Key Takeaways:
Microsoft released yesterday the January 2025 Patch Tuesday updates for Windows 11 and Windows 10. This month’s Patch Tuesday updates include fixes for 159 vulnerabilities in Windows, Office, Hyper-V, SharePoint Server, Azure, and more.
“This is the largest number of CVEs addressed in any single month since at least 2017 and is more than double the usual amount of CVEs fixed in January,” the Zero Day Initiative explained. “This comes on the heels of a record number of December patches and could be an ominous sign for patch levels in 2025.”
Among the 159 vulnerabilities that Microsoft fixed this month, 11 are rated “Critical” and the other 148 are rated Important in severity. There are also three security flaws that are already being exploited by attackers.
Let’s take a closer look at some of the most important vulnerabilities Microsoft fixed this month:
You can find below the full list of CVEs released by Microsoft for the month of January:
Release date | Product | Platform | Impact | Max Severity | Article | Download | Build Number | Details |
Jan 15, 2025 | Microsoft Edge (Chromium-based) | Release Notes | Security Update | 131.0.2903.147 | CVE-2025-0291 | |||
Jan 14, 2025 | Windows 10 for x64-based Systems | Spoofing | Important | 5050013 | Security Update | 10.0.10240.20890 | CVE-2025-21217 | |
Jan 14, 2025 | Windows 10 for 32-bit Systems | Spoofing | Important | 5050013 | Security Update | 10.0.10240.20890 | CVE-2025-21217 | |
Jan 14, 2025 | Windows Server 2025 | Spoofing | Important | 5050009 | Security Update | 10.0.26100.2894 | CVE-2025-21217 | |
Jan 14, 2025 | Windows 11 Version 24H2 for x64-based Systems | Spoofing | Important | 5050009 | Security Update | 10.0.26100.2894 | CVE-2025-21217 | |
Jan 14, 2025 | Windows 11 Version 24H2 for ARM64-based Systems | Spoofing | Important | 5050009 | Security Update | 10.0.26100.2894 | CVE-2025-21217 | |
Jan 14, 2025 | Windows Server 2022, 23H2 Edition (Server Core installation) | Spoofing | Important | 5049984 | Security Update | 10.0.25398.1369 | CVE-2025-21217 | |
Jan 14, 2025 | Windows 11 Version 23H2 for x64-based Systems | Spoofing | Important | 5050021 | Security Update | 10.0.22631.4751 | CVE-2025-21217 | |
Jan 14, 2025 | Windows 11 Version 23H2 for ARM64-based Systems | Spoofing | Important | 5050021 | Security Update | 10.0.22621.4751 | CVE-2025-21217 | |
Jan 14, 2025 | Windows Server 2016 | Remote Code Execution | Important | 5049993 | Security Update | 10.0.14393.7699 | CVE-2025-21246 | |
Jan 14, 2025 | Windows 10 Version 1607 for x64-based Systems | Remote Code Execution | Important | 5049993 | Security Update | 10.0.14393.7699 | CVE-2025-21246 | |
Jan 14, 2025 | Windows 10 Version 1607 for 32-bit Systems | Remote Code Execution | Important | 5049993 | Security Update | 10.0.14393.7699 | CVE-2025-21246 | |
Jan 14, 2025 | Windows Server 2025 (Server Core installation) | Remote Code Execution | Important | 5050009 | Security Update | 10.0.26100.2894 | CVE-2025-21246 | |
Jan 14, 2025 | Windows 10 Version 22H2 for 32-bit Systems | Remote Code Execution | Important | 5049981 | Security Update | 10.0.19045.5371 | CVE-2025-21246 | |
Jan 14, 2025 | Windows 11 Version 22H2 for x64-based Systems | Information Disclosure | Important | 5050021 | Security Update | 10.0.22621.4751 | CVE-2025-21374 | |
Jan 14, 2025 | Windows 11 Version 22H2 for ARM64-based Systems | Information Disclosure | Important | 5050021 | Security Update | 10.0.22621.4751 | CVE-2025-21374 | |
Jan 14, 2025 | Windows 10 Version 21H2 for x64-based Systems | Information Disclosure | Important | 5049981 | Security Update | 10.0.19044.5371 | CVE-2025-21374 | |
