January 2025 Patch Tuesday Updates Fix Critical Hyper-V Privilege Escalation Flaws

Microsoft's January 2025 Patch Tuesday delivers a record-breaking 159 security fixes, including critical updates for Hyper-V.

Published: Jan 15, 2025

Windows update hero image

SHARE ARTICLE

Key Takeaways:

  • Microsoft addressed 159 vulnerabilities in the January 2025 Patch Tuesday updates.
  • Key vulnerabilities include privilege escalation flaws in Hyper-V and remote code execution bugs in Microsoft Excel.
  • This release marks the highest number of fixes in a single month since at least 2017.

Microsoft released yesterday the January 2025 Patch Tuesday updates for Windows 11 and Windows 10. This month’s Patch Tuesday updates include fixes for 159 vulnerabilities in Windows, Office, Hyper-V, SharePoint Server, Azure, and more.

“This is the largest number of CVEs addressed in any single month since at least 2017 and is more than double the usual amount of CVEs fixed in January,” the Zero Day Initiative explained. “This comes on the heels of a record number of December patches and could be an ominous sign for patch levels in 2025.”

159 vulnerabilities fixed with the January 2025 Patch Tuesday updates

Among the 159 vulnerabilities that Microsoft fixed this month, 11 are rated “Critical” and the other 148 are rated Important in severity. There are also three security flaws that are already being exploited by attackers.

Let’s take a closer look at some of the most important vulnerabilities Microsoft fixed this month:

  • CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335: Microsoft has addressed three privilege escalation flaws in Windows Hyper-V. These vulnerabilities are rated important in severity with a CVSS score of 7.8. Attackers could exploit these bugs to gain system-level privileges on affected Windows 10, Windows 11, Windows Server 2022, and Windows Server 2025 machines.
  • CVE-2025-21186, CVE-2025-21366, and CVE-2025-21395: These remote code execution flaws in Microsoft Access are rated important with a CVSS score of 7.8. A successful exploitation of these bugs requires user interaction like downloading and running a malicious file.
  • CVE-2025-21275: This is an elevation of privilege vulnerability in Windows App Package Installer. It affects Windows 10, Windows 11, Windows Server 2022, and Windows Server 2025.
  • CVE-2025-21308: This is a publicly disclosed spoofing flaw in Windows Themes with a CVSS score of 6.5. It affects all supported versions of Windows and Windows Server.
  • CVE-2025-21311: This Windows NTLM V1 elevation-of-privilege vulnerability affects Windows 11, Windows Server 2022, and Windows Server 2025. It can be exploited remotely and doesn’t require user interaction.
  • CVE-2025-21307: This is an unauthenticated remote code execution flaw in Windows Reliable Multicast Transport Driver. Microsoft has warned that this vulnerability could be exploited by an unauthenticated hacker by sending specially crafted packets to a Windows Pragmatic General Multicast open socket on the server.
  • CVE-2025-21362 and CVE-2025-21354: Both Microsoft Excel remote code execution flaws have a CVSS score of 7.8. Attackers can exploit their vulnerabilities through the preview pane to increase their chances of success.
  • CVE-2025-21293: This is an elevation-of-privilege vulnerability in Active Directory Domain Services with an 8.8 CVSS score. Hackers could exploit this vulnerability to elevate their access rights and gain system-level privileges.
  • CVE-2025-21298: This is a remote code execution vulnerability in Windows Object Linking and Embedding (OLE). This security flaw lets an unauthenticated threat actor run arbitrary code through a specially crafted email. The exploit is triggered when the user either opens the email or views it in the preview pane of Microsoft Outlook.

