Microsoft Monthly Security Update (January 2025)

Microsoft has released monthly security update for their products:

Vulnerable Product	Risk Level	Impacts	Notes
Developer Tools	Medium Risk	Information Disclosure Remote Code Execution Elevation of Privilege
Windows	High Risk	Remote Code Execution Information Disclosure Elevation of Privilege Denial of Service Security Restriction Bypass Spoofing	CVE-2025-21333, CVE-2025-21334 and CVE-2025-21335 are being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Extended Security Updates (ESU)	Medium Risk	Remote Code Execution Information Disclosure Elevation of Privilege Denial of Service Security Restriction Bypass Spoofing
Microsoft Office	Medium Risk	Remote Code Execution Security Restriction Bypass Spoofing Elevation of Privilege Information Disclosure
Azure	Medium Risk	Information Disclosure
Microsoft Dynamics	Medium Risk	Remote Code Execution

Number of ‘Extremely High Risk’ product(s): 0

Number of ‘High Risk’ product(s): 1

Number of ‘Medium Risk’ product(s): 5

Number of ‘Low Risk’ product(s): 0

Evaluation of overall ‘Risk Level’: High Risk

Impact

• Elevation of Privilege
• Security Restriction Bypass
• Spoofing
• Information Disclosure
• Remote Code Execution
• Denial of Service

System / Technologies affected

• Developer Tools
• Windows
• Extended Security Updates (ESU)
• Microsoft Office
• Azure
• Microsoft Dynamics

Solutions

Before installation of the software, please visit the vendor web-site for more details.

•  Apply fixes issued by the vendor.

Vulnerability Identifier

• https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&year=2025&month=01

Source

• Microsoft

Related Link

• https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan