Login
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.
Rapid7‘s Adam Barnett says January marks the fourth consecutive month where Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them as critical severity at time of publication. Today also saw the publication of nine critical remote code execution (RCE) vulnerabilities.
The Microsoft flaws already seeing active attacks include CVE-2025-21333, CVE-2025-21334 and, you guessed it– CVE-2025-21335. These are sequential because all reside in Windows Hyper-V, a component that is heavily embedded in modern Windows 11 operating systems and used for security features including device guard and credential guard.
Tenable’s Satnam Narang says little is known about the in-the-wild exploitation of these flaws, apart from the fact that they are all “privilege escalation” vulnerabilities. Narang said we tend to see a lot of elevation of privilege bugs exploited in the wild as zero-days in Patch Tuesday because it’s not always initial access to a system that’s a challenge for attackers as they have various avenues in their pursuit.
“As elevation of privilege bugs, they’re being used as part of post-compromise activity, where an attacker has already accessed a target system,” he said. “It’s kind of like if an attacker is able to enter a secure building, they’re unable to access more secure parts of the facility because they have to prove that they have clearance. In this case, they’re able to trick the system into believing they should have clearance.”
Several bugs addressed today earned CVSS (threat rating) scores of 9.8 out of a possible 10, including CVE-2025-21298, a weakness in Windows that could allow attackers to run arbitrary code by getting a target to open a malicious .rtf file, documents typically opened on Office applications like Microsoft Word. Microsoft has rated this flaw “exploitation more likely.”
Ben Hopkins at Immersive Labs called attention to the CVE-2025-21311, a 9.8 “critical” bug in Windows NTLMv1 (NT LAN Manager version 1), an older Microsoft authentication protocol that is still used by many organizations.
“What makes this vulnerability so impactful is the fact that it is remotely exploitable, so attackers can reach the compromised machine(s) over the internet, and the attacker does not need significant knowledge or skills to achieve repeatable success with the same payload across any vulnerable component,” Hopkins wrote.
Kev Breen at Immersive points to an interesting flaw (CVE-2025-21210) that Microsoft fixed in its full disk encryption suite Bitlocker that the software giant has dubbed “exploitation more likely.” Specifically, this bug holds out the possibility that in some situations the hibernation image created when one closes the laptop lid on an open Windows session may not be fully encrypted and could be recovered in plain text.
“Hibernation images are used when a laptop goes to sleep and contains the contents that were stored in RAM at the moment the device powered down,” Breen noted. “This presents a significant potential impact as RAM can contain sensitive data (such as passwords, credentials and PII) that may have been in open documents or browser sessions and can all be recovered with free tools from hibernation files.”
Tenable’s Narang also highlighted a trio of vulnerabilities in Microsoft Access fixed this month and credited to Unpatched.ai, a security research effort that is aided by artificial intelligence looking for vulnerabilities in code. Tracked as CVE-2025-21186, CVE-2025-21366, and CVE-2025-21395, these are remote code execution bugs that are exploitable if an attacker convinces a target to download and run a malicious file through social engineering. Unpatched.ai was also credited with discovering a flaw in the December 2024 Patch Tuesday release (CVE-2024-49142).
“Automated vulnerability detection using AI has garnered a lot of attention recently, so it’s noteworthy to see this service being credited with finding bugs in Microsoft products,” Narang observed. “It may be the first of many in 2025.”
If you’re a Windows user who has automatic updates turned off and haven’t updated in a while, it’s probably time to play catch up. Please consider backing up important files and/or the entire hard drive before updating. And if you run into any problems installing this month’s patch batch, drop a line in the comments below, please.
Further reading on today’s patches from Microsoft:
Article tags
Does Windows 10 or 11 need antivirus software? Absolutely. Every computer needs protection against viruses and other malware.
The next question is this: Which antivirus should you use?
Windows 10 and 11 come with Microsoft Defender Antivirus, Microsoft’s free version of antivirus software. In the absence of any other antivirus software, it runs automatically. No installation required.
Now, here’s what that antivirus software does. Antivirus software protects your devices against malware and viruses through a combination of prevention, detection, and removal.
For years, people have installed antivirus software on their computers. Today, it can also protect your smartphones and tablets as well. In fact, we recommend installing it on those devices as well because they’re connected, just like a computer — and any device that connects to the internet is a potential target for malware and viruses.
In short, if it’s connected, it gets protected.
One important distinction about antivirus is its name, a name that first came into use decades ago when viruses first appeared on the scene. However, antivirus protects you from more than viruses. It protects against malware too — attacks like spyware, ransomware, adware, and more. So while we popularly call protection software “antivirus,” it protects against far more than just viruses. It protects against malware overall.
Now here’s where some confusion might come in. Some antivirus apps are standalone. They offer malware protection and that’s it. And that’s the case with Microsoft Defender Antivirus.
Other antivirus apps are part of comprehensive online protection software, which can include several additional far-reaching features that can protect your privacy and your identity.
So, if you’re only looking for good antivirus software, Microsoft Defender Antivirus can get the job done. However, protecting yourself online today calls for far more than antivirus.
In short, antivirus doesn’t cut it alone.
If you value your privacy and identity, you’ll want to consider something more than just antivirus software.
Malware and viruses pose only a portion of the threats we face online today. Shopping scams, data breaches, info gathering, identity theft, and phishing texts are a big part of the landscape today. And they can cost you plenty in terms of your time and money, not to mention the stress of dealing with them.
This makes a strong case for using comprehensive online protection. It covers those threats, and far more. Ours includes the protections mentioned above, plus dozens of features that further protect your devices, privacy, and identity. And yes, it includes antivirus too.
Comprehensive online protection software like ours gives you dozens of other features like identity theft coverage & restoration, personal data cleanup, security freezes, and an online protection score that shows you how safe you are, along with suggestions that can make you safer still.
It further protects you from scams. Our Text Scam Detector and web protection steer you clear of sketchy links in texts, emails, messages, and while you search. Others like our Social Media Privacy Manager keep you as private as you like with personalized recommendations in only a few clicks.
And that’s for starters. The list of protections with comprehensive online protection software like our McAfee+ plans runs long. That includes yet more features that help you secure your finances and identity, make you more private online, and keep your devices running strong.
While protecting your devices with antivirus is a great start, it’s only one part of staying safer online. Including the privacy and identity features that come with comprehensive online protection rounds out your protection overall. Particularly so in a time of data breaches, online scams, sketchy text messages, and the like.
In all, antivirus remains an important part of a safe and enjoyable time online, yet it doesn’t do the job alone.
The post Does Windows 10 or 11 Need Antivirus Software? appeared first on McAfee Blog.
FreshRSS