Microsoft’s January Patch Tuesday: Addressing 157 Bugs including Weaponised Threats and multiple CVSS Scores of 9.8
This month, Microsoft has delivered a whopping release of updates, fixing 157 vulnerabilities in total. Three of these vulnerabilities has been weaponized, and three are carrying a critical CVSS score of 9.8. The update includes 9 critical and 147 important fixes, covering products such as Windows, Windows Components, Hyper-V, Azure, Office, Visual Studio, Bitlocker and Remote Desktop Services.
Robert Brown, Head of Customer Success at Syxsense, underscores the need for strategic prioritization in vulnerability management. He draws attention to the presence of threats that could potentially serve as Jump Points, urging organizations to maintain heightened vigilance. With a combined CVSS score of 1139.7 and an average score of 7.3, this Patch Tuesday is going to give your IT Department an extremely busy start to the year.
Patch Tuesday Recap: Top 3 (ish) Vulnerabilities You Need to Know
As always, Patch Tuesday brings critical updates and security fixes to keep your systems protected. Here’s a breakdown of the most significant issues and why you should prioritize addressing them immediately.
- CVE-2025-21333, CVE-2025-21334 & CVE-2025-21335: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
This vulnerability impacts the Windows Hyper-V NT Kernel Integration VSP, allowing an unauthenticated attacker to potentially elevate privileges and compromise affected systems.
- Severity: Important
- CVSS Score: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Why it matters: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Current exploitability: Critical, due to active exploitation. Systems without the patch are at significant risk.
- CVE-2025-21186, CVE-2025-21366 & CVE-2025-21395: Microsoft Access Remote Code Execution Vulnerability
This vulnerability affects Microsoft Access, specifically allowing an attacker to execute arbitrary code remotely on an affected system. Exploiting this flaw could allow an attacker to take control of the system, potentially leading to further compromise.
- Severity: Important
- CVSS Score: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
Why it matters: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Current exploitability: High, due to this being public aware. Systems without the patch are at significant risk.
- CVE-2025-21275: Windows App Package Installer Elevation of Privilege Vulnerability
This vulnerability exists in the Windows App Package Installer, which handles the installation of applications in Windows. By exploiting this flaw, an attacker can gain elevated privileges and execute arbitrary code with higher system-level permissions, which could allow them to take full control of the system.
- Severity: Important
- CVSS Score: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Why it matters: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Current exploitability: High, due to this being public aware. Systems without the patch are at significant risk.
Final Thoughts
Staying ahead of potential threats requires consistent attention to Patch Tuesday updates. These vulnerabilities illustrate the importance of proactive security measures and timely patching. While some vulnerabilities may seem less likely to be exploited, the risks are too great to ignore—especially when attackers evolve quickly. Make patch management a priority and ensure your team is equipped to respond swiftly to emerging threats. As always, a well-maintained and secure environment is your best defense.
Need help implementing these patches or crafting a broader vulnerability management strategy? Reach out to our team for expert guidance!
