Microsoft's January 2025 Patch Tuesday addresses a wide range of vulnerabilities, including critical privilege escalation flaws in Hyper-V, remote code execution vulnerabilities, and issues in Adobe products.
Microsoft 's January 2025 Patch Tuesday has addressed a significant number of vulnerabilities, including three critical privilege escalation flaws in its Hyper-V hypervisor. These flaws, rated as important with a CVSS score of 7.8 out of 10, involve memory safety bugs, specifically two cases of use-after-free and one heap buffer overflow. Successful exploitation could allow an attacker to gain SYSTEM privileges, the highest level of access on a Windows system.
However, Microsoft clarifies that these vulnerabilities are not considered guest escapes, meaning they primarily affect users or malware already present on the machine. The affected systems include Windows 10 and 11, as well as Windows Server 2022 and 2025.Another noteworthy vulnerability addressed is an elevation-of-privilege flaw in the NTMLv1 authentication system, which can be exploited remotely. While a patch is available, Microsoft recommends setting the LmCompatibilityLevel to its maximum value (5) as a mitigation strategy. This setting blocks NTLMv1 while still allowing NTLM2 to function.Microsoft also patched two vulnerabilities that could facilitate remote code execution. The first, affecting the Windows Object Linking and Embedding (OLE) framework, could be triggered by a user opening a specially crafted Outlook email. This vulnerability affects Windows 10 and 11, as well as all supported versions of Windows Server from 2016 onward. The second vulnerability, related to the Windows Pragmatic General Multicast (PGM) component, could be exploited by an unauthenticated attacker sending specially crafted packets to an open PGM socket on a server. Microsoft emphasizes that PGM should not be exposed to the public internet and that most users likely adhere to this recommendation. However, those who do expose PGM are vulnerable to this attack.While the above-mentioned vulnerabilities are considered critical, Microsoft also addressed several other vulnerabilities with sub-9.0 CVSS scores but deemed critical by the company. These include a remote code execution issue with Branchcache, a networking tool intended to simplify patch management. Another vulnerability affects the Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) Extended Negotiation (NEGOEX), which could allow an attacker to execute arbitrary code by exploiting a race condition. Microsoft also patched vulnerabilities in Microsoft Excel and its Remote Desktop Gateway that could allow code execution by exploiting use-after-free scenarios.The January 2025 Patch Tuesday also addressed vulnerabilities in Adobe products, including Photoshop, Illustrator, Substance 3D Stager, and Animate. These vulnerabilities, ranging in severity from critical to important, could allow attackers to execute arbitrary code. However, they all require user interaction and cannot be remotely triggered. Notably, a critical security hole in Apache Struts was also patched.Overall, Microsoft's January 2025 Patch Tuesday highlights the ongoing threat of software vulnerabilities. It emphasizes the importance of staying up-to-date with security patches and implementing appropriate mitigation strategies to protect systems from exploitation
Microsoft Patch Tuesday Hyper-V Vulnerabilities Security Remote Code Execution Privilege Escalation Adobe
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
The Finals Update 5.1.0 Patch Notes: Snowball Blitz ArrivesThe Finals Season 5 continues with update 5.1.0, introducing a new holiday event called Snowball Blitz. This 5v5 TDM mode pits teams against each other in a snowball fight, with eliminations being the only way to earn cash. The update also includes bug fixes and balances, notably disabling the Lockbolt Launcher's ability to latch onto objectives.
Read more »
Stalker 2 Patch 1.1 Fixes A-Life and Addresses Over 1,000 BugsGSC Game World has released a massive 110GB update for Stalker 2: Heart of Chornobyl, finally addressing the broken A-Life system and fixing over 1,000 bugs. The update improves NPC behavior, re-encounters, and diversity.
Read more »
Stalker 2: Patch 1.1 Returns the Soul of The Zone with 1,800+ FixesPatch 1.1 for Stalker 2 is here, bringing over 1,800 fixes, including a major overhaul of the A-Life system. This means NPCs now have a more active and believable presence in The Zone, expanding their territory, attacking enemies, and even being encountered again in the same locations. The patch also addresses various issues with game balance, AI, crashes, and more. While the 110GB download size might take time, the improvements are sure to make Stalker 2 even more immersive.
Read more »
It's far more than a patch of Tarmac, but soon it will be gone foreverKids have played here ‘for generations’
Read more »
Stardew Valley patch fixes swears but you still can't get divorcedJon Bolding is a games writer and critic with an extensive background in strategy games. When he's not on his PC, he can be found playing every tabletop game under the sun.
Read more »
The American Shale Patch Is All About Depletion NowGoehring & Rozencwajg U.S. shale production peaked in late 2023 and is now declining, with geological depletion rather than market dynamics posing the biggest challenge.
Read more »