Record elimination of vulnerabilities
The year 2025 begins for Microsoft with an extensive security update. The company has fixed a total of 161 vulnerabilities in its software products — including three zero-day vulnerabilities that were actively exploited. This update marks one of the most extensive security measures Microsoft has carried out since 2017.
Of the 161 vulnerabilities addressed, 11 were classified as critical and 149 as important. Another vulnerability, a secure boot bypass (CVE-2024–7344), did not receive a rating. According to the Zero Day Initiative, this is the highest number of CVEs that Microsoft has fixed in one month since around 2017.
In addition to these patches, seven vulnerabilities in the Edge browser that were discovered after the December 2024 updates have also been closed.
Are you prepared for cyber threats?
Act now before the worst comes to the worst! DEFENDERBOX is at your side as a reliable security solution and partner to protect your company in this dynamic threat environment. Contact us to make your cybersecurity strategy fit for 2025 and beyond.
Would you like to know how secure your company is? Find out with a test installation! Book now:
Critical security vulnerabilities in Microsoft products
In addition to the zero-day vulnerabilities, five other critical vulnerabilities have been closed that pose significant risks for companies. and private users:
- CVE-2025–21294: Microsoft Digest Authentication RCE (CVSS 8.1)
- CVE-2025–21295: SPNEGO NEGOEX Security Mechanism RCE (CVSS 8.1)
- CVE-2025–21298: Windows OLE RCE (CVSS 9.8)
- CVE-2025–21307: RMCAST Driver RCE (CVSS 9.8)
- CVE-2025–21311: Windows NTLM V1 Elevation of Privilege (CVSS 9.8)
The vulnerability CVE-2025–21298 is particularly worrying: This allows attackers to cause considerable damage through specially prepared e‑mails.
Hyper‑V in focus: Three zero-day vulnerabilities
One focus of the security update is on Windows Hyper‑V NT Kernel Integration VSP. Three actively exploited zero-day vulnerabilities have been closed (CVE-2025–21333, CVE-2025–21334, CVE-2025–21335). These vulnerabilities allowed attackers to gain SYSTEM privileges and thus penetrate deep into the systems.
Conclusion
Microsoft’s record-breaking update underlines the importance of continuous security measures for companies and end users. Fixing zero-day gaps and critical vulnerabilities demonstrates the ongoing threat of cyberattacks.
Recommendation
- Install the latest updates immediately.
- Check your IT environments regularly for security gaps.
- Use security solutions such as the DEFENDERBOXto proactively identify and eliminate weak points.

Current contributions