agent1CVE-2025-21202
Power Automate1CVE-2025-21187
Windows Boot Loader1CVE-2025-21211
Line Printer Daemon Service (LPD)1CVE-2025-21224
IP Helper1CVE-2025-21231
Windows Event Tracing1CVE-2025-21274
Windows Installer3CVE-2025-21275, CVE-2025-21287, CVE-2025-21331
Microsoft Windows Search Component1CVE-2025-21292
Reliable Multicast Transport Driver (RMCAST)1CVE-2025-21307
Windows Themes1CVE-2025-21308
Windows Smart Card1CVE-2025-21312
.NET and Visual Studio1CVE-2025-21172
Windows Cryptographic Services1CVE-2025-21336
Windows Win32K - GRFX1CVE-2025-21338
Windows Hello1CVE-2025-21340
Windows Web Threat Defense User Service1CVE-2025-21343
Microsoft AutoUpdate (MAU)1CVE-2025-21360
Microsoft Office Outlook for Mac1CVE-2025-21361
Windows Virtualization-Based Security (VBS) Enclave1CVE-2025-21370
Windows Client-Side Caching (CSC) Service2CVE-2025-21374, CVE-2025-21378
Microsoft Office OneNote1CVE-2025-21402
Azure Marketplace SaaS Resources1CVE-2025-21380
Microsoft Purview1CVE-2025-21385
Windows Security Account Manager1CVE-2025-21313
Internet Explorer1CVE-2025-21326

 

Other Information

At the time of publication, there were no new advisories included with the January Security Guidance. 

Meet Fortra™ Your Cybersecurity Ally™

Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.

LEARN MORE
Related Products
Tripwire IP360
Related Solutions
Vulnerability & Risk Management VERT Research