You can find below the full list of CVEs released by Microsoft for the month of January:

Release dateProductPlatformImpactMax SeverityArticleDownloadBuild NumberDetails
Jan 15, 2025Microsoft Edge (Chromium-based)Release NotesSecurity Update131.0.2903.147CVE-2025-0291
Jan 14, 2025Windows 10 for x64-based SystemsSpoofingImportant5050013Security Update10.0.10240.20890CVE-2025-21217
Jan 14, 2025Windows 10 for 32-bit SystemsSpoofingImportant5050013Security Update10.0.10240.20890CVE-2025-21217
Jan 14, 2025Windows Server 2025SpoofingImportant5050009Security Update10.0.26100.2894CVE-2025-21217
Jan 14, 2025Windows 11 Version 24H2 for x64-based SystemsSpoofingImportant5050009Security Update10.0.26100.2894CVE-2025-21217
Jan 14, 2025Windows 11 Version 24H2 for ARM64-based SystemsSpoofingImportant5050009Security Update10.0.26100.2894CVE-2025-21217
Jan 14, 2025Windows Server 2022, 23H2 Edition (Server Core installation)SpoofingImportant5049984Security Update10.0.25398.1369CVE-2025-21217
Jan 14, 2025Windows 11 Version 23H2 for x64-based SystemsSpoofingImportant5050021Security Update10.0.22631.4751CVE-2025-21217
Jan 14, 2025Windows 11 Version 23H2 for ARM64-based SystemsSpoofingImportant5050021Security Update10.0.22621.4751CVE-2025-21217
Jan 14, 2025Windows Server 2016Remote Code ExecutionImportant5049993Security Update10.0.14393.7699CVE-2025-21246
Jan 14, 2025Windows 10 Version 1607 for x64-based SystemsRemote Code ExecutionImportant5049993Security Update10.0.14393.7699CVE-2025-21246
Jan 14, 2025Windows 10 Version 1607 for 32-bit SystemsRemote Code ExecutionImportant5049993Security Update10.0.14393.7699CVE-2025-21246
Jan 14, 2025Windows Server 2025 (Server Core installation)Remote Code ExecutionImportant5050009Security Update10.0.26100.2894CVE-2025-21246
Jan 14, 2025Windows 10 Version 22H2 for 32-bit SystemsRemote Code ExecutionImportant5049981Security Update10.0.19045.5371CVE-2025-21246
Jan 14, 2025Windows 11 Version 22H2 for x64-based SystemsInformation DisclosureImportant5050021Security Update10.0.22621.4751CVE-2025-21374
Jan 14, 2025Windows 11 Version 22H2 for ARM64-based SystemsInformation DisclosureImportant5050021Security Update10.0.22621.4751CVE-2025-21374
Jan 14, 2025Windows 10 Version 21H2 for x64-based SystemsInformation DisclosureImportant5049981Security Update10.0.19044.5371CVE-2025-21374
Jan 14, 2025Windows 10 Version 21H2 for ARM64-based SystemsInformation DisclosureImportant5049981Security Update10.0.19044.5371CVE-2025-21374
Jan 14, 2025Windows 10 Version 21H2 for 32-bit SystemsInformation DisclosureImportant5049981Security Update10.0.19044.5371CVE-2025-21374
Jan 14, 2025Windows Server 2022 (Server Core installation)Information DisclosureImportant5049983Security Update10.0.20348.3091CVE-2025-21374
Jan 14, 2025Windows Server 2022Information DisclosureImportant5049983Security Update10.0.20348.3091CVE-2025-21374
Jan 14, 2025Windows 10 Version 22H2 for ARM64-based SystemsSecurity Feature BypassImportant5049981Security Update10.0.19045.5371CVE-2025-21340
Jan 14, 2025Windows 10 Version 22H2 for x64-based SystemsSecurity Feature BypassImportant5049981Security Update10.0.19045.5371CVE-2025-21340
Jan 14, 2025Windows Server 2008 for 32-bit Systems Service Pack 2Elevation of PrivilegeImportant5050063Monthly Rollup6.0.6003.23070CVE-2025-21261
Jan 14, 2025Windows Server 2008 for 32-bit Systems Service Pack 2Elevation of PrivilegeImportant5050061Security Only6.0.6003.23070CVE-2025-21261
Jan 14, 2025Windows Server 2016 (Server Core installation)Elevation of PrivilegeImportant5049993Security Update10.0.14393.7699CVE-2025-21261
Jan 14, 2025Windows 10 Version 1809 for x64-based SystemsElevation of PrivilegeImportant5050008Security Update10.0.17763.6775CVE-2025-21261
Jan 14, 2025Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5050048Monthly Rollup6.3.9600.22371CVE-2025-21227
Jan 14, 2025Windows Server 2019 (Server Core installation)Denial of ServiceImportant5050008Security Update10.0.17763.6775CVE-2025-21278
Jan 14, 2025Windows Server 2019Denial of ServiceImportant5050008Security Update10.0.17763.6775CVE-2025-21278
Jan 14, 2025Windows 10 Version 1809 for 32-bit SystemsDenial of ServiceImportant5050008Security Update10.0.17763.6775CVE-2025-21278
Jan 14, 2025Microsoft Visual Studio 2022 version 17.12Elevation of PrivilegeImportantRelease NotesSecurity Update17.12.4CVE-2025-21405
Jan 14, 2025Windows Server 2012 R2SpoofingImportant5050048Monthly Rollup6.3.9600.22371CVE-2025-21217
Jan 14, 2025Windows Server 2012 (Server Core installation)SpoofingImportant5050004Monthly Rollup6.2.9200.25273CVE-2025-21217
Jan 14, 2025Windows Server 2012SpoofingImportant5050004Monthly Rollup6.2.9200.25273CVE-2025-21217
Jan 14, 2025Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)SpoofingImportant5050049Monthly Rollup6.1.7601.27520CVE-2025-21217
Jan 14, 2025Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)SpoofingImportant5050006Security Only6.1.7601.27520CVE-2025-21217
Jan 14, 2025Windows Server 2008 R2 for x64-based Systems Service Pack 1SpoofingImportant5050049Monthly Rollup6.1.7601.27520CVE-2025-21217
Jan 14, 2025Windows Server 2008 R2 for x64-based Systems Service Pack 1SpoofingImportant5050006Security Only6.1.7601.27520CVE-2025-21217
Jan 14, 2025Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)SpoofingImportant5050063Monthly Rollup6.0.6003.23070CVE-2025-21217
Jan 14, 2025Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)SpoofingImportant5050061Security Only6.0.6003.23070CVE-2025-21217
Jan 14, 2025Windows Server 2008 for x64-based Systems Service Pack 2SpoofingImportant5050063Monthly Rollup6.0.6003.23070CVE-2025-21217
Jan 14, 2025Windows Server 2008 for x64-based Systems Service Pack 2SpoofingImportant5050061Security Only6.0.6003.23070CVE-2025-21217
Jan 14, 2025Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)SpoofingImportant5050063Monthly Rollup6.0.6003.23070CVE-2025-21217
Jan 14, 2025Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)SpoofingImportant5050061Security Only6.0.6003.23070CVE-2025-21217
Jan 14, 2025Windows Server 2008 R2 for x64-based Systems Service Pack 1Security Feature BypassImportant5049994IE Cumulative1.003CVE-2025-21189
Jan 14, 2025Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Security Feature BypassImportant5049994IE Cumulative1.007CVE-2025-21189
Jan 14, 2025Windows Server 2008 for x64-based Systems Service Pack 2Security Feature BypassImportant5049994IE Cumulative1.007CVE-2025-21189
Jan 14, 2025Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Security Feature BypassImportant5049994IE Cumulative1.007CVE-2025-21189
Jan 14, 2025Windows Server 2008 for 32-bit Systems Service Pack 2Security Feature BypassImportant5049994IE Cumulative1.007CVE-2025-21189
Jan 14, 2025On-Premises Data GatewayInformation DisclosureImportantRelease NotesSecurity Update3000.246CVE-2025-21403
Jan 14, 2025Microsoft Access 2016 (64-bit edition)Remote Code ExecutionImportant5002670Security Update16.0.5483.1001CVE-2025-21395
Jan 14, 2025Microsoft 365 Apps for Enterprise for 32-bit SystemsRemote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2025-21366
Jan 14, 2025Microsoft Office 2019 for 64-bit editionsRemote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2025-21366
Jan 14, 2025Microsoft Office 2019 for 32-bit editionsRemote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2025-21366
