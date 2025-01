Microsoft on Tuesday released 159 patches touching 13 product families. Nine of the addressed issues are considered by Microsoft to be of Critical severity, and 43 have a CVSS base score of 8.0 or higher. Three are under active exploit in the wild. One can best be mitigated by “configur[ing] Microsoft Outlook to read all standard mail in plain text.”

The unprecedented patch haul falls mainly to Windows, with 132 patches applicable to the operating system. (132 patches would itself quality as the third-largest release since 2020.) Within that group, a number of themes emerge – 28 remote-code-execution patches affecting Windows Telephony Services, for instance, or the 17 elevation-of-privilege issues addressed in Windows Digital Media. Eight of the Windows patches are critical-severity, including the OLE-involved Outlook bug noted above. (We’ll look more closely at that situation in a minute.)

At patch time, three important-severity EoP issues, all titled “Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability,” are known to be under exploit in the wild, with 17 additional CVEs more likely to be exploited in the next 30 days by the company’s estimation. Two of this month’s issues are amenable to detection by Sophos protections, and we include information on those in a table below.

In addition to these patches, the release includes advisory information on Servicing Stack Updates, as well as information on the month’s single Edge patch (there is also an Internet Explorer patch, as we’ll discuss below) and two issues covered in the release but already mitigated by Microsoft. We are as always including at the end of this post additional appendices listing all Microsoft’s patches, sorted by severity, by predicted exploitability, and by product family; an appendix covering the advisory-style updates; and a breakout of the 130 patches affecting the various Windows Server platforms still in support.

Total CVEs: 159

Publicly disclosed: 3

Exploit detected: 3

Severity Critical: 9 Important: 150

Impact Remote Code Execution: 58 Elevation of Privilege: 40 Information Disclosure: 22 Denial of Service: 20 Security Feature Bypass: 14 Spoofing: 5

CVSS base score 9.0 or greater: 3

CVSS base score 8.0 or greater: 40

Figure 1: Though RCE continues to rule the roost, a variety of impacts are represented in the first patch haul of the year

Products

Windows: 132

365: 13

Office: 13

Visual Studio: 7

.NET: 4

Access: 3

SharePoint: 3

Office for Mac: 2

AutoUpdate for Mac: 1

Excel: 1

Outlook: 1

On-Premises Data Gateway: 1

Power Automate: 1

As is our custom for this list, CVEs that apply to more than one product family are counted once for each family they affect.

Figure 2: All but two of January’s Windows patches apply to the server-side OS. As for the rest, Office for Mac gets a single patch all to iteself and shares one with other versions of Office

Notable January updates

In addition to the issues discussed above, a number of specific items merit attention.

CVE-2025-21298 — Windows OLE Remote Code Execution Vulnerability

With a CVSS base score of 9.8, this critical-severity issue is already attention-getting, but it’s even more exciting than that. This is an RTF (Rich Text Format) issue, so though it must be corrected in Windows it applies to various products, in particular email. Since the flaw can be triggered in Preview Pane, an attacker deploying this vulnerability would have to do nothing more than send a malicious email to the target; even if the user doesn’t click on anything, simply viewing it is sufficient to set off RCE. Fortunately it’s not yet believed to be under active exploit in the wild – the finders worked with The Zero-Day Initiative to bring it to Microsoft’s attention – but it’s reasonable to assume the clock is ticking. As noted above, the company does indeed recommend that users stick with reading their email in plaintext, and gives the instructions for configuring individual machines to do so in Outlook. Users of other email programs will wish to take note and act accordingly.

CVE-2025-21311 — Windows NTLM V1 Elevation of Privilege Vulnerability

Another 9.8 on CVSS’s scale, this one applies to Microsoft’s most recent offerings (Windows 11 24H2, Server 2022 23H2, Server 2025) and is relatively easy to mitigate by setting LmCompatibilityLevel to its maximum value of 5, thus disallowing usage of the MTLMv1 protocol. That’s good, because the vulnerability is remotely exploitable, requires no particular knowledge of the target system, and has a high success rate.

