Security News > 2025 > January > 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update
2025-01-15 05:15
Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344), has not been assigned
News URL
https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html
Related news
- Microsoft: January Windows security updates break audio playback (source)
- Microsoft shares workaround for Windows security update issues (source)
- Windows 11 installation media bug causes security update failures (source)
- Microsoft issues urgent dev warning to update .NET installer link (source)
- Windows 11 Media Update Bug Stops Security Updates (source)
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-7344 | Improper Verification of Cryptographic Signature vulnerability in multiple products Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path. | 8.2 |