| Reference | Description | Vendor Severity | CVSS Score | Public Aware | Weaponised | Additional Information | Countermeasure | Impact | Exploitability Assessment |
| CVE-2025-21333 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | Important | 7.8 | No | Yes | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Detected |
| CVE-2025-21334 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | Important | 7.8 | No | Yes | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Detected |
| CVE-2025-21335 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | Important | 7.8 | No | Yes | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Detected |
| CVE-2025-21186 | Microsoft Access Remote Code Execution Vulnerability | Important | 7.8 | Yes | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21275 | Windows App Package Installer Elevation of Privilege Vulnerability | Important | 7.8 | Yes | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21366 | Microsoft Access Remote Code Execution Vulnerability | Important | 7.8 | Yes | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21395 | Microsoft Access Remote Code Execution Vulnerability | Important | 7.8 | Yes | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21308 | Windows Themes Spoofing Vulnerability | Important | 6.5 | Yes | No | Systems that have disabled NTLM are not affected. | Spoofing | Exploitation Less Likely | |
| CVE-2025-21298 | Windows OLE Remote Code Execution Vulnerability | Critical | 9.8 | No | No | In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim’s Outlook application displaying a preview of a specially crafted email . This could result in the attacker executing remote code on the victim’s machine. | Use Microsoft Outlook to reduce the risk of users opening RTF Files from unknown or untrusted sources | Remote Code Execution | Exploitation More Likely |
| CVE-2025-21307 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | Critical | 9.8 | No | No | An unauthenticated attacker could exploit the vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server, without any interaction from the user. | This vulnerability is only exploitable only if there is a program listening on a Pragmatic General Multicast (PGM) port. If PGM is installed or enabled but no programs are actively listening as a receiver, then this vulnerability is not exploitable. | Remote Code Execution | Exploitation Less Likely |
| CVE-2025-21311 | Windows NTLM V1 Elevation of Privilege Vulnerability | Critical | 9.8 | No | No | The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component. | Set the LmCompatabilityLvl to its maximum value (5) for all machines. This will prevent the usage of the older NTLMv1 protocol, while still allowing NTLMv2. Please see Network security: LAN Manager authentication level for more information. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21385 | Microsoft Purview Information Disclosure Vulnerability | Critical | 8.8 | No | No | No | Information Disclosure | N/A | |
| CVE-2025-21176 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21178 | Visual Studio Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21223 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21233 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21236 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21237 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21238 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21239 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21240 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21241 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21243 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21244 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21245 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21246 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21248 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21250 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21252 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21266 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21273 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21282 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21286 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21291 | Windows Direct Show Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21292 | Windows Search Service Elevation of Privilege Vulnerability | Important | 8.8 | No | No | Scope = Changed, Jump Point = True An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities. |
No | Elevation of Privilege | Exploitation More Likely |
| CVE-2025-21293 | Active Directory Domain Services Elevation of Privilege Vulnerability | Important | 8.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21302 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21303 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21305 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21306 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21339 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21409 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21411 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21413 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21417 | Windows Telephony Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21294 | Microsoft Digest Authentication Remote Code Execution Vulnerability | Critical | 8.1 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21295 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | Critical | 8.1 | No | No | An attacker who successful exploited this vulnerability could achieve remote code execution without user interaction. | No | Remote Code Execution | Exploitation Less Likely |
| CVE-2025-21297 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical | 8.1 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21309 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical | 8.1 | No | No | No | Remote Code Execution | Exploitation More Likely | |
| CVE-2025-21171 | .NET Remote Code Execution Vulnerability | Important | 8.1 | No | No | This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim’s system. | No | Remote Code Execution | Exploitation Less Likely |
