Microsoft fixes 159 vulnerabilities in first Patch Tuesday of 2025  – CyberScoop

In its latest security update, Microsoft has addressed a total of 159 vulnerabilities, covering a broad spectrum of the tech giant’s products, including .NET, Visual Studio, Microsoft Excel, Windows components, and Azure services. 

The update covers several critical and high-severity flaws across various systems, impacting Windows Telephony Services, Active Directory Domain Services, Microsoft Excel and other key Microsoft services.

There were three vulnerabilities that scored a 9.8/10 on the CVSS scale, the highest scores of vulnerabilities released this month. One flaw impacted Windows Object Linking and Embedding (OLE) which allows users to create complex documents, like a RTF file, that contain multimedia content from different applications. The vulnerability, tracked as CVE-2025-21298, allows for remote code execution. While Microsoft has not seen this vulnerability being exploited in the wild, the company believes that malicious actors could take advantage of the flaw by sending a specially made email to victims using a vulnerable version of Microsoft Outlook, even if Outlook just shows a preview of a weaponized message. This might let the hacker run remote code on the victim’s computer.

Another remote code execution flaw, cataloged as CVE-2025-21307, affects Windows Reliable Multicast Transport Driver (RMCAST), networking technology that supports reliable data transmission over multicast networks. This vulnerability can only be exploited if there is an application actively listening on a port for Pragmatic General Multicast (PGM), which is a  protocol that is used to ensure efficient delivery of data packets from a sender to multiple receivers on a particular network. An unauthenticated attacker could potentially send specially crafted packets to an open PGM socket on a Windows server, which does not require any user interaction.  

However, the company says further conditions may make it harder for actors to exploit the flaw: If PGM is installed or enabled but no applications are using it to listen, the vulnerability cannot be exploited. Since PGM does not authenticate requests, it’s advisable to protect any open PGM ports using network-level security measures, such as a firewall. 

This vulnerability affects a wide range of Microsoft products, including Windows 10 versions starting from 1507 to 22H2, Windows 11 versions 22H2 to 24H2, and various Windows Server editions from 2008 up to 2025.

The third vulnerability scoring 9.8, CVE-2025-21311, is a privilege escalation vulnerability in Windows NT LAN Manager, a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users, particularly with regard to passwords. The critical nature of this vulnerability stems from its ability to be exploited remotely, allowing attackers to access compromised machines over the internet. Additionally, this exploitation requires minimal technical expertise, enabling attackers to repeatedly use the same attack method across any vulnerable system with ease. 

Aside from the patch, Microsoft also recommends a mitigation strategy, setting the LAN Manager’s LmCompatabilityLvl to its maximum value (5) for all machines. This will prevent the usage of the older NTLMv1 protocol, while still allowing NTLMv2.

Among other vulnerabilities, there are three within Microsoft Excel that could lead to easy exploitation. Catalogued as CVE-2025-21354, CVE-2025-21362, and CVE-2025-21364, Microsoft categorized the flaws as “more likely” to be exploited. 

CVE-2025-21362 involves remote code execution due to a use-after-free issue, which is when a program incorrectly handles memory while processing certain parts of a file. This flaw can let attackers run harmful code on a computer by creating a dangerous Excel file with specific features that activate the vulnerability. Even just previewing this file is enough to trigger the problem, since Excel reads part of the file to show its contents. When the memory is mishandled, the attacker can exploit it to run any code they want within Excel. Although the vulnerability seems to be described as local, meaning the issue happens on the victim’s computer, attackers can send the dangerous file remotely via methods like email or unsafe websites.

CVE-2025-21354 is caused by a problem known as “Untrusted Pointer Dereference,” which can lead to remote code execution. This issue happens when Excel does not properly check and handle pointer references (a memory issue in the programming language) while working with certain parts of a file. An attacker can create a harmful Excel file with specific “pointers” to control memory access when Excel reads the file. This can allow the attacker to run any code they want within the Excel process. One of the critical aspects of this vulnerability is that it can be triggered even if the file is only viewed in the Preview Pane because, like the vulnerability described in the previous paragraph, Excel processes part of the file to generate a preview, activating the vulnerability without fully opening the file.

“The worry for these vulnerabilities in Excel is that they are more likely to be exploited in the wild, meaning Microsoft likely suspects they can be weaponized by attackers,” Ben McCarthy, lead cybersecurity engineer with Immersive Labs, told CyberScoop via email. “With social engineering still being one the main ways for attackers to gain initial access, any vulnerabilities in Excel need to be taken seriously by any company that uses it and patch it immediately.”

You can see the full list of vulnerabilities in Microsoft’s Security Response Center. 

The post Microsoft fixes 159 vulnerabilities in first Patch Tuesday of 2025 appeared first on CyberScoop.

  –

Read More  – CyberScoop