Microsoft’s Patch Fixes Over 150 Security Vulnerabilities

Business owners relying on Microsoft products will be happy to hear that January’s Patch Tuesday update has been the most extensive in recent years!

With the patch, Microsoft has fixed some 159 security vulnerabilities, including those that cropped up in Windows, Office, and Edge (Microsoft’s internet browser).

What is significant about this patch is that it’s more than twice the typical number of flaws fixed in a single month! And after a couple of bumps in the latest Windows updates, all these fixes will calm more than a few minds.

What Is Patch Tuesday?

For those unfamiliar, Patch Tuesday is Microsoft’s regular monthly release of security updates and bug fixes.

It usually happens on the second Tuesday of every month, and it is design to provide updates to keep users and businesses secure.

Usually the event doesn’t make the news, but the sheer scale of January’s release, has surprised many in the industry, and for all the right reasons, as certain vulnerabilities have started causing security breaches.

Vulnerabilities Being Exploited

A huge portion of the fixes, 132 to be exact, specifically focus on the vulnerabilities in Windows 10, Windows 11, and Windows Server.

Rather alarmingly, it has been reported that 3 of these vulnerabilities were already being actively exploited by attackers.

The most concerning of these vulnerabilities are the Hyper-V’s which include CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335.

These flaws have allowed savvy attackers to execute code from a guest system, accessing full system privileges on the host. Businesses using Hyper-V virtualisation are being urged to prioritise this update to avoid being attacked.

Remote Desktop Services were also targeted; CVE-2025-21297 and CVE-2025-21309 have posed a serious risk by allowing attackers to execute remote code without having user login.

Although the exploitation requires precise timing, hackers are adept at finding ways to succeed, which again should just serve as motivation for users to update with the latest patch as soon as possible.

And What About Microsoft Office and Edge?

Microsoft Office has also recently seen its fair share of vulnerabilities, with about 20 addressed with the latest patch for products such as Word, Excel, Outlook, OneNote, Visio, and SharePoint Server.

Of particular concern are 3 zero-day vulnerabilities in Access, which could allow remote code execution (RCE) if exploited.

Edge, Microsoft’s Chromium-based browser, also received a security update.

While we are on the subject of updates, businesses should note that Google has released a new version of Chrome to fix several high-risk vulnerabilities, so it’s worth updating both browsers if your organisation uses them.

Older Windows Versions Are Already Being Left Behind

While the updates span current operating systems, older versions like Windows 7 and 8.1 are officially no longer receiving regular support.

Businesses still relying on these legacy systems are particularly vulnerable to attack and should strongly consider upgrading to Windows 10 or 11 to stay protected.

The Next Patch Tuesday

The next Patch Tuesday falls on 11 February 2025.

In the meantime, you should spend some time making sure that your systems are up to date and it certainly won’t hurt to review your cybersecurity practices, especially as attackers are becoming extremely sophisticated.

* Need the help of an expert IT company? At 24/7 IT Services, we offer our UK-based clients an array of IT solutions including Managed IT Support, IT Security Services, IT Infrastructure, and more. Contact us today for a consultation.

More To Explore

want us to call you back?

We would love to do that. Please fill in the form below and we will contact you shortly.

Thank you for signing up

Again, we promise to not send any spam emails. It is not our style.

Download Our Brochure

We offer competitive and flexible IT support packages centred on what works for you and your business.

We promise to not send any spam emails. You can unsubscribe at any time.