Security News > 2025 > January > 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update
2025-01-15 05:15
Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344), has not been assigned
News URL
https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html
Related news
- Microsoft shares workaround for Windows security update issues (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Microsoft script updates bootable media for BlackLotus bootkit fixes (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Microsoft Edge update adds AI-powered Scareware Blocker (source)
- Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-7344 | Improper Verification of Cryptographic Signature vulnerability in multiple products Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path. | 8.2 |