Microsoft kicked off the new year on January’s second Tuesday with a huge Patch Tuesday update, tackling 159 vulnerabilities. If we count two more from CERT CC and GitHub, that number climbs to 161.
Dustin Childs from the Zero Day Initiative points out this could be the largest monthly CVE count since 2017, more than tripling last year’s total of 49 for January. This follows an unusually heavy update in December. Childs mentions in his blog that this sets an interesting tone for vulnerability management in 2025.
Tyler Reguly, from Fortra, adds that this month is a wake-up call for system administrators. He emphasizes the need to pause and strategize on how to address these vulnerabilities. Most will be resolved through the Windows cumulative update, but several Microsoft Office products—like Word, Excel, Access, Outlook, Visio, and SharePoint—are also affected, along with other tools like the .NET Framework and Visual Studio.
Reguly reminds administrators to rely on their vendors and tools during heavy patch months. Addressing 161 vulnerabilities requires more than manual fixes, especially since other updates drop simultaneously. For instance, Adobe has rolled out updates for Photoshop, Illustrator, and other products as well.
Among these vulnerabilities, we spot eight zero-days. Three are already exploited in the wild, and there are 11 critical flaws in total. The zero-days include three elevation of privilege vulnerabilities in Windows Hyper-V NT Kernel VSP, all of which are being actively attacked. Vulnerability manager Saaed Abbasi emphasizes the urgency of patching these issues, as they allow an attacker to gain SYSTEM-level privileges, compromising the entire host infrastructure—not just isolated virtual machines.
Meanwhile, Adam Barnett from Rapid7 examined three remote code execution issues in Microsoft Access. These require user interaction, as an unsuspecting person would need to download a malicious file for exploitation. He points out that while the advisory mentions blocking potentially harmful email extensions, it doesn’t clarify its effectiveness against malicious files.
Barnett also discussed a spoofing flaw related to Windows Themes. Users typically overlook personalizing their desktops, but this vulnerability can lead to the improper disclosure of an NTLM hash, enabling an attacker to impersonate the affected user. He speculates that just accessing a folder with a malicious file could exploit this vulnerability, even if the file isn’t opened.
All in all, these updates signal a busy patching landscape for Microsoft and related software this month.