Jan 14, 2025 | Windows 10 Version 21H2 for ARM64-based Systems | Information Disclosure | Important | 5049981 | Security Update | 10.0.19044.5371 | CVE-2025-21374 | |
Jan 14, 2025 | Windows 10 Version 21H2 for 32-bit Systems | Information Disclosure | Important | 5049981 | Security Update | 10.0.19044.5371 | CVE-2025-21374 | |
Jan 14, 2025 | Windows Server 2022 (Server Core installation) | Information Disclosure | Important | 5049983 | Security Update | 10.0.20348.3091 | CVE-2025-21374 | |
Jan 14, 2025 | Windows Server 2022 | Information Disclosure | Important | 5049983 | Security Update | 10.0.20348.3091 | CVE-2025-21374 | |
Jan 14, 2025 | Windows 10 Version 22H2 for ARM64-based Systems | Security Feature Bypass | Important | 5049981 | Security Update | 10.0.19045.5371 | CVE-2025-21340 | |
Jan 14, 2025 | Windows 10 Version 22H2 for x64-based Systems | Security Feature Bypass | Important | 5049981 | Security Update | 10.0.19045.5371 | CVE-2025-21340 | |
Jan 14, 2025 | Windows Server 2008 for 32-bit Systems Service Pack 2 | Elevation of Privilege | Important | 5050063 | Monthly Rollup | 6.0.6003.23070 | CVE-2025-21261 | |
Jan 14, 2025 | Windows Server 2008 for 32-bit Systems Service Pack 2 | Elevation of Privilege | Important | 5050061 | Security Only | 6.0.6003.23070 | CVE-2025-21261 | |
Jan 14, 2025 | Windows Server 2016 (Server Core installation) | Elevation of Privilege | Important | 5049993 | Security Update | 10.0.14393.7699 | CVE-2025-21261 | |
Jan 14, 2025 | Windows 10 Version 1809 for x64-based Systems | Elevation of Privilege | Important | 5050008 | Security Update | 10.0.17763.6775 | CVE-2025-21261 | |
Jan 14, 2025 | Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5050048 | Monthly Rollup | 6.3.9600.22371 | CVE-2025-21227 | |
Jan 14, 2025 | Windows Server 2019 (Server Core installation) | Denial of Service | Important | 5050008 | Security Update | 10.0.17763.6775 | CVE-2025-21278 | |
Jan 14, 2025 | Windows Server 2019 | Denial of Service | Important | 5050008 | Security Update | 10.0.17763.6775 | CVE-2025-21278 | |
Jan 14, 2025 | Windows 10 Version 1809 for 32-bit Systems | Denial of Service | Important | 5050008 | Security Update | 10.0.17763.6775 | CVE-2025-21278 | |
Jan 14, 2025 | Microsoft Visual Studio 2022 version 17.12 | Elevation of Privilege | Important | Release Notes | Security Update | 17.12.4 | CVE-2025-21405 | |
Jan 14, 2025 | Windows Server 2012 R2 | Spoofing | Important | 5050048 | Monthly Rollup | 6.3.9600.22371 | CVE-2025-21217 | |
Jan 14, 2025 | Windows Server 2012 (Server Core installation) | Spoofing | Important | 5050004 | Monthly Rollup | 6.2.9200.25273 | CVE-2025-21217 | |
Jan 14, 2025 | Windows Server 2012 | Spoofing | Important | 5050004 | Monthly Rollup | 6.2.9200.25273 | CVE-2025-21217 | |
Jan 14, 2025 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Spoofing | Important | 5050049 | Monthly Rollup | 6.1.7601.27520 | CVE-2025-21217 | |
Jan 14, 2025 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Spoofing | Important | 5050006 | Security Only | 6.1.7601.27520 | CVE-2025-21217 | |
Jan 14, 2025 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Spoofing | Important | 5050049 | Monthly Rollup | 6.1.7601.27520 | CVE-2025-21217 | |
Jan 14, 2025 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Spoofing | Important | 5050006 | Security Only | 6.1.7601.27520 | CVE-2025-21217 | |
Jan 14, 2025 | Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Spoofing | Important | 5050063 | Monthly Rollup | 6.0.6003.23070 | CVE-2025-21217 | |
Jan 14, 2025 | Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Spoofing | Important | 5050061 | Security Only | 6.0.6003.23070 | CVE-2025-21217 | |