Jan 14, 2025Microsoft Office LTSC 2024 for 64-bit editionsRemote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2025-21365
Jan 14, 2025Microsoft Office LTSC for Mac 2024Remote Code ExecutionImportantRelease NotesSecurity Update16.93.25011212CVE-2025-21338
Jan 14, 2025Microsoft Office for UniversalRemote Code ExecutionImportantRelease NotesSecurity Update16.0.14326.22175CVE-2025-21338
Jan 14, 2025Microsoft Office for AndroidRemote Code ExecutionImportantRelease NotesSecurity Update16.0.18429.20000CVE-2025-21338
Jan 14, 2025Microsoft Office for iOSRemote Code ExecutionImportantRelease NotesSecurity Update2.93.24123014CVE-2025-21338
Jan 14, 2025Microsoft Office LTSC for Mac 2021Remote Code ExecutionImportantRelease NotesSecurity Update16.93.25011212CVE-2025-21338
Jan 14, 2025Microsoft Office for MacRemote Code ExecutionImportantRelease NotesSecurity Update16.93.25011212CVE-2025-21338
Jan 14, 2025Windows Server 2012 R2 (Server Core installation)Denial of ServiceImportant5049994IE Cumulative1.002CVE-2025-21276
Jan 14, 2025Windows Server 2012 R2Denial of ServiceImportant5049994IE Cumulative1.002CVE-2025-21276
Jan 14, 2025Windows Server 2012 (Server Core installation)Denial of ServiceImportant5049994IE Cumulative1.003CVE-2025-21276
Jan 14, 2025Windows Server 2012Denial of ServiceImportant5049994IE Cumulative1.003CVE-2025-21276
Jan 14, 2025Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Denial of ServiceImportant5049994IE Cumulative1.003CVE-2025-21276
Jan 14, 2025Microsoft Office LTSC 2024 for 32-bit editionsRemote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2025-21365
Jan 14, 2025Microsoft 365 Apps for Enterprise for 64-bit SystemsRemote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2025-21365
Jan 14, 2025Microsoft Excel 2016 (64-bit edition)Remote Code ExecutionCritical5002673Security Update16.0.5483.1001CVE-2025-21362
Jan 14, 2025Microsoft Excel 2016 (32-bit edition)Remote Code ExecutionCritical5002673Security Update16.0.5483.1001CVE-2025-21362
Jan 14, 2025Microsoft Office LTSC 2021 for 32-bit editionsRemote Code ExecutionCriticalClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2025-21362
Jan 14, 2025Microsoft Office LTSC 2021 for 64-bit editionsRemote Code ExecutionCriticalClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2025-21362
Jan 14, 2025Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8)Remote Code ExecutionImportantRelease NotesSecurity Update15.9.69CVE-2025-21176
Jan 14, 2025Office Online ServerRemote Code ExecutionCritical5002677Security Update16.0.10416.20047CVE-2025-21362
Jan 14, 2025Microsoft Outlook 2016 (64-bit edition)Remote Code ExecutionImportant5002656Security Update16.0.5483.1000CVE-2025-21357
Jan 14, 2025Microsoft Visual Studio 2022 version 17.10Elevation of PrivilegeImportantRelease NotesSecurity Update17.10.10CVE-2025-21173
Jan 14, 2025Microsoft Visual Studio 2022 version 17.8Elevation of PrivilegeImportantRelease NotesSecurity Update17.8.17CVE-2025-21173
Jan 14, 2025Microsoft Visual Studio 2022 version 17.6Elevation of PrivilegeImportantRelease NotesSecurity Update17.6.22CVE-2025-21173
Jan 14, 2025.NET 9.0 installed on WindowsRemote Code ExecutionImportant5050526Security Update9.0.1CVE-2025-21172
Jan 14, 2025.NET 9.0 installed on LinuxRemote Code ExecutionImportant5050526Security Update9.0.1CVE-2025-21172
Jan 14, 2025.NET 9.0 installed on Mac OSRemote Code ExecutionImportant5050526Security Update9.0.1CVE-2025-21172
Jan 14, 2025.NET 8.0 installed on Mac OSRemote Code ExecutionImportant5050525Security Update8.0.12CVE-2025-21172
