Microsoft’s January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

Microsoft’s latest batch of security patches includes an expanded blacklist for certain Windows Kernel Vulnerable Drivers and fixes for several elevations of privilege vulnerabilities. The January 2025 Security Update addressed 159 vulnerabilities.

Security patches should be applied to keep software up-to-date. However, early versions of patches may be unreliable and should be cautiously approached and deployed in test environments first.

Microsoft updates the Vulnerable Driver Blacklist

The January 2025 security update for Windows 11, version 24H2 expands the list of vulnerable drivers that could be used in Bring Your Own Vulnerable Driver attacks. BYOVD Vulnerabilities in kernel drivers could allow threat actors to sneak malware into the kernel.

“The vulnerable driver blocklist is designed to help harden systems against non-Microsoft-developed drivers across the Windows ecosystem,” according to Microsoft’s recommended driver block rules.

Vulnerability in Windows Hyper-V NT Kernel Integration VSP issue patched

Microsoft released patches for three Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerabilities that have already been exploited: CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335. Successfully exploiting any of them could have granted an attacker SYSTEM privileges.

SEE: Employees bypassing security suggestions remains a major concern for businesses.

A few vulnerabilities score high on the CVSS severity score

Other significant CVEs in this update include a remote code execution vulnerability in Object Linking and Embedding, a technology that enables linking in Microsoft Outlook. This vulnerability has a severity rating of 9.8 but has not been exploited in the wild.

Similarly, an elevation of privilege vulnerability in the NTLMv1 protocol has a rating of 9.8 but has not been publicly exploited. The third risk, with a score of 9.8, patched in January, is a remote code execution vulnerability in the Windows Reliable Multicast Transport Driver.

Citrix components may interfere with installing the January security update

Users with Citrix components in their computers might not be able to install the January 2025 Windows security update, Microsoft pointed out. Microsoft and Citrix are working on a fix, and Citrix has provided a workaround.

Downloads or automatic patches available for other vulnerabilities

Microsoft is aware of a few other issues with the latest Windows 11 build. The OpenSSH (Open Secure Shell) may not open for users who have installed the October 2024 security update. Microsoft has released a fix. Meanwhile, Arm users can only access the video game Roblox directly — as opposed to through the Microsoft Store on Windows — for now.

On Jan. 7, Microsoft released an update to PowerPoint 2016. The organization has fixed a problem in which OLE could automatically load and instantiate in PowerPoint. Users with Microsoft Update will receive the patch automatically, or it can be downloaded manually.

Microsoft highlighted one patch from outside its ecosystem in January: CVE-2024-50338, an information disclosure vulnerability in Git for Microsoft Visual Studio, has been patched. The vulnerability can expose secrets or privileged information belonging to Visual Studio users.