Jan 14, 2025 | Windows Server 2008 for x64-based Systems Service Pack 2 | Spoofing | Important | 5050063 | Monthly Rollup | 6.0.6003.23070 | CVE-2025-21217 | |
Jan 14, 2025 | Windows Server 2008 for x64-based Systems Service Pack 2 | Spoofing | Important | 5050061 | Security Only | 6.0.6003.23070 | CVE-2025-21217 | |
Jan 14, 2025 | Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Spoofing | Important | 5050063 | Monthly Rollup | 6.0.6003.23070 | CVE-2025-21217 | |
Jan 14, 2025 | Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Spoofing | Important | 5050061 | Security Only | 6.0.6003.23070 | CVE-2025-21217 | |
Jan 14, 2025 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Security Feature Bypass | Important | 5049994 | IE Cumulative | 1.003 | CVE-2025-21189 | |
Jan 14, 2025 | Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Security Feature Bypass | Important | 5049994 | IE Cumulative | 1.007 | CVE-2025-21189 | |
Jan 14, 2025 | Windows Server 2008 for x64-based Systems Service Pack 2 | Security Feature Bypass | Important | 5049994 | IE Cumulative | 1.007 | CVE-2025-21189 | |
Jan 14, 2025 | Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Security Feature Bypass | Important | 5049994 | IE Cumulative | 1.007 | CVE-2025-21189 | |
Jan 14, 2025 | Windows Server 2008 for 32-bit Systems Service Pack 2 | Security Feature Bypass | Important | 5049994 | IE Cumulative | 1.007 | CVE-2025-21189 | |
Jan 14, 2025 | On-Premises Data Gateway | Information Disclosure | Important | Release Notes | Security Update | 3000.246 | CVE-2025-21403 | |
Jan 14, 2025 | Microsoft Access 2016 (64-bit edition) | Remote Code Execution | Important | 5002670 | Security Update | 16.0.5483.1001 | CVE-2025-21395 | |
Jan 14, 2025 | Microsoft 365 Apps for Enterprise for 32-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | https://aka.ms/OfficeSecurityReleases | CVE-2025-21366 | |
Jan 14, 2025 | Microsoft Office 2019 for 64-bit editions | Remote Code Execution | Important | Click to Run | Security Update | https://aka.ms/OfficeSecurityReleases | CVE-2025-21366 | |
Jan 14, 2025 | Microsoft Office 2019 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | https://aka.ms/OfficeSecurityReleases | CVE-2025-21366 | |
Jan 14, 2025 | Microsoft Office LTSC 2024 for 64-bit editions | Remote Code Execution | Important | Click to Run | Security Update | https://aka.ms/OfficeSecurityReleases | CVE-2025-21365 | |
Jan 14, 2025 | Microsoft Office LTSC for Mac 2024 | Remote Code Execution | Important | Release Notes | Security Update | 16.93.25011212 | CVE-2025-21338 | |
Jan 14, 2025 | Microsoft Office for Universal | Remote Code Execution | Important | Release Notes | Security Update | 16.0.14326.22175 | CVE-2025-21338 | |
Jan 14, 2025 | Microsoft Office for Android | Remote Code Execution | Important | Release Notes | Security Update | 16.0.18429.20000 | CVE-2025-21338 | |
Jan 14, 2025 | Microsoft Office for iOS | Remote Code Execution | Important | Release Notes | Security Update | 2.93.24123014 | CVE-2025-21338 | |
Jan 14, 2025 | Microsoft Office LTSC for Mac 2021 | Remote Code Execution | Important | Release Notes | Security Update | 16.93.25011212 | CVE-2025-21338 | |
Jan 14, 2025 | Microsoft Office for Mac | Remote Code Execution | Important | Release Notes | Security Update | 16.93.25011212 | CVE-2025-21338 | |
Jan 14, 2025 | Windows Server 2012 R2 (Server Core installation) | Denial of Service | Important | 5049994 | IE Cumulative | 1.002 | CVE-2025-21276 | |
Jan 14, 2025 | Windows Server 2012 R2 | Denial of Service | Important | 5049994 | IE Cumulative | 1.002 | CVE-2025-21276 | |
