Security News > 2025 > January > 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update
2025-01-15 05:15
Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344), has not been assigned
News URL
https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html
Related news
- Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity (source)
- Oracle Linux 9 Update 5 brings security updates, OpenJDK 17, .NET 9.0 (source)
- Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls (source)
- Wireshark 4.4.2: Security updates, bug fixes, updated protocol support (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- Zero-day data security (source)
- Microsoft re-releases Exchange updates after fixing mail delivery (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-7344 | Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path. | 0.0 |