Patch Tuesday: Microsoft's January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

Patch Tuesday: Microsoft's January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

Briefly

Microsoft's January 2025 security update expanded the list of vulnerable drivers, critical for countering Bring Your Own Vulnerable Driver attacks that exploit kernel drivers, thereby enhancing system security.

TechRepublichttps://www.techrepublic.com/article/microsoft-patch-tuesday-jan-2025/

The January 2025 security update addressed 159 vulnerabilities, including significant issues in Windows Hyper-V NT Kernel, which could allow attackers to gain SYSTEM privileges.

TechRepublichttps://www.techrepublic.com/article/microsoft-patch-tuesday-jan-2025/

Notably, vulnerabilities in Object Linking and Embedding and the NTLMv1 protocol scored 9.8 on the CVSS severity scale, indicating serious risks that have not been exploited publicly.

TechRepublichttps://www.techrepublic.com/article/microsoft-patch-tuesday-jan-2025/

Caution is recommended when applying security patches, as early versions may be unreliable. Testing in controlled environments is essential before full deployment.

TechRepublichttps://www.techrepublic.com/article/microsoft-patch-tuesday-jan-2025/