Webinar Library
Welcome to my January Patch Tuesday newsletter. We are starting the year off catching up for a slow December last year. Today Microsoft released updates for 159 vulnerabilities and an additional 10 in the past 30 days for a total of 169 patches within the past month. There are a total of 8 zero days; 5 that are public and 3 that are exploited but at this point none that are both:
In addition to these there are another 14 critical updates from this month. 8 of these affect the Windows OS with 3 of the remaining affecting Azure Marketplace SaaS, Defender for Endpoint for Windows and the MS Update Catalog and the final 3 affecting various MS Office products. Be sure to check the chart below for more information. Many of you are familiar with my Security Log Encyclopedia. This past week I published what I am calling the "Windows Event Collection Encyclopedia" over at LOGbinder.com. It outlines WEC and all its moving parts and pieces as well as using WEC with non-AD / Entra-joined machines. Whether you know little about Windows event collection or are an expert, I am sure that you will benefit from it. Happy patching!
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 10, 11
Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations
Critical
CVE-2024-7344 CVE-2025-21189 CVE-2025-21193 CVE-2025-21202 CVE-2025-21207 CVE-2025-21210 CVE-2025-21211 CVE-2025-21213 CVE-2025-21214 CVE-2025-21215 CVE-2025-21217 CVE-2025-21218 CVE-2025-21219 CVE-2025-21220 CVE-2025-21223 CVE-2025-21224 CVE-2025-21225 CVE-2025-21226 CVE-2025-21227 CVE-2025-21228 CVE-2025-21229 CVE-2025-21230 CVE-2025-21231 CVE-2025-21232 CVE-2025-21233 CVE-2025-21234 CVE-2025-21235 CVE-2025-21236 CVE-2025-21237 CVE-2025-21238 CVE-2025-21239 CVE-2025-21240 CVE-2025-21241 CVE-2025-21242 CVE-2025-21243 CVE-2025-21244 CVE-2025-21245 CVE-2025-21246 CVE-2025-21248 CVE-2025-21249 CVE-2025-21250 CVE-2025-21251 CVE-2025-21252 CVE-2025-21255 CVE-2025-21256 CVE-2025-21257 CVE-2025-21258 CVE-2025-21260 CVE-2025-21261 CVE-2025-21263 CVE-2025-21265 CVE-2025-21266 CVE-2025-21268 CVE-2025-21269 CVE-2025-21270 CVE-2025-21271 CVE-2025-21272 CVE-2025-21273 CVE-2025-21274 CVE-2025-21275** CVE-2025-21276 CVE-2025-21277 CVE-2025-21278 CVE-2025-21280 CVE-2025-21281 CVE-2025-21282 CVE-2025-21284 CVE-2025-21285 CVE-2025-21286 CVE-2025-21287 CVE-2025-21288 CVE-2025-21289 CVE-2025-21290 CVE-2025-21291 CVE-2025-21292 CVE-2025-21293 CVE-2025-21294 CVE-2025-21295 CVE-2025-21296 CVE-2025-21297 CVE-2025-21298 CVE-2025-21299 CVE-2025-21300 CVE-2025-21301 CVE-2025-21302 CVE-2025-21303 CVE-2025-21304 CVE-2025-21305 CVE-2025-21306 CVE-2025-21307 CVE-2025-21308** CVE-2025-21309 CVE-2025-21310 CVE-2025-21311 CVE-2025-21312 CVE-2025-21313 CVE-2025-21314 CVE-2025-21315 CVE-2025-21316 CVE-2025-21317 CVE-2025-21318 CVE-2025-21319 CVE-2025-21320 CVE-2025-21321 CVE-2025-21323 CVE-2025-21324 CVE-2025-21326 CVE-2025-21327 CVE-2025-21328 CVE-2025-21329 CVE-2025-21330 CVE-2025-21331 CVE-2025-21332 CVE-2025-21333* CVE-2025-21334* CVE-2025-21335* CVE-2025-21336 CVE-2025-21338 CVE-2025-21339 CVE-2025-21340 CVE-2025-21341 CVE-2025-21343 CVE-2025-21370 CVE-2025-21372 CVE-2025-21374 CVE-2025-21378 CVE-2025-21382 CVE-2025-21389 CVE-2025-21409 CVE-2025-21411 CVE-2025-21413 CVE-2025-21417
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution Security Feature Bypass Spoofing
Edge
Chromium-based
High (Google rating)
CVE-2024-12381 CVE-2024-12382 CVE-2024-12692 CVE-2024-12693 CVE-2024-12694 CVE-2024-12695
Workaround: No Exploited: No Public: No
Type Confusion Use After Free Out of Bounds
Office
365 Apps for Enterprise Access/Excel/Outlook 2016 Office 2016, 2019 LTSC 2021, 2024 including for Mac AutoUpdate /OneNote/Outlook for Mac Office for Android, iOS, Mac and Universal Online Server Purview
CVE-2025-21186** CVE-2025-21338 CVE-2025-21345 CVE-2025-21346 CVE-2025-21354 CVE-2025-21356 CVE-2025-21357 CVE-2025-21360 CVE-2025-21361 CVE-2025-21362 CVE-2025-21363 CVE-2025-21364 CVE-2025-21365 CVE-2025-21366** CVE-2025-21385 CVE-2025-21395** CVE-2025-21402
Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass
SharePoint
Enterprise Server 2016 Server 2019 Server Subscription Edition
Important
CVE-2025-21344 CVE-2025-21348 CVE-2025-21393
Remote Code Execution Spoofing
Azure
Marketplace SaaS On-Premises Data Gateway
CVE-2025-21380 CVE-2025-21403
.NET
8.0/9.0 on Linux, MacOS, Windows 3.5,4.6, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
CVE-2025-21171 CVE-2025-21172 CVE-2025-21173 CVE-2025-21176
Elevation of Privilege Remote Code Execution
Visual Studio
15.0 - 15.9, 16.11, 17.10, 17.12, 17.6, 17.8
CVE-2024-50338 CVE-2025-21171 CVE-2025-21172 CVE-2025-21173 CVE-2025-21176 CVE-2025-21178 CVE-2025-21405
Elevation of Privilege Information Disclosure Remote Code Execution
System Center
Defender for EndPoint for Windows
CVE-2024-49071
Dynamics
Power Automate for Desktop
CVE-2025-21187
Apps
Microsoft Update Catalog
CVE-2024-49147