January 2025 Microsoft Vulnerabilities (CVEs) You Need to Know About

For all users of Windows, Excel or Microsoft products, staying informed about the latest vulnerabilities is crucial to protect their systems and data.

Vulnerabilities are classified  by the CVE vulnerabilities database. Mr.Benny aims to enrich it with DataCare+ tags, providing deeper context and practical recommendations. This ensures you’re not just aware of vulnerabilities but also understand the specific actions needed to address them.

Below is a curated list of recent Vulnerabilities and Exposures (CVEs) for Windows and Microsoft services, identified in January 2025, along with brief descriptions and references for each. Remember, keep your Windows and Excel updated. 

Legend:

RCE = Remote code execution
EoP = Escalation of privileges

1. Windows OLE Remote Code Execution Vulnerability (CVE-2025-21298) 

Critical security vulnerability identified in Windows Object Linking and Embedding (OLE), a technology that allows embedding and linking to documents. CVSS score of 9.8 indicates high severity. It affects multiple versions of Windows, including Windows 10 and Windows Server editions.
CVE-2025-21298 is a remote code execution vulnerability within the UtOlePresStmToContentsStm function in ole32.dll. An attacker can exploit this flaw by sending a specially crafted email containing a malicious RTF attachment. When the victim opens or previews the email in Microsoft Outlook, the vulnerability is triggered, allowing the attacker to execute arbitrary code on the affected system without user interaction.

Solution

Microsoft has released security updates to address this vulnerability. Users and administrators are strongly advised to apply the latest patches provided by Microsoft to mitigate potential risks. Additionally, as a precautionary measure, configuring Outlook to read all standard mail in plain text format can help prevent exploitation

2. Windows Reliable Multicast Transport Driver Remote Code Execution Vulnerability (CVE-2025-21307)

Critical security vulnerability in the Windows Reliable Multicast Transport Driver (RMCAST), which is responsible for implementing reliable multicast communication using the Pragmatic General Multicast (PGM) protocol. The vulnerability has a CVSS score of 9.8, indicating high severity. An unauthenticated, remote attacker can exploit this flaw by sending specially crafted packets to a Windows PGM open socket, leading to arbitrary code execution on the affected system. Successful exploitation requires a program that actively listens to a PGM port. (nvd.nist.gov)

Solution

Microsoft has released security updates to address this vulnerability. Users and administrators are strongly advised to apply the latest patches provided by Microsoft to mitigate potential risks. Additionally, as a precautionary measure, disabling the MSMQ service, if it is running and not required, can help prevent exploitation.(blog.qualys.com)

3. Windows NTLMv1 Elevation of Privilege Vulnerability (CVE-2025-21311)

Critical elevation of privilege vulnerability affecting Windows NTLMv1 (NT LAN Manager version 1 - authentication protocol used primarily for network authentication on Windows-based systems). An unauthenticated, remote attacker can exploit this flaw by sending specially crafted authentication requests, leading to full system compromise. The vulnerability has a CVSS score of 9.8, indicating high severity.
crowdstrike.com

Solution

Microsoft has released security updates to address this vulnerability. Users and administrators are strongly advised to apply the latest patches provided by Microsoft to mitigate potential risks. The updates are available through the Microsoft Security Update Guide.
msrc.microsoft.com

4. Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerabilities (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)

In January 2025, multiple elevation of privilege vulnerabilities were identified in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP). These vulnerabilities, tracked as CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335, could allow an authenticated attacker to execute arbitrary code with elevated privileges on the host system. The vulnerabilities have a CVSS score of 7.8, indicating high severity.
msrc.microsoft.com

Solution

Solution: Microsoft has released security updates to address this vulnerability. Users and administrators are strongly advised to apply the latest patches provided by Microsoft to mitigate potential risks. The updates are available through the Microsoft Security Update Guide.
msrc.microsoft.com

5. Microsoft Excel Remote Code Execution Vulnerabilities (CVE-2025-21354 and CVE-2025-21362)

In January 2025, two critical remote code execution vulnerabilities were identified in Microsoft Excel:

• CVE-2025-21354: This vulnerability arises from an untrusted pointer dereference issue. An attacker can exploit this flaw by convincing a user to open or preview a specially crafted Excel file, leading to arbitrary code execution with the same privileges as the user.
• CVE-2025-21362: This vulnerability is due to a use-after-free condition in Excel. An attacker can exploit this flaw by convincing a user to open or preview a malicious Excel file, resulting in arbitrary code execution.

Both vulnerabilities have been assigned a CVSS score of 8.4, indicating high severity. Exploitation can occur through the Preview Pane, as Excel processes part of the file to generate a preview, triggering the vulnerability without fully opening the file.

Solution

Microsoft has released security updates to address these vulnerabilities. Users and administrators are strongly advised to apply the latest patches provided by Microsoft to mitigate potential risks. The updates are available through the Microsoft Security Update Guide.

6. Windows Remote Desktop Services Remote Code Execution Vulnerability (CVE-2025-21309)

CVE-2025-21309 is a critical security vulnerability identified in Windows Remote Desktop Services. An unauthenticated, remote attacker can exploit this flaw by sending specially crafted requests to a target system's Remote Desktop Service, leading to remote code execution. This vulnerability has been assigned a CVSS score of 8.1, indicating high severity.

Solution

Microsoft has released security updates to address this vulnerability. Users and administrators are strongly advised to apply the latest patches provided by Microsoft to mitigate potential risks. The updates are available through the Microsoft Security Update Guide.

7. Microsoft Digest Authentication Remote Code Execution Vulnerability (CVE-2025-21294)

CVE-2025-21294 is a critical security vulnerability in Microsoft's Digest Authentication mechanism. An unauthenticated, remote attacker can exploit this flaw by sending specially crafted requests to a target system utilizing Digest Authentication, leading to remote code execution. This vulnerability has been assigned a CVSS score of 8.1, indicating high severity.

Solution

Microsoft has released security updates to address this vulnerability. Users and administrators are strongly advised to apply the latest patches provided by Microsoft to mitigate potential risks. The updates are available through the Microsoft Security Update Guide.

Staying on top of these Microsoft vulnerabilities is no easy feat, but it's crucial for maintaining a robust security posture. That's where Mr.Benny comes in.

Our smart assistant automates vulnerability scanning, prioritizes CVEs based on your specific environment, and provides actionable remediation guidance. Don't let these Microsoft vulnerabilities catch you off guard. Try Mr.Benny today and experience the power of proactive security management.