Microsoft has released updates to address multiple vulnerabilities in Microsoft software with Microsoft's January 2025 Patch Tuesday.

Of the fixed vulnerabilities: 40 are elevation of privilege vulnerabilities, 14 are security feature bypass vulnerabilities, 58 are remote code execution vulnerabilities, 24 are information disclosure vulnerabilities, 20 are denial of service vulnerabilities and 5 are spoofing vulnerabilities.

This month's Patch Tuesday also includes fixes for eight zero-day vulnerabilities, with three actively exploited:

• CVE-2025-21333 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability;
• CVE-2025-21334 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability;
• CVE-2025-21335 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability;
• CVE-2025-21275 - Windows App Package Installer Elevation of Privilege Vulnerability;
• CVE-2025-21308 - Windows Themes Spoofing Vulnerability;
• CVE-2025-21186 - Microsoft Access Remote Code Execution Vulnerability;
• CVE-2025-21366 - Microsoft Access Remote Code Execution Vulnerability;
• CVE-2025-21395 - Microsoft Access Remote Code Execution Vulnerability;

More information on vulnerabilities and updates is available in the Microsoft’s January 2025 Security Updates page - microsoft.com