Jan 14, 2025 | Windows Server 2012 (Server Core installation) | Denial of Service | Important | 5049994 | IE Cumulative | 1.003 | CVE-2025-21276 | |
Jan 14, 2025 | Windows Server 2012 | Denial of Service | Important | 5049994 | IE Cumulative | 1.003 | CVE-2025-21276 | |
Jan 14, 2025 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Denial of Service | Important | 5049994 | IE Cumulative | 1.003 | CVE-2025-21276 | |
Jan 14, 2025 | Microsoft Office LTSC 2024 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | https://aka.ms/OfficeSecurityReleases | CVE-2025-21365 | |
Jan 14, 2025 | Microsoft 365 Apps for Enterprise for 64-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | https://aka.ms/OfficeSecurityReleases | CVE-2025-21365 | |
Jan 14, 2025 | Microsoft Excel 2016 (64-bit edition) | Remote Code Execution | Critical | 5002673 | Security Update | 16.0.5483.1001 | CVE-2025-21362 | |
Jan 14, 2025 | Microsoft Excel 2016 (32-bit edition) | Remote Code Execution | Critical | 5002673 | Security Update | 16.0.5483.1001 | CVE-2025-21362 | |
Jan 14, 2025 | Microsoft Office LTSC 2021 for 32-bit editions | Remote Code Execution | Critical | Click to Run | Security Update | https://aka.ms/OfficeSecurityReleases | CVE-2025-21362 | |
Jan 14, 2025 | Microsoft Office LTSC 2021 for 64-bit editions | Remote Code Execution | Critical | Click to Run | Security Update | https://aka.ms/OfficeSecurityReleases | CVE-2025-21362 | |
Jan 14, 2025 | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) | Remote Code Execution | Important | Release Notes | Security Update | 15.9.69 | CVE-2025-21176 | |
Jan 14, 2025 | Office Online Server | Remote Code Execution | Critical | 5002677 | Security Update | 16.0.10416.20047 | CVE-2025-21362 | |
Jan 14, 2025 | Microsoft Outlook 2016 (64-bit edition) | Remote Code Execution | Important | 5002656 | Security Update | 16.0.5483.1000 | CVE-2025-21357 | |
Jan 14, 2025 | Microsoft Visual Studio 2022 version 17.10 | Elevation of Privilege | Important | Release Notes | Security Update | 17.10.10 | CVE-2025-21173 | |
Jan 14, 2025 | Microsoft Visual Studio 2022 version 17.8 | Elevation of Privilege | Important | Release Notes | Security Update | 17.8.17 | CVE-2025-21173 | |
Jan 14, 2025 | Microsoft Visual Studio 2022 version 17.6 | Elevation of Privilege | Important | Release Notes | Security Update | 17.6.22 | CVE-2025-21173 | |
Jan 14, 2025 | .NET 9.0 installed on Windows | Remote Code Execution | Important | 5050526 | Security Update | 9.0.1 | CVE-2025-21172 | |
Jan 14, 2025 | .NET 9.0 installed on Linux | Remote Code Execution | Important | 5050526 | Security Update | 9.0.1 | CVE-2025-21172 | |
Jan 14, 2025 | .NET 9.0 installed on Mac OS | Remote Code Execution | Important | 5050526 | Security Update | 9.0.1 | CVE-2025-21172 | |
Jan 14, 2025 | .NET 8.0 installed on Mac OS | Remote Code Execution | Important | 5050525 | Security Update | 8.0.12 | CVE-2025-21172 | |
Jan 14, 2025 | .NET 8.0 installed on Linux | Remote Code Execution | Important | 5050525 | Security Update | 8.0.12 | CVE-2025-21172 | |
Jan 14, 2025 | .NET 8.0 installed on Windows | Remote Code Execution | Important | 5050525 | Security Update | 8.0.12 | CVE-2025-21172 | |
Jan 14, 2025 | Microsoft Access 2016 (32-bit edition) | Remote Code Execution | Important | 5002670 | Security Update | 16.0.5483.1001 | CVE-2025-21395 | |
Jan 14, 2025 | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) | Remote Code Execution | Important | Release Notes | Security Update | 16.11.43 | CVE-2025-21178 | |
