Skip to main content
CyberSecurity

Microsoft Patches 3 Zero-Day Flaws in Latest Security Update

simran January 16, 2025
Microsoft Patches 3 Zero-Day Flaws in Latest Security Update

Microsoft’s Latest Security Update: Patching 161 Security Vulnerabilities

Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks.

Severity of the Vulnerabilities

Of the 161 flaws, 11 are rated Critical and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344, CVSS score: 6.7), has not been assigned any severity. According to the Zero Day Initiative, the update marks the largest number of CVEs addressed in a single month since at least 2017.

Exploitation of the Vulnerabilities

The fixes are in addition to performing initial authentication when a server receives the first challenge response from a client. Ben Hopkins, cybersecurity engineer at Immersive Labs, explained that the server works by checking that the client has not already been authenticated. CVE-2025-21294 involves exploitation of this process for attackers to achieve remote code execution (RCE).

Notable Vulnerabilities

Among the list of vulnerabilities that have been tagged as more likely to be exploited is an information disclosure flaw affecting Windows BitLocker (CVE-2025-21210, CVSS score: 4.2) that could allow for the recovery of hibernation images in plaintext assuming an attacker is able to gain physical access to the victim machine’s hard disk.

Impact of the Vulnerability

"Hibernation images are used when a laptop goes to sleep and contains the contents that were stored in RAM at the moment the device powered down," Kev Breen, senior director of threat research at Immersive Labs, said. "This presents a significant potential impact as RAM can contain sensitive data (such as passwords, credentials, and PII) that may have been in open documents or browser sessions and can all be recovered with free tools from hibernation files."

Software Patches from Other Vendors

Besides Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including:

[Insert list of software patches from other vendors]

Stay Up-to-Date with the Latest Security News

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Source Link

Next Post

You May Also Like

Zero Trust Wi-Fi Security with Cloud Captive Portal
Zero Trust Wi-Fi Security with Cloud Captive PortalCyberSecurity

Zero Trust Wi-Fi Security with Cloud Captive Portal

simransimranJanuary 18, 2025
Has TikTok Ban Backfired on US Cybersecurity?
Has TikTok Ban Backfired on US Cybersecurity?CyberSecurity

Has TikTok Ban Backfired on US Cybersecurity?

simransimranJanuary 17, 2025
Password Management Strategy for Indian Orgs
Password Management Strategy for Indian Orgs

Password Management Strategy for Indian Orgs

simransimranJanuary 13, 2025

FUSION MAG