Jan 14, 2025.NET 8.0 installed on LinuxRemote Code ExecutionImportant5050525Security Update8.0.12CVE-2025-21172
Jan 14, 2025.NET 8.0 installed on WindowsRemote Code ExecutionImportant5050525Security Update8.0.12CVE-2025-21172
Jan 14, 2025Microsoft Access 2016 (32-bit edition)Remote Code ExecutionImportant5002670Security Update16.0.5483.1001CVE-2025-21395
Jan 14, 2025Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10)Remote Code ExecutionImportantRelease NotesSecurity Update16.11.43CVE-2025-21178
Jan 14, 2025Microsoft .NET Framework 4.6/4.6.2Windows 10 for x64-based SystemsRemote Code ExecutionImportant5050013Security Update10.0.10240.20890CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 4.6.2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Remote Code ExecutionImportant5050186Monthly Rollup4.7.04126.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 4.6.2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Remote Code ExecutionImportant5050181Security Only4.7.04126.02CVE-2025-21176
Jan 14, 2025Microsoft OneNote for MacRemote Code ExecutionImportantRelease NotesSecurity Update16.92.24120731CVE-2025-21402
Jan 14, 2025Microsoft Outlook for MacRemote Code ExecutionImportantRelease NotesSecurity Update16.93CVE-2025-21361
Jan 14, 2025Microsoft AutoUpdate for MacElevation of PrivilegeImportantRelease NotesSecurity Update4.76CVE-2025-21360
Jan 14, 2025Microsoft Outlook 2016 (32-bit edition)Remote Code ExecutionImportant5002656Security Update16.0.5483.1000CVE-2025-21357
Jan 14, 2025Microsoft .NET Framework 3.5 AND 4.8.1Windows Server 2022, 23H2 Edition (Server Core installation)Remote Code ExecutionImportant5049620Security Update4.8.1.09294.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 3.5 AND 4.8.1Windows 11 Version 23H2 for x64-based SystemsRemote Code ExecutionImportant5049624Security Update4.8.1.09294.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 3.5 AND 4.8.1Windows 10 Version 22H2 for 32-bit SystemsRemote Code ExecutionImportant5050188Security Update4.8.1.09294.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 3.5 AND 4.8.1Windows 10 Version 21H2 for x64-based SystemsRemote Code ExecutionImportant5050416Security Update4.8.1.09294.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 3.5 AND 4.8.1Windows Server 2022 (Server Core installation)Remote Code ExecutionImportant5050187Security Update4.8.1.09294.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Windows Server 2012 R2 (Server Core installation)Remote Code ExecutionImportant5050185Monthly Rollup4.7.04126.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Windows Server 2012 (Server Core installation)Remote Code ExecutionImportant5050184Monthly Rollup4.7.04126.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Remote Code ExecutionImportant5050183Monthly Rollup4.7.04126.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Remote Code ExecutionImportant5050180Security Only4.7.04126.02CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2Windows 10 Version 1607 for x64-based SystemsRemote Code ExecutionImportant5049993Security Update10.0.14393.7699CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 3.5 AND 4.7.2Windows Server 2016 (Server Core installation)Remote Code ExecutionImportant5049993Security Update10.0.14393.7699CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 3.5 AND 4.7.2Windows Server 2019 (Server Core installation)Remote Code ExecutionImportant5050182Security Update4.7.04126.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 3.5 AND 4.8Windows 10 Version 22H2 for 32-bit SystemsRemote Code ExecutionImportant5050188Security Update4.8.04775.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 3.5 AND 4.8Windows 10 Version 21H2 for x64-based SystemsRemote Code ExecutionImportant5050416Security Update4.8.04775.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 3.5 AND 4.8Windows Server 2022 (Server Core installation)Remote Code ExecutionImportant5050187Security Update4.8.04775.01CVE-2025-21176
