Hoplon InfoSec
15 Jan, 2025
Microsoft started 2025 with a significant rollout of security patches to address vulnerabilities across its software portfolio. This month’s update includes fixes for 161 security vulnerabilities and three zero-day flaws actively exploited in attacks. This article provides an in-depth look at the updates, implications, and steps for safeguarding systems.
The updates address vulnerabilities in various Microsoft products, with 11 flaws rated as Critical and 149 as Important. Additionally, one vulnerability (CVE-2024-7344) related to a Windows Secure Boot bypass was addressed but not assigned a severity rating.
The Zero Day Initiative (ZDI) highlighted this patch as marking the most vulnerabilities addressed in a month since at least 2017.
Among the prominent updates are three zero-day vulnerabilities in Windows Hyper-V NT Kernel Integration VSP:
Each has a CVSS score of 7.8, posing a significant risk, as attackers can use them to gain SYSTEM privileges.
These privilege escalation vulnerabilities are likely part of post-compromise activities, meaning attackers have already gained initial access to the target systems. Satnam Narang, a senior research engineer at Tenable, emphasized their role in expanding control after an initial breach.
Adam Barnett of Rapid7 explained that these vulnerabilities exist within the Virtualization Service Provider (VSP), a component responsible for synthetic device support in Hyper-V instances. Since the VSP operates as a security boundary, its exploitation underscores the need for heightened security measures in virtualized environments.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to apply patches by February 4, 2025.
Five additional vulnerabilities have been flagged as publicly known before this release:
Five Critical vulnerabilities were addressed, including:
CVE-2025-21298: Exploitation involves sending a specially crafted email to the victim. When Outlook opens or previews the email, attackers can execute remote code on the victim’s system.
CVE-2025-21295: This vulnerability enables unauthenticated attackers to execute malicious code remotely, potentially compromising enterprise infrastructure. Despite its high attack complexity, its severity lies in its ability to bypass core security layers without user interaction.
CVE-2025-21294 involves exploiting a race condition during the Microsoft Digest authentication process. Attackers can trigger a use-after-free scenario, allowing them to execute arbitrary code.
CVE-2025-21210 (CVSS score: 4.2) affects Windows BitLocker and could allow attackers to recover plaintext hibernation images if they gain physical access to a victim’s hard disk.
Kev Breen, a senior director at Immersive Labs, highlighted the potential impact: “RAM often contains sensitive data, such as credentials or personally identifiable information (PII), which can be extracted using free tools from hibernation files.”
To mitigate risks from these vulnerabilities, users and organizations should:
This patch release highlights the increasing complexity of cybersecurity threats. It underscores the importance of adopting proactive strategies to manage vulnerabilities effectively. While many addressed flaws reflect Microsoft’s commitment to security, it also reveals the persistent challenges in maintaining secure software environments.
To safeguard against emerging threats, organizations must stay vigilant, prioritize critical updates, and foster a culture of cybersecurity awareness.
For more:
https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html
Share this :