Jan 14, 2025 | Microsoft .NET Framework 4.6/4.6.2 | Windows 10 for x64-based Systems | Remote Code Execution | Important | 5050013 | Security Update | 10.0.10240.20890 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 4.6.2 | Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Remote Code Execution | Important | 5050186 | Monthly Rollup | 4.7.04126.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 4.6.2 | Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Remote Code Execution | Important | 5050181 | Security Only | 4.7.04126.02 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft OneNote for Mac | Remote Code Execution | Important | Release Notes | Security Update | 16.92.24120731 | CVE-2025-21402 | |
Jan 14, 2025 | Microsoft Outlook for Mac | Remote Code Execution | Important | Release Notes | Security Update | 16.93 | CVE-2025-21361 | |
Jan 14, 2025 | Microsoft AutoUpdate for Mac | Elevation of Privilege | Important | Release Notes | Security Update | 4.76 | CVE-2025-21360 | |
Jan 14, 2025 | Microsoft Outlook 2016 (32-bit edition) | Remote Code Execution | Important | 5002656 | Security Update | 16.0.5483.1000 | CVE-2025-21357 | |
Jan 14, 2025 | Microsoft .NET Framework 3.5 AND 4.8.1 | Windows Server 2022, 23H2 Edition (Server Core installation) | Remote Code Execution | Important | 5049620 | Security Update | 4.8.1.09294.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 3.5 AND 4.8.1 | Windows 11 Version 23H2 for x64-based Systems | Remote Code Execution | Important | 5049624 | Security Update | 4.8.1.09294.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 3.5 AND 4.8.1 | Windows 10 Version 22H2 for 32-bit Systems | Remote Code Execution | Important | 5050188 | Security Update | 4.8.1.09294.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 3.5 AND 4.8.1 | Windows 10 Version 21H2 for x64-based Systems | Remote Code Execution | Important | 5050416 | Security Update | 4.8.1.09294.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 3.5 AND 4.8.1 | Windows Server 2022 (Server Core installation) | Remote Code Execution | Important | 5050187 | Security Update | 4.8.1.09294.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Important | 5050185 | Monthly Rollup | 4.7.04126.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Windows Server 2012 (Server Core installation) | Remote Code Execution | Important | 5050184 | Monthly Rollup | 4.7.04126.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Remote Code Execution | Important | 5050183 | Monthly Rollup | 4.7.04126.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Remote Code Execution | Important | 5050180 | Security Only | 4.7.04126.02 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 | Windows 10 Version 1607 for x64-based Systems | Remote Code Execution | Important | 5049993 | Security Update | 10.0.14393.7699 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 3.5 AND 4.7.2 | Windows Server 2016 (Server Core installation) | Remote Code Execution | Important | 5049993 | Security Update | 10.0.14393.7699 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 3.5 AND 4.7.2 | Windows Server 2019 (Server Core installation) | Remote Code Execution | Important | 5050182 | Security Update | 4.7.04126.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 3.5 AND 4.8 | Windows 10 Version 22H2 for 32-bit Systems | Remote Code Execution | Important | 5050188 | Security Update | 4.8.04775.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 3.5 AND 4.8 | Windows 10 Version 21H2 for x64-based Systems | Remote Code Execution | Important | 5050416 | Security Update | 4.8.04775.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 3.5 AND 4.8 | Windows Server 2022 (Server Core installation) | Remote Code Execution | Important | 5050187 | Security Update | 4.8.04775.01 | CVE-2025-21176 |
