Microsoft Security Bulletin Coverage for January 2025
Overview
Microsoft’s January 2025 Patch Tuesday has 159 vulnerabilities, of which 58 are Remote Code Execution. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of January 2025 and has produced coverage for 7 of the reported vulnerabilities.
Vulnerabilities with Detections
CVE | CVE Title | Signature |
CVE-2025-21292 | Windows Search Service Elevation of Privilege Vulnerability | ASPY 7036 Exploit-dll dll.MP_12 |
CVE-2025-21299 | Windows Kerberos Security Feature Bypass Vulnerability | ASPY 7037 Exploit-exe exe.MP_425 |
CVE-2025-21309 | Windows Remote Desktop Services Remote Code Execution Vulnerability | ASPY 622 Exploit-exe exe.MP_427 |
CVE-2025-21315 | Microsoft Brokering File System Elevation of Privilege Vulnerability | ASPY 621 Exploit-exe exe.MP_426 |
CVE-2025-21362 | Microsoft Excel Remote Code Execution Vulnerability | ASPY 619 Malformed-xls xls.MP_18 |
CVE-2025-21365 | Microsoft Office Remote Code Execution Vulnerability | ASPY 618 Malformed-docx docx.MP_12 |
| CVE-2025-21298 | Windows OLE Remote Code Execution Vulnerability | ASPY 623 Malformed-rtf rtf.OT_3 SonicWall Capture ATP w/RTDMI |
Release Breakdown
The vulnerabilities can be classified into the following categories:
For January there are 10 critical and 148 important vulnerabilities.
Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.
Release Detailed Breakdown
Denial of Service Vulnerabilities
CVE | CVE Title |
CVE-2025-21207 | Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability |
CVE-2025-21218 | Windows Kerberos Denial of Service Vulnerability |
CVE-2025-21225 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
CVE-2025-21230 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
CVE-2025-21231 | IP Helper Denial of Service Vulnerability |
CVE-2025-21251 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
CVE-2025-21270 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
CVE-2025-21274 | Windows Event Tracing Denial of Service Vulnerability |
CVE-2025-21276 | Windows MapUrlToZone Denial of Service Vulnerability |
CVE-2025-21277 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
CVE-2025-21278 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
CVE-2025-21280 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability |
CVE-2025-21284 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability |
CVE-2025-21285 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
CVE-2025-21289 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
CVE-2025-21290 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
CVE-2025-21300 | Windows upnphost.dll Denial of Service Vulnerability |
CVE-2025-21313 | Windows Security Account Manager (SAM) Denial of Service Vulnerability |
CVE-2025-21330 | Windows Remote Desktop Services Denial of Service Vulnerability |
CVE-2025-21389 | Windows upnphost.dll Denial of Service Vulnerability |
Elevation of Privilege Vulnerabilities
CVE | CVE Title |
CVE-2025-21173 | .NET Elevation of Privilege Vulnerability |
CVE-2025-21202 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability |
CVE-2025-21226 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21227 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21228 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21229 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21232 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21234 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
CVE-2025-21235 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
CVE-2025-21249 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21255 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21256 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21258 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21260 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21261 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21263 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21265 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21271 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
CVE-2025-21275 | Windows App Package Installer Elevation of Privilege Vulnerability |
CVE-2025-21281 | Microsoft COM for Windows Elevation of Privilege Vulnerability |
CVE-2025-21287 | Windows Installer Elevation of Privilege Vulnerability |
CVE-2025-21292 | Windows Search Service Elevation of Privilege Vulnerability |
CVE-2025-21293 | Active Directory Domain Services Elevation of Privilege Vulnerability |
CVE-2025-21304 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
CVE-2025-21310 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21311 | Windows NTLM V1 Elevation of Privilege Vulnerability |
CVE-2025-21315 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
CVE-2025-21324 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21327 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21331 | Windows Installer Elevation of Privilege Vulnerability |
CVE-2025-21333 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
CVE-2025-21334 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
CVE-2025-21335 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
CVE-2025-21341 | Windows Digital Media Elevation of Privilege Vulnerability |
CVE-2025-21360 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
CVE-2025-21370 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability |
CVE-2025-21372 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
CVE-2025-21378 | Windows CSC Service Elevation of Privilege Vulnerability |
CVE-2025-21382 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE-2025-21405 | Visual Studio Elevation of Privilege Vulnerability |
Information Disclosure Vulnerabilities
CVE | CVE Title |
CVE-2025-21210 | Windows BitLocker Information Disclosure Vulnerability |
CVE-2025-21214 | Windows BitLocker Information Disclosure Vulnerability |
CVE-2025-21220 | Microsoft Message Queuing Information Disclosure Vulnerability |
CVE-2025-21242 | Windows Kerberos Information Disclosure Vulnerability |
CVE-2025-21257 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability |
CVE-2025-21272 | Windows COM Server Information Disclosure Vulnerability |
CVE-2025-21288 | Windows COM Server Information Disclosure Vulnerability |
CVE-2025-21301 | Windows Geolocation Service Information Disclosure Vulnerability |
CVE-2025-21312 | Windows Smart Card Reader Information Disclosure Vulnerability |
