REDLEGG BLOG

Patch Tuesday - January 2025

1/15/25 3:02 PM  |  by RedLegg Blog

*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.

VULNERABILITIES

Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability

CVSS Score: 7.8 (High)
Identifier: CVE-2025-21333
Exploit or POC: Yes, active exploitation has been observed in the wild. 
Update: CVE-2025-21333 – Microsoft Security Update Guide

Description: CVE-2025-21333 is a heap-based buffer overflow vulnerability in the Microsoft Windows Hyper-V NT Kernel Integration Virtual Service Provider (VSP). This flaw allows a local attacker to gain SYSTEM privileges, potentially leading to full system compromise. Active exploitation of this vulnerability has been reported.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Microsoft Security Update Guide. Immediate patching is recommended to prevent potential exploitation.


Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

CVSS Score: 7.8 (High)
Identifier: CVE-2025-21334
Exploit or POC: Yes, active exploitation has been observed in the wild. 
Update: CVE-2025-21334 – Microsoft Security Update Guide

Description: CVE-2025-21334 is a use-after-free vulnerability in the Microsoft Windows Hyper-V NT Kernel Integration Virtual Service Provider (VSP). This flaw allows a local attacker to gain SYSTEM privileges, potentially leading to full system compromise. Active exploitation of this vulnerability has been reported.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Microsoft Security Update Guide. Immediate patching is recommended to prevent potential exploitation.


Microsoft Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVSS Score: 7.8 (High)
Identifier: CVE-2025-21335
Exploit or POC: Yes, active exploitation has been observed in the wild. 
Update: CVE-2025-21335 – Microsoft Security Update Guide

Description: CVE-2025-21335 is an elevation of privilege vulnerability in the Microsoft Windows Hyper-V NT Kernel Integration Virtual Service Provider (VSP). This flaw allows a local attacker to gain SYSTEM privileges, potentially leading to full system compromise. Active exploitation of this vulnerability has been reported.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Microsoft Security Update Guide. Immediate patching is recommended to prevent potential exploitation.


Windows App Package Installer Spoofing Vulnerability

CVSS Score: 7.8 (High)
Identifier: CVE-2025-21275
Exploit or POC: No known public proof of concept has been reported. 
Update: CVE-2025-21275 – Microsoft Security Update Guide

Description: CVE-2025-21275 is a spoofing vulnerability in the Windows App Package Installer. An attacker can exploit this flaw by crafting a malicious package that appears to be from a trusted source, potentially leading to unauthorized actions on the affected system.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Microsoft Security Update Guide. Immediate patching is recommended to prevent potential exploitation.


Microsoft Windows Graphics Component Remote Code Execution Vulnerability

CVSS Score: 7.8 (High)
Identifier: CVE-2025-21308
Exploit or POC: No known public proof of concept has been reported. 
Update: CVE-2025-21308 – Microsoft Security Update Guide

Description: CVE-2025-21308 is a remote code execution vulnerability in the Microsoft Windows Graphics Component. An attacker can exploit this flaw by convincing a user to open a specially crafted file, potentially leading to arbitrary code execution on the affected system.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Microsoft Security Update Guide. Immediate patching is recommended to prevent potential exploitation.


Microsoft Access Remote Code Execution Vulnerability

CVSS Score: 7.8 (High)
Identifier: CVE-2025-21186
Exploit or POC: No known public proof of concept has been reported. 
Update: CVE-2025-21186 – Microsoft Security Update Guide

Description: CVE-2025-21186 is a remote code execution vulnerability in Microsoft Access. An attacker can exploit this flaw by convincing a user to open a specially crafted Access file, potentially leading to arbitrary code execution on the affected system.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Microsoft Security Update Guide. Immediate patching is recommended to prevent potential exploitation.


Microsoft Access Remote Code Execution Vulnerability

CVSS Score: 7.8 (High)
Identifier: CVE-2025-21366
Exploit or POC: No known public proof of concept has been reported. 
Update: CVE-2025-21366 – Microsoft Security Update Guide

Description: CVE-2025-21366 is a remote code execution vulnerability in Microsoft Access. An attacker can exploit this flaw by convincing a user to open a specially crafted Access file, potentially leading to arbitrary code execution on the affected system.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Microsoft Security Update Guide. Immediate patching is recommended to prevent potential exploitation.


Microsoft Access Remote Code Execution Vulnerability

CVSS Score: 7.8 (High)
Identifier: CVE-2025-21395
Exploit or POC: No known public proof of concept has been reported. 
Update: CVE-2025-21395 – Microsoft Security Update Guide

Description: CVE-2025-21395 is a remote code execution vulnerability in Microsoft Access. An attacker can exploit this flaw by convincing a user to open a specially crafted Access file, potentially leading to arbitrary code execution on the affected system.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Microsoft Security Update Guide. Immediate patching is recommended to prevent potential exploitation.

Get Blog Updates

Related Articles

Emergency Security Bulletin: SonicWall SMA1000 Appliances Vulnerability Bulletins

Emergency Security Bulletin: SonicWall SMA1000 Appliances

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Emergency Security Bulletin: Multiple SAP NetWeaver Vulnerabilities Vulnerability Bulletins

Emergency Security Bulletin: Multiple SAP NetWeaver Vulnerabilities

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Critical Security Vulnerabilities Bulletin