Jan 14, 2025 | Power Automate for Desktop | Remote Code Execution | Important | Release Notes | Security Update | 2.52.62.25009 | CVE-2025-21187 | |
Jan 14, 2025 | Microsoft SharePoint Server Subscription Edition | Spoofing | Important | 5002676 | Security Update | 16.0.17928.20356 | CVE-2025-21393 | |
Jan 14, 2025 | Microsoft SharePoint Server 2019 | Spoofing | Important | 5002666 | Security Update | 16.0.10416.20041 | CVE-2025-21393 | |
Jan 14, 2025 | Microsoft SharePoint Server 2019 | Spoofing | Important | 5002667 | Security Update | 16.0.10416.20041 | CVE-2025-21393 | |
Jan 14, 2025 | Microsoft SharePoint Enterprise Server 2016 | Spoofing | Important | 5002672 | Security Update | 16.0.5483.1001 | CVE-2025-21393 | |
Jan 14, 2025 | Microsoft SharePoint Enterprise Server 2016 | Spoofing | Important | 5002671 | Security Update | 16.0.5483.1001 | CVE-2025-21393 | |
Jan 14, 2025 | Microsoft Office 2016 (64-bit edition) | Security Feature Bypass | Important | 5002675 | Security Update | 16.0.5483.1001 | CVE-2025-21346 | |
Jan 14, 2025 | Microsoft Office 2016 (64-bit edition) | Security Feature Bypass | Important | 5002595 | Security Update | 16.0.5483.1000 | CVE-2025-21346 | |
Jan 14, 2025 | Microsoft Office 2016 (32-bit edition) | Security Feature Bypass | Important | 5002675 | Security Update | 16.0.5483.1001 | CVE-2025-21346 | |
Jan 14, 2025 | Microsoft Office 2016 (32-bit edition) | Security Feature Bypass | Important | 5002595 | Security Update | 16.0.5483.1000 | CVE-2025-21346 | |
Jan 14, 2025 | Microsoft .NET Framework 3.5 AND 4.8 | Windows Server 2019 (Server Core installation) | Remote Code Execution | Important | 5050182 | Security Update | 4.8.04775.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 4.8 | Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Important | 5050185 | Monthly Rollup | 4.8.04775.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 4.8 | Windows Server 2012 (Server Core installation) | Remote Code Execution | Important | 5050184 | Monthly Rollup | 4.8.04775.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 4.8 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Remote Code Execution | Important | 5050183 | Monthly Rollup | 4.8.04775.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 4.8 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Remote Code Execution | Important | 5050180 | Security Only | 4.8.04775.02 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 4.8 | Windows Server 2016 (Server Core installation) | Remote Code Execution | Important | 5049614 | Security Update | 4.8.04775.01 | CVE-2025-21176 |
Jan 14, 2025 | Microsoft .NET Framework 3.5 AND 4.8.1 | Windows 11 Version 24H2 for x64-based Systems | Remote Code Execution | Important | 5049622 | Security Update | 4.8.1.09294.01 | CVE-2025-21176 |
Jan 9, 2025 | Marketplace SaaS | Information Disclosure | Critical | CVE-2025-21380 | ||||
Jan 9, 2025 | Microsoft Purview | Information Disclosure | Critical | CVE-2025-21385 |
Microsoft has released the KB5050009 patch for Windows 11 version 24H2 and the KB5050021 update for versions 23H2 and 22H2 of the OS. These patches don’t bring any new features and only include security improvements that were a part of the KB5048685 update released on December 10, 2024.
Additionally, Microsoft has released the KB5049981 update for Windows 10 version 22H2. The latest update addresses a few security issues affecting the Windows 10 operating system.
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.