- Microsoft fixes 161 vulnerabilities in its first Patch Tuesday of 2025, including three actively exploited zero-days.
- Critical failures are related to the system Windows Hyper-V and may allow privilege escalation.
- CISA urges patching by February 4 to mitigate further risks.
- Additionally, vulnerabilities in products such as Microsoft Edge, making this launch the largest since 2017.
As 2025 begins, Microsoft has unveiled its first Patch Tuesday of the annual update cycle. This event, already known for being key in the management of computer security, has once again demonstrated the importance of keeping up to date with the latest fixes. Microsoft has addressed a total of 161 vulnerabilities present in multiple products, some of them classified as critical due to their potential impact.
This release is notable for including the fix for three zero-day vulnerabilities that were already being actively exploited.. These flaws, listed as CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335, earned a severity score of 7.8 on the CVSS scale, making them among the most critical in this update series. According to Microsoft, these flaws affect the NT integration core of the Windows Hyper-V system, which could allow an attacker to escalate privileges and gain full access to affected systems.
The severity of zero-day vulnerabilities
Zero-day vulnerabilities represent a constant threat in the world of ciberseguridad, especially when they have already begun to be actively exploitedIn this case, Microsoft has not provided specific details about the attackers responsible or the affected victims, although it stressed that these flaws are primarily used in the privilege escalation phase of a broader attack. This indicates that in many cases, the targeted systems would have already been compromised through other prior methods.
The Cybersecurity and Infrastructure Security Agency (CISA) has also taken action on the matter., adding these vulnerabilities to the catalog of known exploitable vulnerabilities (KEV). This move seeks to alert both government agencies and end users about the urgent need to apply these updates. The deadline set by CISA to implement the patches in federal organizations is February 4.
An unprecedented launch since 2017
In addition to the three zero-day vulnerabilities, Microsoft has also fixed 11 additional flaws classified as critical.These include issues related to remote code execution and unauthorized access that could have been used to compromise sensitive data or disrupt critical operations on enterprise systems.
The rest of the vulnerabilities, a total of 149, were classified as important.. While not as serious as the previous ones, these flaws still pose a considerable risk if not addressed correctly. According to Zero Day Initiative, a renowned player in the cybersecurity field, this first Patch Tuesday of 2025 marks Microsoft's largest update event since 2017.
On the other hand, in a separate update, seven vulnerabilities in the Microsoft Edge browser were also fixed.These flaws, although minor in comparison, should not be underestimated, as they affect millions of users who use this browser on a daily basis.
The importance of implementing updates
Organizations and individual users are being urged to act quickly to ensure that systems remain protected against potential threats. Updates are now available for download through the usual Microsoft channels, including Windows Update and centralized management systems.
In a rapidly evolving technological environment, software vulnerabilities have become a common target for cybercriminals. Security patches such as those distributed on Patch Tuesday therefore play a fundamental role in preserving the integrity of systems, avoiding operational interruptions, data loss or reputational damage.
This first Patch Tuesday of 2025 not only marks a milestone in terms of the number of fixes, but also underscores Microsoft’s commitment to staying at the forefront in the fight against cyber threats.
Passionate writer about the world of bytes and technology in general. I love sharing my knowledge through writing, and that's what I'll do on this blog, show you all the most interesting things about gadgets, software, hardware, tech trends, and more. My goal is to help you navigate the digital world in a simple and entertaining way.