Microsoft Rings in 2025 With Record Security UpdateMicrosoft Rings in 2025 With Record Security Update

The company has issued patches for an unprecedented 159 CVEs, including bugs in Azure and Windows Hyper-V.

Dark Reading, Jai Vijayan

January 15, 2025

1 Min Read
Image: Bloomberg

Microsoft’s January update contains patches for a record 159 vulnerabilities, including eight zero-day bugs, three of which attackers are already actively exploiting.

The update is Microsoft's largest ever and is notable also for including three bugs that the company said were discovered by an artificial intelligence (AI) platform.  

Microsoft assessed 10 of the vulnerabilities disclosed this week as being of critical severity and the remaining ones as important bugs to fix. As always, the patches address vulnerabilities in a wide range of Microsoft technologies, including Windows OS, Microsoft Office, .NET, Azure, Kerberos, and Windows Hyper-V.

They include more than 20 remote code execution (RCE) vulnerabilities, nearly the same number of elevation-of-privilege bugs, and an assortment of other denial-of-service flaws, security bypass issues, and spoofing and information disclosure vulnerabilities.

Three Vulnerabilities to Patch Immediately

Multiple security researchers pointed to the three actively exploited bugs in this month's update as the vulnerabilities that need immediate attention. The vulnerabilities, identified as CVE-2025-21335CVE-2025-21333, and CVE-2025-21334, are all privilege escalation issues in a component of the Windows Hyper-V’s NT Kernel.

Related:A History of Microsoft Azure Outages

Attackers can exploit the bug relatively easily and with minimal permissions to gain system-level privileges on affected systems.

Keep reading this article in Dark Reading, a Data Center Knowledge partner site

Read more about:

Dark Reading

About the Authors

Dark Reading

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to Data Center Knowledge, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

See more from Dark Reading
Jai Vijayan

Jai Vijayan

Contributing writer, Dark Reading

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a senior editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics including big data, Hadoop, Internet of Things, e-voting and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a master's degree in statistics and lives in Naperville, Illinois.

See more from Jai Vijayan
Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

Bare-Metal-as-a-Service: A niche in the IaaS market facing new challenges as Equinix plans to sunset its Metal platform
Servers
What’s Next for Bare-Metal-as-a-Service After Equinix Metal’s Closure?
What’s Next for Bare-Metal-as-a-Service After Equinix Metal’s Closure?

Jan 14, 2025

7 GW of new data center projects worldwide are projected to reach completion in 2025
Data Center Construction
Data Center Construction Boom: 10 GW of New Capacity Set for 2025
Data Center Construction Boom: 10 GW of New Capacity Set for 2025

Jan 13, 2025

Data center zoning regulations illustration
Regulations
Land Barriers: How Zoning Regulations Could Stall Data Center Industry Expansion
Land Barriers: How Zoning Regulations Could Stall Data Center Industry Expansion

Jan 10, 2025

Exclusive DCK Resources
See all DCK Resources

Industry Voices

Investing
Chicago Construction Billionaire Deepens Bet on Data Centers
Chicago Construction Billionaire Deepens Bet on Data Centers

Jan 15, 2025

data center events 2025 image
Data Center Construction
Data Center Events 2025: Previewing the Biggest Data Center Conferences of the Year
Data Center Events 2025: Previewing the Biggest Data Center Conferences of the Year

Jan 15, 2025

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.
Newsletter Sign-Up

Featured Technical Explainers

AI chip
Cloud
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
Data center server configuration command lines on a computer monitor.
Open Source Software
Optimize Text Search: Master the grep Command in Linux
Optimize Text Search: Master the grep Command in Linux
Data center ETF stock chart illustration
Investing
Data Center ETFs: An Introductory Guide to Boosting Your Portfolio
Data Center ETFs: An Introductory Guide to Boosting Your Portfolio