Microsoft patches three worrying security flaws in its latest critical update, so update now
Posted by:
David Wilson
Microsoft has released the January 2025 Patch Tuesday cumulative update that addresses a total of 161 vulnerabilities in various products. This update includes fixes for three zero-day bugs that are actively being exploited in the wild. The three vulnerabilities, tracked as CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335, all have a high severity score of 7.8 and are found in Windows Hyper-V NT Kernel Integration VSP, potentially allowing attackers to gain SYSTEM privileges.
While details about the exploitation and impacted parties remain undisclosed for now, it is recommended that users apply the patch immediately to protect themselves. The Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, setting a deadline of February 4 for federal agencies to implement the patch. In addition to the three critical vulnerabilities, Microsoft addressed 11 other critical-severity bugs and 149 important ones in the update, making it the largest Patch Tuesday release since 2017.
Furthermore, Microsoft also released a separate patch to fix seven vulnerabilities in the Edge browser. Security experts highlight the importance of promptly applying these patches to prevent potential security breaches.
Recent Posts1