| CVE-2025-21224 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | Important | 8.1 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21173 | .NET Elevation of Privilege Vulnerability | Important | 8.0 | No | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2025-21187 | Microsoft Power Automate Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21234 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2025-21235 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2025-21271 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21281 | Microsoft COM for Windows Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21287 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21304 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process. This could lead to further system compromise and unauthorized actions within the network. |
No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21315 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Scope = Changed, Jump Point = True In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code at a higher integrity level than that of the AppContainer execution environment. |
No | Elevation of Privilege | Exploitation More Likely |
| CVE-2025-21326 | Internet Explorer Remote Code Execution Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. | No | Remote Code Execution | Exploitation Less Likely |
| CVE-2025-21338 | GDI+ Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21344 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21345 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21354 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | The Preview Pane is an attack vector. | No | Remote Code Execution | Exploitation More Likely |
| CVE-2025-21356 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21360 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2025-21361 | Microsoft Outlook Remote Code Execution Vulnerability | Important | 7.8 | No | No | The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not. | No | Remote Code Execution | Exploitation Less Likely |
| CVE-2025-21362 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | The Preview Pane is an attack vector. | No | Remote Code Execution | Exploitation More Likely |
| CVE-2025-21363 | Microsoft Word Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21364 | Microsoft Excel Security Feature Bypass Vulnerability | Important | 7.8 | No | No | No | Security Feature Bypass | Exploitation More Likely | |
| CVE-2025-21365 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Remote Code Execution | Exploitation More Likely | |
| CVE-2025-21370 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2025-21372 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Scope = Changed, Jump Point = True In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. |
No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21378 | Windows CSC Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21382 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21296 | BranchCache Remote Code Execution Vulnerability | Critical | 7.5 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability | Important | 7.5 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21207 | Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21218 | Windows Kerberos Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21220 | Microsoft Message Queuing Information Disclosure Vulnerability | Important | 7.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | No | Information Disclosure | Exploitation Less Likely |
| CVE-2025-21230 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21231 | IP Helper Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21251 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21270 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21276 | Windows MapUrlToZone Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21277 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21285 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21289 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21290 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21300 | Windows upnphost.dll Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21330 | Windows Remote Desktop Services Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21343 | Windows Web Threat Defense User Service Information Disclosure Vulnerability | Important | 7.5 | No | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2025-21389 | Windows upnphost.dll Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21331 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.3 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21405 | Visual Studio Elevation of Privilege Vulnerability | Important | 7.3 | No | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2025-21348 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21299 | Windows Kerberos Security Feature Bypass Vulnerability | Important | 7.1 | No | No | An attacker who successfully exploited this vulnerability could bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. | No | Security Feature Bypass | Exploitation More Likely |
| CVE-2025-21346 | Microsoft Office Security Feature Bypass Vulnerability | Important | 7.1 | No | No | No | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2025-21211 | Secure Boot Security Feature Bypass Vulnerability | Important | 6.8 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | No | Security Feature Bypass | Exploitation Less Likely |
| CVE-2025-21357 | Microsoft Outlook Remote Code Execution Vulnerability | Important | 6.7 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21226 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21227 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21228 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21229 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21232 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21249 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21255 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21256 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21258 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21260 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21261 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21263 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21265 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21310 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21324 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2025-21327 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21341 | Windows Digital Media Elevation of Privilege Vulnerability | Important | 6.6 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Elevation of Privilege | Exploitation Less Likely |
| CVE-2025-21193 | Active Directory Federation Server Spoofing Vulnerability | Important | 6.5 | No | No | No | Spoofing | Exploitation Less Likely | |
| CVE-2025-21217 | Windows NTLM Spoofing Vulnerability | Important | 6.5 | No | No | No | Spoofing | Exploitation Less Likely | |
