Summary: Microsoft’s January update addresses a record 159 vulnerabilities, including eight zero-day bugs, with three actively exploited privilege escalation vulnerabilities requiring immediate attention. This update marks Microsoft’s largest ever and highlights the role of AI in identifying vulnerabilities.
Threat Actor: Unknown | unknown
Victim: Microsoft Technologies | Microsoft Technologies
Key Point :
- January update includes patches for 159 vulnerabilities, with 10 rated as critical.
- Three actively exploited vulnerabilities (CVE-2025-21335, CVE-2025-21333, CVE-2025-21334) require immediate patching.
- Five zero-days disclosed but not yet exploited, including three enabling remote code execution.
- Additional critical vulnerabilities (CVE-2025-21311, CVE-2025-21307, CVE-2025-21298) pose significant security risks.
- AI was credited for discovering some of the vulnerabilities in this update.
Source: https://www.darkreading.com/application-security/microsoft-january-2025-record-security-update