CVE-2025-21366, CVE-2025-21395, CVE-2025-21186 – all Microsoft Access Remote Code Execution Vulnerability

Continuing this month’s theme of “changes to email functionality that’ll make end users cranky,” the patches for these CVEs all block seven potentially malicious extensions (.accda, .accdb, .accde, .accdr, accdt, .accdu, .accdw) from being sent via email. Microsoft states that the recipient will get a notification that there was an attachment but that it cannot be accessed. All three issues are RCE aimed at RDP, and all three are already publicly known.

CVE-2025-21280, CVE-2025-21284, CVE-2025-21299, CVE-2025-21321, CVE-2025-21331, CVE-2025-21336, CVE-2025-21340, CVE-2025-21370 – various titles

Eight of this month’s patches involve Virtual Secure Mode components, which means that administrators need to follow Microsoft’s guidance for updating virtualization-based security (VBS) issues.

CVE-2025-21343 — Windows Web Threat Defense User Service Information Disclosure Vulnerability

An Important-severity information-disclosure issue, this oddity can, if exploited, allow the attacker to capture screenshots of another user’s session. It’s likewise rather specific in scope, affecting only Windows 11 22H2, 23H2, and 24H2. It was submitted to Microsoft by an uncommon finder, the Australian Signals Directorate.

CVE-2025-21326 — Internet Explorer Remote Code Execution Vulnerability

Seems like old times with a name like that, but this important-severity RCE affects not the browser of yore but Windows Server 2022 23H2 and Windows Server 2025.

Figure 3: This spike at the right edge? There we are

Sophos protections

CVE Sophos Intercept X/Endpoint IPS Sophos XGS Firewall CVE-2025-21299 Exp/2521299-A Exp/2521299-A CVE-2025-21362 sid:2310479 sid:2310479

As you can every month, if you don’t want to wait for your system to pull down Microsoft’s updates itself, you can download them manually from the Windows Update Catalog website. Run the winver.exe tool to determine which build of Windows 10 or 11 you’re running, then download the Cumulative Update package for your specific system’s architecture and build number.

Appendix A: Vulnerability Impact and Severity

This is a list of January patches sorted by impact, then sub-sorted by severity. Each list is further arranged by CVE.

Remote Code Execution (58 CVEs)

Critical severity CVE-2025-21178 Visual Studio Remote Code Execution Vulnerability CVE-2025-21294 Microsoft Digest Authentication Remote Code Execution Vulnerability CVE-2025-21295 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability CVE-2025-21296 BranchCache Remote Code Execution Vulnerability CVE-2025-21297 Windows Remote Desktop Services Remote Code Execution Vulnerability CVE-2025-21298 Windows OLE Remote Code Execution Vulnerability CVE-2025-21307 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability CVE-2025-21309 Windows Remote Desktop Services Remote Code Execution Vulnerability Important severity CVE-2025-21171 .NET Remote Code Execution Vulnerability CVE-2025-21172 .NET and Visual Studio Remote Code Execution Vulnerability CVE-2025-21176 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability CVE-2025-21186 Microsoft Access Remote Code Execution Vulnerability CVE-2025-21187 Microsoft Power Automate Remote Code Execution Vulnerability CVE-2025-21223 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21224 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability CVE-2025-21233 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21236 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21237 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21238 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21239 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21240 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21241 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21243 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21244 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21245 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21246 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21248 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21250 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21252 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21266 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21273 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21282 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21286 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21291 Windows Direct Show Remote Code Execution Vulnerability CVE-2025-21302 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21303 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21305 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21306 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21326 Internet Explorer Remote Code Execution Vulnerability CVE-2025-21338 GDI+ Remote Code Execution Vulnerability CVE-2025-21339 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21344 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-21345 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-21348 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-21354 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-21356 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-21357 Microsoft Outlook Remote Code Execution Vulnerability CVE-2025-21361 Microsoft Outlook Remote Code Execution Vulnerability CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-21363 Microsoft Word Remote Code Execution Vulnerability CVE-2025-21365 Microsoft Office Remote Code Execution Vulnerability CVE-2025-21366 Microsoft Access Remote Code Execution Vulnerability CVE-2025-21395 Microsoft Access Remote Code Execution Vulnerability CVE-2025-21402 Microsoft Office OneNote Remote Code Execution Vulnerability CVE-2025-21409 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21411 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21413 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21417 Windows Telephony Service Remote Code Execution Vulnerability