| CVE-2025-21272 | Windows COM Server Information Disclosure Vulnerability | Important | 6.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | No | Information Disclosure | Exploitation Less Likely |
| CVE-2025-21288 | Windows COM Server Information Disclosure Vulnerability | Important | 6.5 | No | No | Scope = Changed, Jump Point = True In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. |
No | Information Disclosure | Exploitation Less Likely |
| CVE-2025-21301 | Windows Geolocation Service Information Disclosure Vulnerability | Important | 6.5 | No | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2025-21313 | Windows Security Account Manager (SAM) Denial of Service Vulnerability | Important | 6.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21314 | Windows SmartScreen Spoofing Vulnerability | Important | 6.5 | No | No | No | Spoofing | Exploitation More Likely | |
| CVE-2025-21402 | Microsoft Office OneNote Remote Code Execution Vulnerability | Important | 6.4 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2025-21393 | Microsoft SharePoint Server Spoofing Vulnerability | Important | 6.3 | No | No | No | Spoofing | Exploitation Less Likely | |
| CVE-2025-21278 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Important | 6.2 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21202 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | Important | 6.1 | No | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2025-21225 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Important | 5.9 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21242 | Windows Kerberos Information Disclosure Vulnerability | Important | 5.9 | No | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2025-21336 | Windows Cryptographic Information Disclosure Vulnerability | Important | 5.6 | No | No | Scope = Changed, Jump Point = True An attacker who successfully exploited this vulnerability could potentially execute a cross-VM attack, thereby compromising multiple virtual machines and expanding the impact of the attack beyond the initially targeted VM. |
No | Information Disclosure | Exploitation Less Likely |
| CVE-2025-21257 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability | Important | 5.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | No | Information Disclosure | Exploitation Less Likely |
| CVE-2025-21274 | Windows Event Tracing Denial of Service Vulnerability | Important | 5.5 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Denial of Service | Exploitation Less Likely |
| CVE-2025-21280 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability | Important | 5.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21284 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability | Important | 5.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2025-21316 | Windows Kernel Memory Information Disclosure Vulnerability | Important | 5.5 | No | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2025-21317 | Windows Kernel Memory Information Disclosure Vulnerability | Important | 5.5 | No | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2025-21318 | Windows Kernel Memory Information Disclosure Vulnerability | Important | 5.5 | No | No | Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. | No | Information Disclosure | Exploitation Less Likely |
| CVE-2025-21319 | Windows Kernel Memory Information Disclosure Vulnerability | Important | 5.5 | No | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2025-21320 | Windows Kernel Memory Information Disclosure Vulnerability | Important | 5.5 | No | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2025-21321 | Windows Kernel Memory Information Disclosure Vulnerability | Important | 5.5 | No | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2025-21323 | Windows Kernel Memory Information Disclosure Vulnerability | Important | 5.5 | No | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2025-21340 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | Important | 5.5 | No | No | No | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2025-21374 | Windows CSC Service Information Disclosure Vulnerability | Important | 5.5 | No | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2025-21213 | Secure Boot Security Feature Bypass Vulnerability | Important | 4.6 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | No | Security Feature Bypass | Exploitation Less Likely |
| CVE-2025-21215 | Secure Boot Security Feature Bypass Vulnerability | Important | 4.6 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | No | Security Feature Bypass | Exploitation Less Likely |
| CVE-2025-21189 | MapUrlToZone Security Feature Bypass Vulnerability | Important | 4.3 | No | No | No | Security Feature Bypass | Exploitation More Likely | |
| CVE-2025-21219 | MapUrlToZone Security Feature Bypass Vulnerability | Important | 4.3 | No | No | An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. | No | Security Feature Bypass | Exploitation More Likely |
| CVE-2025-21268 | MapUrlToZone Security Feature Bypass Vulnerability | Important | 4.3 | No | No | No | Security Feature Bypass | Exploitation More Likely | |
| CVE-2025-21269 | Windows HTML Platforms Security Feature Bypass Vulnerability | Important | 4.3 | No | No | No | Security Feature Bypass | Exploitation More Likely | |
| CVE-2025-21328 | MapUrlToZone Security Feature Bypass Vulnerability | Important | 4.3 | No | No | No | Security Feature Bypass | Exploitation More Likely | |
| CVE-2025-21329 | MapUrlToZone Security Feature Bypass Vulnerability | Important | 4.3 | No | No | An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. | No | Security Feature Bypass | Exploitation More Likely |
| CVE-2025-21332 | MapUrlToZone Security Feature Bypass Vulnerability | None | 4.3 | No | No | No | Not a Vulnerability | Exploitation Less Likely | |
| CVE-2025-21210 | Windows BitLocker Information Disclosure Vulnerability | Important | 4.2 | No | No | Exploiting this vulnerability could allow the disclosure of unencrypted hibernation images in cleartext. | No | Information Disclosure | Exploitation More Likely |
| CVE-2025-21214 | Windows BitLocker Information Disclosure Vulnerability | Important | 4.2 | No | No | The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Bitlocker Key. | No | Information Disclosure | Exploitation Less Likely |
| CVE-2025-21312 | Windows Smart Card Reader Information Disclosure Vulnerability | Important | 2.4 | No | No | No | Information Disclosure | Exploitation Less Likely |
