Microsoft Unleashes a Security Sweep: 159 Vulnerabilities Addressed in January 2025 Patch Tuesday!

In its most recent security update, Microsoft has tackled a total of 159 vulnerabilities, addressing a wide range of the tech leader’s products, including .NET, Visual Studio, Microsoft Excel, components of Windows, and Azure services. 

The update addresses numerous critical and severe flaws across diverse systems, affecting Windows Telephony Services, Active Directory Domain Services, Microsoft Excel, and several other essential Microsoft services.

Among the vulnerabilities, three received a score of 9.8/10 on the CVSS scale, marking them as the most severe flaws disclosed this month. One vulnerability affected Windows Object Linking and Embedding (OLE), which enables users to produce complex documents, such as an RTF file, that contains multimedia elements from various applications. The flaw, tracked as CVE-2025-21298, permits remote code execution. Although Microsoft has yet to observe this vulnerability being exploited in the wild, the firm suspects that malicious individuals could leverage the flaw by sending a specially crafted email to victims utilizing a vulnerable edition of Microsoft Outlook, even if Outlook merely presents a preview of the manipulated message. This could enable the attacker to execute remote code on the victim’s device.

Another remote code execution flaw, logged as CVE-2025-21307, influences the Windows Reliable Multicast Transport Driver (RMCAST), a networking technology that facilitates dependable data transmission over multicast networks. This vulnerability can only be exploited if there is an application actively monitoring a port for Pragmatic General Multicast (PGM), which is a protocol utilized to ensure effective delivery of data packets from a sender to several receivers on a specific network. An unauthenticated intruder could feasibly send specially crafted packets to an open PGM socket on a Windows server, which does not require user participation.  

However, the company indicates that further prerequisites may complicate exploitation of the flaw: If PGM is installed or enabled but no applications are utilizing it to listen, the vulnerability cannot be leveraged. Since PGM does not validate requests, it is recommended to secure any open PGM ports using network-level protection methods, such as a firewall. 

This vulnerability impacts an extensive array of Microsoft products, including Windows 10 versions from 1507 to 22H2, Windows 11 versions 22H2 to 24H2, and several editions of Windows Server from 2008 up to 2025.

The third vulnerability rated 9.8, CVE-2025-21311, is a privilege escalation vulnerability within Windows NT LAN Manager, a collection of Microsoft security protocols aimed at providing authentication, integrity, and confidentiality for users, particularly concerning passwords. The criticality of this vulnerability is derived from its capability to be exploited remotely, permitting attackers to access compromised systems via the internet. Additionally, exploiting this flaw necessitates minimal technical skill, allowing attackers to repeatedly utilize the same attack tactic across any vulnerable system with ease. 

In addition to the patch, Microsoft suggests a mitigation approach, adjusting the LAN Manager’s LmCompatabilityLvl to its maximal value (5) for all machines. This action will inhibit the use of the older NTLMv1 protocol while still permitting NTLMv2.

Among other vulnerabilities, three within Microsoft Excel could result in straightforward exploitation. Logged as CVE-2025-21354, CVE-2025-21362, and CVE-2025-21364, Microsoft classified these flaws as “more probable” to be exploited. 

CVE-2025-21362 entails remote code execution resulting from a use-after-free problem, which occurs when a program improperly manages memory while handling specific parts of a file. This flaw can allow attackers to execute malicious code on a device by crafting a dangerous Excel file with particular characteristics that trigger the vulnerability. Merely previewing this file is sufficient to activate the issue, as Excel reads part of the file to display its contents. If the memory is mishandled, the attacker can exploit it to run arbitrary code within Excel. Although the vulnerability appears to be labeled as local, indicating that the problem happens on the victim’s machine, attackers may send the malicious file remotely via means such as email or unsafe websites.

CVE-2025-21354 results from a situation known as “Untrusted Pointer Dereference,” which could allow for remote code execution. This problem arises when Excel inadequately checks and manages pointer references (a memory issue in programming languages) while interacting with certain sections of a file. An attacker can design a harmful Excel file with unique “pointers” to manipulate memory access when Excel reads the file. This allows the attacker to run any code they desire within the Excel process. A critical aspect of this vulnerability is that it can be triggered even when the file is merely viewed in the Preview Pane because, similar to the aforementioned vulnerability, Excel processes part of the file to generate a preview, activating the vulnerability without fully opening the document.

“The concern regarding these vulnerabilities in Excel is that they are more likely to be exploited in the wild, suggesting that Microsoft likely believes they can be weaponized by attackers,” Ben McCarthy, lead cybersecurity engineer at Immersive Labs, conveyed to CyberScoop via email. “With social engineering remaining one of the primary methods for attackers to gain initial access, any vulnerabilities in Excel warrant serious attention from companies using it, necessitating immediate remediation.”

The comprehensive list of vulnerabilities can be viewed in Microsoft’s Security Response Center.