Elevation of Privilege (40 CVEs)

Critical severity CVE-2025-21311 Windows NTLM V1 Elevation of Privilege Vulnerability Important severity CVE-2025-21173 .NET Elevation of Privilege Vulnerability CVE-2025-21202 Windows Recovery Environment Agent Elevation of Privilege Vulnerability CVE-2025-21226 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21227 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21228 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21229 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21232 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21234 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-21235 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-21249 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21255 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21256 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21258 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21260 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21261 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21263 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21265 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21271 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2025-21275 Windows App Package Installer Elevation of Privilege Vulnerability CVE-2025-21281 Microsoft COM for Windows Elevation of Privilege Vulnerability CVE-2025-21287 Windows Installer Elevation of Privilege Vulnerability CVE-2025-21292 Windows Search Service Elevation of Privilege Vulnerability CVE-2025-21293 Active Directory Domain Services Elevation of Privilege Vulnerability CVE-2025-21304 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2025-21310 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21315 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-21324 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21327 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21331 Windows Installer Elevation of Privilege Vulnerability CVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability CVE-2025-21334 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability CVE-2025-21335 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability CVE-2025-21341 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21360 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability CVE-2025-21370 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability CVE-2025-21372 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-21378 Windows CSC Service Elevation of Privilege Vulnerability CVE-2025-21382 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2025-21405 Visual Studio Elevation of Privilege Vulnerability

Information Disclosure (22 CVEs)

Important severity CVE-2024-50338 GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager CVE-2025-21210 Windows BitLocker Information Disclosure Vulnerability CVE-2025-21214 Windows BitLocker Information Disclosure Vulnerability CVE-2025-21215 Secure Boot Security Feature Bypass Vulnerability CVE-2025-21220 Microsoft Message Queuing Information Disclosure Vulnerability CVE-2025-21242 Windows Kerberos Information Disclosure Vulnerability CVE-2025-21257 Windows WLAN AutoConfig Service Information Disclosure Vulnerability CVE-2025-21272 Windows COM Server Information Disclosure Vulnerability CVE-2025-21288 Windows COM Server Information Disclosure Vulnerability CVE-2025-21301 Windows Geolocation Service Information Disclosure Vulnerability CVE-2025-21312 Windows Smart Card Reader Information Disclosure Vulnerability CVE-2025-21316 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-21317 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-21318 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-21319 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-21320 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-21321 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-21323 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-21336 Windows Cryptographic Information Disclosure Vulnerability CVE-2025-21343 Windows Web Threat Defense User Service Information Disclosure Vulnerability CVE-2025-21374 Windows CSC Service Information Disclosure Vulnerability CVE-2025-21403 On-Premises Data Gateway Information Disclosure Vulnerability

Denial of Service (20 CVEs)

Important severity CVE-2025-21207 Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability CVE-2025-21218 Windows Kerberos Denial of Service Vulnerability CVE-2025-21225 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability CVE-2025-21230 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21231 IP Helper Denial of Service Vulnerability CVE-2025-21251 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21270 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21274 Windows Event Tracing Denial of Service Vulnerability CVE-2025-21276 Windows MapUrlToZone Denial of Service Vulnerability CVE-2025-21277 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21278 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability CVE-2025-21280 Windows Virtual Trusted Platform Module Denial of Service Vulnerability CVE-2025-21284 Windows Virtual Trusted Platform Module Denial of Service Vulnerability CVE-2025-21285 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21289 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21290 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21300 Windows upnphost.dll Denial of Service Vulnerability CVE-2025-21313 Windows Security Account Manager (SAM) Denial of Service Vulnerability CVE-2025-21330 Windows Remote Desktop Services Denial of Service Vulnerability CVE-2025-21389 Windows upnphost.dll Denial of Service Vulnerability

Security Feature Bypass (14 CVEs)

