Microsoft January 2025 Patch Tuesday – Fix 8 Zero-days and 139 More Vulnerabilities with BigFix

With the last January 2025 Patch Tuesday release, Microsoft released security updates that address 159 new vulnerabilities. Out of these 159 flaws, 8 are classified as Zero-Day; over 90% of the CVEs are rated as Important (147 out of the total 159 vulnerabilities), while the remaining is classified as Critical.

Zero-Day Vulnerability Remediation

The January Patch Tuesday from Microsoft addressed eight critical zero-day vulnerabilities, that is public disclosed flaw or known to be exploited in the wild:

Hyper-V NT Kernel Integration VSP – Triple Zero Elevation of Privilege Vulnerabilities:

Microsoft addressed three Zero-Day vulnerabilities related to the Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335) that would allow a local authorized attacker to elevate privilege to SYSTEM. 

All these 3 vulnerabilities were included by CISA in the Known Exploited Vulnerability (KEV) catalog with a due date of 4th February 2025.

We published in BigFix 10 different fixlets that resolve these vulnerabilities installing the Cumulative Update on the different affected versions of Windows, both Windows Server (like Win Server 2022 and 2025) as well as Client (Windows 10 and 11) editions.

Microsoft Office Access – Triple Zero Remote Code Execution Vulnerabilities

Microsoft patched during January Patch Tuesday three similar Zero-Day vulnerabilities related to Office Access (CVE-2025-21186, CVE-2025-21366, CVE-2025-21395) that would grant an attacker arbitrary code execution privileges on the vulnerable system. Exploitation of this vulnerability requires interaction with a local user on the vulnerable device: the attacker in fact must convince the local user to download and execute a specially crafted file to attack the computer.

The patches provided by Microsoft will “block potentially malicious extensions from being sent in an email” to prevent that the malicious file can be received by a local user on the vulnerable computer.

CVE-2025-21308 – Windows theme spoofing vulnerability

CVE-2025-21308 is a spoofing vulnerability that is resolved by Microsoft in the January Patch Tuesday. It would grant an attacker arbitrary code execution privileges on the vulnerable system. However, successful exploitation of this flaw requires that the attacker delivers on the vulnerable device a malicious file and convince a local user on the vulnerable device to manipulate that file; the complexity of the exploitation explains the low CVSS score 6.5 that was assigned to this Zero-day vulnerability.

In the vulnerability advisory published for this flaw, Microsoft also provides mitigation techniques based on restricting NTLM traffic, either by disabling NTLM on the system or by applying the Group Policy to block NTLM hash.

In BigFix as part of the January Patch Tuesday publishing, we have published 21 fixlets to install cumulative updates on all the different affected versions of Windows.

The BigFix Patching Content for December Patch Tuesday

During the January 2025 Patch Tuesday, BigFix Patch team published a total of 75 distinct fixlets that remediate 147 (out of the 159) security vulnerabilities addressed by Microsoft this month. This content does not include Microsoft Office content that is published in a dedicated drop. It also does not  address most of the remaining CVEs resolved by Microsoft during this Patch Tuesday. The full list of fixlets for security updates released by Microsoft is available in the BigFix Forum.