Microsoft’s January replace accommodates patches for a report 159 vulnerabilities, together with eight zero-day bugs, three of which attackers are already actively exploiting.
The update is Microsoft’s largest ever and is notable additionally for together with three bugs that the corporate mentioned have been found by a man-made intelligence (AI) platform.
Microsoft assessed 10 of the vulnerabilities disclosed this week as being of vital severity and the remaining ones as essential bugs to repair. As all the time, the patches deal with vulnerabilities in a variety of Microsoft applied sciences, together with Home windows OS, Microsoft Workplace, .NET, Azure, Kerberos, and Home windows Hyper-V.
They embody greater than 20 distant code execution (RCE) vulnerabilities, almost the identical variety of elevation-of-privilege bugs, and an assortment of different denial-of-service flaws, safety bypass points, and spoofing and data disclosure vulnerabilities.
Three Vulnerabilities to Patch Instantly
A number of safety researchers pointed to the three actively exploited bugs on this month’s replace because the vulnerabilities that want rapid consideration. The vulnerabilities, recognized as CVE-2025-21335, CVE-2025-21333, and CVE-2025-21334, are all privilege escalation points in a element of the Home windows Hyper-V’s NT Kernel.
Attackers can exploit the bug comparatively simply and with minimal permissions to realize system-level privileges on affected techniques.
Keep reading this article in Dark Reading, a DCN partner site