Important severity CVE-2024-7344 Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass CVE-2025-21189 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21211 Secure Boot Security Feature Bypass Vulnerability CVE-2025-21213 Secure Boot Security Feature Bypass Vulnerability CVE-2025-21219 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21268 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21269 Windows HTML Platforms Security Feature Bypass Vulnerability CVE-2025-21299 Windows Kerberos Security Feature Bypass Vulnerability CVE-2025-21328 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21329 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21332 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21340 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability CVE-2025-21346 Microsoft Office Security Feature Bypass Vulnerability CVE-2025-21364 Microsoft Excel Security Feature Bypass Vulnerability

Spoofing (5 CVEs)

Important severity CVE-2025-21193 Active Directory Federation Server Spoofing Vulnerability CVE-2025-21217 Windows Mark of the Web Spoofing Vulnerability CVE-2025-21308 Windows Themes Spoofing Vulnerability CVE-2025-21314 Windows SmartScreen Spoofing Vulnerability CVE-2025-21393 Microsoft SharePoint Server Spoofing Vulnerability

Appendix B: Exploitability

This is a list of the January CVEs judged by Microsoft to be either under exploitation in the wild or more likely to be exploited in the wild within the first 30 days post-release. The list is arranged by CVE.

Exploitation detected CVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability CVE-2025-21334 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability CVE-2025-21335 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability Exploitation more likely within the next 30 days CVE-2025-21189 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21210 Windows BitLocker Information Disclosure Vulnerability CVE-2025-21219 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21268 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21269 Windows HTML Platforms Security Feature Bypass Vulnerability CVE-2025-21292 Windows Search Service Elevation of Privilege Vulnerability CVE-2025-21298 Windows OLE Remote Code Execution Vulnerability CVE-2025-21299 Windows Kerberos Security Feature Bypass Vulnerability CVE-2025-21309 Windows Remote Desktop Services Remote Code Execution Vulnerability CVE-2025-21314 Windows SmartScreen Spoofing Vulnerability CVE-2025-21315 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-21328 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21329 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21354 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-21364 Microsoft Excel Security Feature Bypass Vulnerability CVE-2025-21365 Microsoft Office Remote Code Execution Vulnerability

Appendix C: Products Affected

This is a list of January’s patches sorted by product family, then sub-sorted by severity. Each list is further arranged by CVE. Patches that are shared among multiple product families are listed multiple times, once for each product family. Issues affecting Windows Server are further sorted in Appendix E. Please note that Office for Mac has a standalone entry for CVE-2025-21361, which affects only that platform.

Windows (132 CVEs)

