Microsoft’s newest batch security patches Includes an expanded blacklist for some susceptible Windows kernel drivers and fixes for a number of elevation-of-privilege vulnerabilities. The January 2025 safety replace mounted 159 vulnerabilities.
You want to use safety patches to maintain your software program updated. However, early patch releases could also be unreliable and must be approached with warning and deployed to check environments first.
1
Pipedrive CRM
Employees by firm measurement
Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Corporate (5,000+)
Any firm measurement
Any firm measurement
Characteristics
24/7 buyer assist, analytics/studies, API and extra
2
Crank
Employees by firm measurement
Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Corporate (5,000+)
Any firm measurement
Any firm measurement
Characteristics
Analytics/reporting, API, dashboards and extra
Microsoft updates the blacklist of susceptible drivers
The January 2025 safety replace for Windows 11, model 24H2 expands the listing of susceptible drivers that may very well be utilized in Bring Your Own Vulnerable Driver assaults. BYOVD Vulnerabilities in kernel drivers may permit risk actors to introduce malware into the kernel.
“The Vulnerable Driver Blocklist is designed to assist harden programs towards non-Microsoft-developed drivers within the Windows ecosystem,” in accordance with Microsoft recommended driver blocking rules.
Fixed vulnerability in Windows Hyper-V NT kernel integration VSP situation
Microsoft has launched patches for 3 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege vulnerabilities which have already been exploited: CVE-2025-21333, CVE-2025-21334AND CVE-2025-21335. Successfully exploiting any of them may have granted an attacker SYSTEM privileges.
SEE: Employees bypassing safety ideas stays a significant concern for firms.
Some vulnerabilities rating excessive within the CVSS severity rating
Other important CVEs on this replace embody a remote code execution vulnerability in Object Linking and Embedding, a expertise that permits linking in Microsoft Outlook. This vulnerability has a severity ranking of 9.8 however has not been exploited within the wild.
Likewise, a vulnerability to elevation of privilege within the NTLMv1 protocol it has a rating of 9.8 however has not been exploited publicly. The third danger, with a rating of 9.8, patched in January, is a remote code execution vulnerability within the Windows dependable multicast transport driver.
Citrix elements could intervene with the set up of the January safety replace
Users with Citrix elements on their computer systems could not be capable of set up the January 2025 Windows Security Update, Microsoft he underlined. Microsoft and Citrix are engaged on an answer and Citrix has offered a workaround.
Automatic downloads or patches out there for different vulnerabilities
Microsoft is conscious of another points with the newest construct of Windows 11. OpenSSH (Open Secure Shell) could not open for customers who’ve put in the October 2024 safety replace. Microsoft has launched a adjust. Meanwhile, Arm customers can solely entry the Roblox online game instantly for now, relatively than through the Microsoft Store on Windows.
On January 7, Microsoft launched an replace for PowerPoint 2016. The group mounted a problem the place OLE may load and instantiate robotically in PowerPoint. Users with Microsoft Update will obtain the patch robotically or could also be downloaded manually.
Microsoft highlighted a patch exterior its ecosystem in January: CVE-2024-50338, an data disclosure vulnerability in Git for Microsoft Visual Studio, has been mounted. The vulnerability may expose secrets and techniques or privileged data belonging to Visual Studio customers.
