The first Patch Tuesday of the year is kicking off with a bang
(Image credit: Shutterstock)
Microsoft kicked off its first Patch Tuesday of 2025 by addressing the largest number of CVEs in a single month since 2017. In addition to several vulnerabilities addressed in its Edge browser back in December 2024, this week the company has patched a total of 161 security vulnerabilities across its entire software portfolio.
These include patches for three actively exploited zero-days. In total, this Patch Tuesday fixes: 58 Remote Code Execution vulnerabilities, 40 Elevation of Privilege vulnerabilities, 24 Information Disclosure vulnerabilities, 20 Denial of Service vulnerabilities, 14 Security Feature Bypass vulnerabilities, and 5 Spoofing vulnerabilities.
The three zero-day exploits have been used in attacks in the wild, though as per usual, Microsoft hasn't provided any details on the scale of the attacks, how the shortcomings are being exploited, in what context or the identity of the threat actors that are weaponizing them. This is done to give Windows users enough time to update their PCs. However, it also prevents other cybercriminals from using these zero-days in their own attacks.
We do know, according to Microsoft’s advisory, that attackers who successfully exploit these vulnerabilities could gain system privileges and that the trio of flaws are in the Windows Hyper-V NT Kernel Integration VSP, with CVSS scores of 7.8. They're currently being tracked as CVE-2025-21333, CVE-2025-21334, CVE-2025-21335.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these to its Known Exploited Vulnerabilities (KEV) catalog which means that federal agencies must apply fixes by February 4th 2025.
Of the remaining flaws, 11 are rated Critical and 149 are rated Important in severity. One has no assigned severity and five of the bugs are publicly known.
The sheer number of bugs patched in this round of Patch Tuesday updates underscores the importance of keeping the best Windows laptops up to date. Not only that, but you'll also want to make sure you have one of the best antivirus programs installed and kept up to date too in order to avoid any malware sneaking by. Many of these programs will come with advances features and extras like a VPN or password manager as well, for additional security.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps.