Critical severity CVE-2025-21294 Microsoft Digest Authentication Remote Code Execution Vulnerability CVE-2025-21295 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability CVE-2025-21296 BranchCache Remote Code Execution Vulnerability CVE-2025-21297 Windows Remote Desktop Services Remote Code Execution Vulnerability CVE-2025-21298 Windows OLE Remote Code Execution Vulnerability CVE-2025-21307 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability CVE-2025-21309 Windows Remote Desktop Services Remote Code Execution Vulnerability CVE-2025-21311 Windows NTLM V1 Elevation of Privilege Vulnerability Important severity CVE-2024-7344 Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass CVE-2025-21189 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21193 Active Directory Federation Server Spoofing Vulnerability CVE-2025-21202 Windows Recovery Environment Agent Elevation of Privilege Vulnerability CVE-2025-21207 Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability CVE-2025-21210 Windows BitLocker Information Disclosure Vulnerability CVE-2025-21211 Secure Boot Security Feature Bypass Vulnerability CVE-2025-21213 Secure Boot Security Feature Bypass Vulnerability CVE-2025-21214 Windows BitLocker Information Disclosure Vulnerability CVE-2025-21215 Secure Boot Security Feature Bypass Vulnerability CVE-2025-21217 Windows Mark of the Web Spoofing Vulnerability CVE-2025-21218 Windows Kerberos Denial of Service Vulnerability CVE-2025-21219 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21220 Microsoft Message Queuing Information Disclosure Vulnerability CVE-2025-21223 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21224 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability CVE-2025-21225 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability CVE-2025-21226 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21227 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21228 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21229 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21230 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21231 IP Helper Denial of Service Vulnerability CVE-2025-21232 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21233 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21234 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-21235 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-21236 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21237 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21238 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21239 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21240 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21241 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21242 Windows Kerberos Information Disclosure Vulnerability CVE-2025-21243 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21244 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21245 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21246 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21248 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21249 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21250 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21251 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21252 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21255 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21256 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21257 Windows WLAN AutoConfig Service Information Disclosure Vulnerability CVE-2025-21258 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21260 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21261 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21263 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21265 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21266 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21268 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21269 Windows HTML Platforms Security Feature Bypass Vulnerability CVE-2025-21270 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21271 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2025-21272 Windows COM Server Information Disclosure Vulnerability CVE-2025-21273 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21274 Windows Event Tracing Denial of Service Vulnerability CVE-2025-21275 Windows App Package Installer Elevation of Privilege Vulnerability CVE-2025-21276 Windows MapUrlToZone Denial of Service Vulnerability CVE-2025-21277 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21278 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability CVE-2025-21280 Windows Virtual Trusted Platform Module Denial of Service Vulnerability CVE-2025-21281 Microsoft COM for Windows Elevation of Privilege Vulnerability CVE-2025-21282 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21284 Windows Virtual Trusted Platform Module Denial of Service Vulnerability CVE-2025-21285 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21286 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21287 Windows Installer Elevation of Privilege Vulnerability CVE-2025-21288 Windows COM Server Information Disclosure Vulnerability CVE-2025-21289 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21290 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability CVE-2025-21291 Windows Direct Show Remote Code Execution Vulnerability CVE-2025-21292 Windows Search Service Elevation of Privilege Vulnerability CVE-2025-21293 Active Directory Domain Services Elevation of Privilege Vulnerability CVE-2025-21299 Windows Kerberos Security Feature Bypass Vulnerability CVE-2025-21300 Windows upnphost.dll Denial of Service Vulnerability CVE-2025-21301 Windows Geolocation Service Information Disclosure Vulnerability CVE-2025-21302 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21303 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21304 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2025-21305 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21306 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21308 Windows Themes Spoofing Vulnerability CVE-2025-21310 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21312 Windows Smart Card Reader Information Disclosure Vulnerability CVE-2025-21313 Windows Security Account Manager (SAM) Denial of Service Vulnerability CVE-2025-21314 Windows SmartScreen Spoofing Vulnerability CVE-2025-21315 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-21316 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-21317 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-21318 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-21319 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-21320 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-21321 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-21323 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-21324 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21326 Internet Explorer Remote Code Execution Vulnerability CVE-2025-21327 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21328 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21329 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21330 Windows Remote Desktop Services Denial of Service Vulnerability CVE-2025-21331 Windows Installer Elevation of Privilege Vulnerability CVE-2025-21332 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability CVE-2025-21334 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability CVE-2025-21335 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability CVE-2025-21336 Windows Cryptographic Information Disclosure Vulnerability CVE-2025-21338 GDI+ Remote Code Execution Vulnerability CVE-2025-21339 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21340 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability CVE-2025-21341 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-21343 Windows Web Threat Defense User Service Information Disclosure Vulnerability CVE-2025-21370 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability CVE-2025-21372 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-21374 Windows CSC Service Information Disclosure Vulnerability CVE-2025-21378 Windows CSC Service Elevation of Privilege Vulnerability CVE-2025-21382 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2025-21389 Windows upnphost.dll Denial of Service Vulnerability CVE-2025-21409 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21411 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21413 Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21417 Windows Telephony Service Remote Code Execution Vulnerability

365 (13 CVEs)

Important severity CVE-2025-21186 Microsoft Access Remote Code Execution Vulnerability CVE-2025-21345 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-21346 Microsoft Office Security Feature Bypass Vulnerability CVE-2025-21354 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-21356 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-21357 Microsoft Outlook Remote Code Execution Vulnerability CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-21363 Microsoft Word Remote Code Execution Vulnerability CVE-2025-21364 Microsoft Excel Security Feature Bypass Vulnerability CVE-2025-21365 Microsoft Office Remote Code Execution Vulnerability CVE-2025-21366 Microsoft Access Remote Code Execution Vulnerability CVE-2025-21395 Microsoft Access Remote Code Execution Vulnerability CVE-2025-21402 Microsoft Office OneNote Remote Code Execution Vulnerability