CVE-2025-21316 | Windows Kernel Memory Information Disclosure Vulnerability |
CVE-2025-21317 | Windows Kernel Memory Information Disclosure Vulnerability |
CVE-2025-21318 | Windows Kernel Memory Information Disclosure Vulnerability |
CVE-2025-21319 | Windows Kernel Memory Information Disclosure Vulnerability |
CVE-2025-21320 | Windows Kernel Memory Information Disclosure Vulnerability |
CVE-2025-21321 | Windows Kernel Memory Information Disclosure Vulnerability |
CVE-2025-21323 | Windows Kernel Memory Information Disclosure Vulnerability |
CVE-2025-21336 | Windows Cryptographic Information Disclosure Vulnerability |
CVE-2025-21343 | Windows Web Threat Defense User Service Information Disclosure Vulnerability |
CVE-2025-21374 | Windows CSC Service Information Disclosure Vulnerability |
CVE-2025-21380 | Azure Marketplace SaaS Resources Information Disclosure Vulnerability |
CVE-2025-21385 | Microsoft Purview Information Disclosure Vulnerability |
CVE-2025-21403 | On-Premises Data Gateway Information Disclosure Vulnerability |
Remote Code Execution Vulnerabilities
CVE | CVE Title |
CVE-2025-21171 | .NET Remote Code Execution Vulnerability |
CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability |
CVE-2025-21176 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
CVE-2025-21178 | Visual Studio Remote Code Execution Vulnerability |
CVE-2025-21186 | Microsoft Access Remote Code Execution Vulnerability |
CVE-2025-21187 | Microsoft Power Automate Remote Code Execution Vulnerability |
CVE-2025-21223 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21224 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability |
CVE-2025-21233 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21236 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21237 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21238 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21239 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21240 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21241 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21243 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21244 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21245 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21246 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21248 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21250 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21252 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21266 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21273 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21282 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21286 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21291 | Windows Direct Show Remote Code Execution Vulnerability |
CVE-2025-21294 | Microsoft Digest Authentication Remote Code Execution Vulnerability |
CVE-2025-21295 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability |
CVE-2025-21296 | BranchCache Remote Code Execution Vulnerability |
CVE-2025-21297 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
CVE-2025-21298 | Windows OLE Remote Code Execution Vulnerability |
CVE-2025-21302 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21303 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21305 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21306 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21307 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability |
CVE-2025-21309 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
CVE-2025-21326 | Internet Explorer Remote Code Execution Vulnerability |
CVE-2025-21338 | GDI+ Remote Code Execution Vulnerability |
CVE-2025-21339 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21344 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
CVE-2025-21345 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2025-21348 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
CVE-2025-21354 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2025-21356 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2025-21357 | Microsoft Outlook Remote Code Execution Vulnerability |
CVE-2025-21361 | Microsoft Outlook Remote Code Execution Vulnerability |
CVE-2025-21362 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2025-21363 | Microsoft Word Remote Code Execution Vulnerability |
CVE-2025-21365 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2025-21366 | Microsoft Access Remote Code Execution Vulnerability |
CVE-2025-21395 | Microsoft Access Remote Code Execution Vulnerability |
CVE-2025-21402 | Microsoft Office OneNote Remote Code Execution Vulnerability |
CVE-2025-21409 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21411 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21413 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-21417 | Windows Telephony Service Remote Code Execution Vulnerability |
Security Feature Bypass Vulnerabilities
CVE | CVE Title |
CVE-2025-21189 | MapUrlToZone Security Feature Bypass Vulnerability |
CVE-2025-21211 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2025-21213 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2025-21215 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2025-21219 | MapUrlToZone Security Feature Bypass Vulnerability |
CVE-2025-21268 | MapUrlToZone Security Feature Bypass Vulnerability |
CVE-2025-21269 | Windows HTML Platforms Security Feature Bypass Vulnerability |
CVE-2025-21299 | Windows Kerberos Security Feature Bypass Vulnerability |
CVE-2025-21328 | MapUrlToZone Security Feature Bypass Vulnerability |
CVE-2025-21329 | MapUrlToZone Security Feature Bypass Vulnerability |
CVE-2025-21340 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability |
CVE-2025-21346 | Microsoft Office Security Feature Bypass Vulnerability |
CVE-2025-21364 | Microsoft Excel Security Feature Bypass Vulnerability |
CVE-2025-21332 | MapUrlToZone Security Feature Bypass Vulnerability |
Spoofing Vulnerabilities
CVE | CVE Title |
CVE-2025-21193 | Active Directory Federation Server Spoofing Vulnerability |
CVE-2025-21217 | Windows Mark of the Web Spoofing Vulnerability |
CVE-2025-21308 | Windows Themes Spoofing Vulnerability |
CVE-2025-21314 | Windows SmartScreen Spoofing Vulnerability |
CVE-2025-21393 | Microsoft SharePoint Server Spoofing Vulnerability |
Share This Article
An Article By
An Article By
Security News
Security News
