Skip to content
BLOG

Patch Tuesday January 2025

Brock Bingham candid headshot
Brock Bingham|January 14, 2025
Patch Tuesday October 2023
Patch Tuesday October 2023
Sections

It’s 2025. You’re caught up on all your patching. Your devices are 100% secure. Critical systems that can’t be patched have had the proper workarounds implemented to mitigate risks. Your boss thanks you for all your hard work and gives you a promotion and a company car.

Now, snap out of it! While you were daydreaming, you’ve missed three help desk calls and patches ready to be deployed! Let’s get to it!

  • Total exploits patched: 161

  • Critical patches: 12

  • Already known or exploited: 8

Some highlights (or lowlights)

  • CVE-2025-21298: CVE-2025-21298 is a Windows OLE (Object Linking and Embedding) remote code execution vulnerability. It is one of three (yes, three) 9.8-rated CVEs that were just released. I see Microsoft is starting the year off strong.

    This vulnerability is pretty dang scary because it’s got a network attack vector, a low complexity, and doesn’t require privileges or user interaction. This is another one of many email vulnerabilities we’ve had that is effective once a user opens the email or if it’s displayed in the preview pane. Microsoft has even gone as far as to recommend configuring your email client to render only in plain text to avoid these types of exploits. I’ll take it one step further and ask the important question: Can we just get rid of email? I haven’t checked mine in like a year.

  • CVE-2025-21311: Another of our 9.8-rated CVEs, CVE-2025-21311 is an elevation of privilege exploit affecting NTLMv1. While this patch is considered an official fix, Microsoft recommends setting your network security to this configuration: LAN Manager authentication level in group policy to 5 (which prevents the use of NTLMv1 but allows NTLMv2, which is more secure and offers more security features).

  • CVE-2025-21333, CVE-2025-21334, CVE-2025-21335: Let’s wrap up with a three-for-one. That’s right, Hyper-V has three CVEs this month, all dealing with an elevation of privilege vulnerability and all being actively exploited. If you don’t want some random user gaining SYSTEM privileges on your Hyper-Vs, then Microsoft and I agree: Get this deployed ASAP.

Wrapping up

If I had to make a prediction for 2025, it’s that AI will prove to be an invaluable tool for bad actors. With the ability to easily generate images, create scripts, and mimic people’s voices, I think we’re in for a wild ride. I expect social engineering attacks to increase and for them to appear much more legitimate than an email riddled with spelling errors.

As always, the best way to keep you and your organization safe from cyberattacks is with valuable user trainings, modern security practices, and diligent patching. Let’s make 2025 our most secure year yet. While I can’t guarantee the promotion, the company car, or even a thanks from your boss, I can guarantee you’ll sleep a little better at night knowing your devices are protected.

Brock Bingham candid headshot
Brock Bingham

Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.

Related articles

How MSPs manage tenants in Connect

How MSPs manage tenants in Connect

PRODUCT

PatchTuesday lightBlue

Patch Tuesday December 2024

SECURITY

Hero image illustration of PowerShell logo with rings.

How to search files for text strings with PowerShell

POWERSHELL