Office (13 CVEs)

Important severity CVE-2025-21186 Microsoft Access Remote Code Execution Vulnerability CVE-2025-21338 GDI+ Remote Code Execution Vulnerability CVE-2025-21366 Microsoft Access Remote Code Execution Vulnerability CVE-2025-21395 Microsoft Access Remote Code Execution Vulnerability CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-21345 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-21346 Microsoft Office Security Feature Bypass Vulnerability CVE-2025-21354 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-21356 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-21363 Microsoft Word Remote Code Execution Vulnerability CVE-2025-21364 Microsoft Excel Security Feature Bypass Vulnerability CVE-2025-21365 Microsoft Office Remote Code Execution Vulnerability CVE-2025-21357 Microsoft Outlook Remote Code Execution Vulnerability

Visual Studio (7 CVEs)

Critical severity CVE-2025-21178 Visual Studio Remote Code Execution Vulnerability Important severity CVE-2024-50338 GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager CVE-2025-21171 .NET Remote Code Execution Vulnerability CVE-2025-21172 .NET and Visual Studio Remote Code Execution Vulnerability CVE-2025-21173 .NET Elevation of Privilege Vulnerability CVE-2025-21176 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability CVE-2025-21405 Visual Studio Elevation of Privilege Vulnerability

.NET (4 CVEs)

Important severity CVE-2025-21171 .NET Remote Code Execution Vulnerability CVE-2025-21172 .NET and Visual Studio Remote Code Execution Vulnerability CVE-2025-21173 .NET Elevation of Privilege Vulnerability CVE-2025-21176 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Access (3 CVEs)

Important severity CVE-2025-21186 Microsoft Access Remote Code Execution Vulnerability CVE-2025-21366 Microsoft Access Remote Code Execution Vulnerability CVE-2025-21395 Microsoft Access Remote Code Execution Vulnerability

SharePoint (3 CVEs)

Important severity CVE-2025-21344 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-21348 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-21393 Microsoft SharePoint Server Spoofing Vulnerability

Office for Mac (2 CVEs)

Important severity CVE-2025-21338 Microsoft Outlook Remote Code Execution Vulnerability CVE-2025-21361 GDI+ Remote Code Execution Vulnerability

AutoUpdate for Mac (1 CVE)

Important severity CVE-2025-21360 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Excel (1 CVE)

Important severity CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability

Outlook (1 CVE)

Important severity CVE-2025-21357 Microsoft Outlook Remote Code Execution Vulnerability

On-Premises Data Gateway (1 CVE)

Important severity CVE-2025-21403 On-Premises Data Gateway Information Disclosure Vulnerability

Power Automate (1 CVE)

Important severity CVE-2025-21187 Microsoft Power Automate Remote Code Execution Vulnerability

Appendix D: Advisories and Other Products

This is a list of advisories and information on other relevant CVEs in the January release. The issues addressed in the three CVEs have already been mitigated by Microsoft, but were listed in the release in the interests of transparency.

Microsoft information:

CVE / identifier Product Title ADV990001 Latest Servicing Stack Updates CVE-2025-21185 Edge Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Elevation of Privilege N/A CVE-2025-21380 Marketplace SaaS Azure Marketplace SaaS Resources Information Disclosure Vulnerability Information Disclosure Critical CVE-2025-21385 Purview Microsoft Purview Information Disclosure Vulnerability Information Disclosure Critical

There are no Adobe advisories in this month’s release.

Appendix E: Affected Windows Server versions

This is a table of CVEs in the January release affecting nine Windows Server versions, 2008 through 2025. The table differentiates among major versions of the platform but doesn’t go into deeper detail (eg., Server Core). Critical-severity issues are marked in red; an “x” indicates that the CVE does not apply to that version. Administrators are encouraged to use this appendix as a starting point to ascertain their specific exposure, as each reader’s situation, especially as it concerns products out of mainstream support, will vary. For specific Knowledge Base numbers, please consult Microsoft.