Jan 14, 2025Power Automate for DesktopRemote Code ExecutionImportantRelease NotesSecurity Update2.52.62.25009CVE-2025-21187
Jan 14, 2025Microsoft SharePoint Server Subscription EditionSpoofingImportant5002676Security Update16.0.17928.20356CVE-2025-21393
Jan 14, 2025Microsoft SharePoint Server 2019SpoofingImportant5002666Security Update16.0.10416.20041CVE-2025-21393
Jan 14, 2025Microsoft SharePoint Server 2019SpoofingImportant5002667Security Update16.0.10416.20041CVE-2025-21393
Jan 14, 2025Microsoft SharePoint Enterprise Server 2016SpoofingImportant5002672Security Update16.0.5483.1001CVE-2025-21393
Jan 14, 2025Microsoft SharePoint Enterprise Server 2016SpoofingImportant5002671Security Update16.0.5483.1001CVE-2025-21393
Jan 14, 2025Microsoft Office 2016 (64-bit edition)Security Feature BypassImportant5002675Security Update16.0.5483.1001CVE-2025-21346
Jan 14, 2025Microsoft Office 2016 (64-bit edition)Security Feature BypassImportant5002595Security Update16.0.5483.1000CVE-2025-21346
Jan 14, 2025Microsoft Office 2016 (32-bit edition)Security Feature BypassImportant5002675Security Update16.0.5483.1001CVE-2025-21346
Jan 14, 2025Microsoft Office 2016 (32-bit edition)Security Feature BypassImportant5002595Security Update16.0.5483.1000CVE-2025-21346
Jan 14, 2025Microsoft .NET Framework 3.5 AND 4.8Windows Server 2019 (Server Core installation)Remote Code ExecutionImportant5050182Security Update4.8.04775.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 4.8Windows Server 2012 R2 (Server Core installation)Remote Code ExecutionImportant5050185Monthly Rollup4.8.04775.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 4.8Windows Server 2012 (Server Core installation)Remote Code ExecutionImportant5050184Monthly Rollup4.8.04775.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 4.8Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Remote Code ExecutionImportant5050183Monthly Rollup4.8.04775.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 4.8Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Remote Code ExecutionImportant5050180Security Only4.8.04775.02CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 4.8Windows Server 2016 (Server Core installation)Remote Code ExecutionImportant5049614Security Update4.8.04775.01CVE-2025-21176
Jan 14, 2025Microsoft .NET Framework 3.5 AND 4.8.1Windows 11 Version 24H2 for x64-based SystemsRemote Code ExecutionImportant5049622Security Update4.8.1.09294.01CVE-2025-21176
Jan 9, 2025Marketplace SaaSInformation DisclosureCriticalCVE-2025-21380
Jan 9, 2025Microsoft PurviewInformation DisclosureCriticalCVE-2025-21385

Quality and experience updates

Microsoft has released the KB5050009 patch for Windows 11 version 24H2 and the KB5050021 update for versions 23H2 and 22H2 of the OS. These patches don’t bring any new features and only include security improvements that were a part of the KB5048685 update released on December 10, 2024.

Additionally, Microsoft has released the KB5049981 update for Windows 10 version 22H2. The latest update addresses a few security issues affecting the Windows 10 operating system.

Windows Update testing and best practices

Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.

A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.

There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.

SHARE ARTICLE