Login
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.
Rapid7‘s Adam Barnett says January marks the fourth consecutive month where Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them as critical severity at time of publication. Today also saw the publication of nine critical remote code execution (RCE) vulnerabilities.
The Microsoft flaws already seeing active attacks include CVE-2025-21333, CVE-2025-21334 and, you guessed it– CVE-2025-21335. These are sequential because all reside in Windows Hyper-V, a component that is heavily embedded in modern Windows 11 operating systems and used for security features including device guard and credential guard.
Tenable’s Satnam Narang says little is known about the in-the-wild exploitation of these flaws, apart from the fact that they are all “privilege escalation” vulnerabilities. Narang said we tend to see a lot of elevation of privilege bugs exploited in the wild as zero-days in Patch Tuesday because it’s not always initial access to a system that’s a challenge for attackers as they have various avenues in their pursuit.
“As elevation of privilege bugs, they’re being used as part of post-compromise activity, where an attacker has already accessed a target system,” he said. “It’s kind of like if an attacker is able to enter a secure building, they’re unable to access more secure parts of the facility because they have to prove that they have clearance. In this case, they’re able to trick the system into believing they should have clearance.”
Several bugs addressed today earned CVSS (threat rating) scores of 9.8 out of a possible 10, including CVE-2025-21298, a weakness in Windows that could allow attackers to run arbitrary code by getting a target to open a malicious .rtf file, documents typically opened on Office applications like Microsoft Word. Microsoft has rated this flaw “exploitation more likely.”
Ben Hopkins at Immersive Labs called attention to the CVE-2025-21311, a 9.8 “critical” bug in Windows NTLMv1 (NT LAN Manager version 1), an older Microsoft authentication protocol that is still used by many organizations.
“What makes this vulnerability so impactful is the fact that it is remotely exploitable, so attackers can reach the compromised machine(s) over the internet, and the attacker does not need significant knowledge or skills to achieve repeatable success with the same payload across any vulnerable component,” Hopkins wrote.
Kev Breen at Immersive points to an interesting flaw (CVE-2025-21210) that Microsoft fixed in its full disk encryption suite Bitlocker that the software giant has dubbed “exploitation more likely.” Specifically, this bug holds out the possibility that in some situations the hibernation image created when one closes the laptop lid on an open Windows session may not be fully encrypted and could be recovered in plain text.
“Hibernation images are used when a laptop goes to sleep and contains the contents that were stored in RAM at the moment the device powered down,” Breen noted. “This presents a significant potential impact as RAM can contain sensitive data (such as passwords, credentials and PII) that may have been in open documents or browser sessions and can all be recovered with free tools from hibernation files.”
Tenable’s Narang also highlighted a trio of vulnerabilities in Microsoft Access fixed this month and credited to Unpatched.ai, a security research effort that is aided by artificial intelligence looking for vulnerabilities in code. Tracked as CVE-2025-21186, CVE-2025-21366, and CVE-2025-21395, these are remote code execution bugs that are exploitable if an attacker convinces a target to download and run a malicious file through social engineering. Unpatched.ai was also credited with discovering a flaw in the December 2024 Patch Tuesday release (CVE-2024-49142).
“Automated vulnerability detection using AI has garnered a lot of attention recently, so it’s noteworthy to see this service being credited with finding bugs in Microsoft products,” Narang observed. “It may be the first of many in 2025.”
If you’re a Windows user who has automatic updates turned off and haven’t updated in a while, it’s probably time to play catch up. Please consider backing up important files and/or the entire hard drive before updating. And if you run into any problems installing this month’s patch batch, drop a line in the comments below, please.
Further reading on today’s patches from Microsoft:
If your PC runs on Windows 10, you’re in very good company. The Microsoft operating system is the most widely used OS in the world.
However, the rollout to Windows 11 began in 2021, with Windows 10’s support lifecycle ending on October 14, 2025. After this date, Microsoft will stop providing free security updates, technical support, or software updates for Windows 10. If you are a Windows 10 user, this means you will need to upgrade to the newer OS or purchase extended security updates to continue using the old OS securely.
Unfortunately, its success as a widely used operating system makes Windows attractive to hackers. If malicious software could make a home in Windows, a lot of targets would ask how best to protect your Windows 10 or 11 device. Should you just use Windows Security — Microsoft’s free version of antivirus software — or buy additional protection?
Read on to learn what Microsoft Security covers and how additional virus protection can secure all of your connected devices.
Windows Defender is a free antivirus tool that’s built into the Windows operating system. Initially released as an anti-spyware program for Windows XP and Windows Server 2003, it became a full antivirus program with Windows 8 in 2012.
Today, Windows Defender antivirus is part of the Windows Security suite, which offers a comprehensive solution that includes Windows Firewall and Smart App Control for real-time protection against threats. While it’s considered one of the best free antivirus software programs, Windows Defender doesn’t have any extra features that might come with paid security software. If you’re just looking for good antivirus software, it can get the job done.
If you’re not using third-party antivirus protection, you’ll want to make sure that your Windows Defender antivirus coverage is working on your computer. Here’s how to check:
To make sure your Windows Security is running, follow these steps:
Windows Defender is a convenient and cost-effective way to protect your Microsoft device from viruses. With features like real-time protection, firewall integration, and cloud-based threat detection, it provides a solid baseline of security for your computer. This overview explores what Windows Defender does well and where it falls short:
While Windows Defender has vastly improved, it still has some limitations compared to other comprehensive security and antivirus suites.
While Windows Security and Windows Defender offer robust baseline malware protection, modern digital threats go far beyond simple viruses. To stay truly safe, you need to look at the bigger picture of online security. This is where a comprehensive security suite offers significant advantages over a standalone antivirus tool.
Here’s a quick comparison between the built-in Windows Defender and what a full-featured security suite offers:
| Feature | Windows Defender | Comprehensive Suites |
| Antivirus & malware protection | Yes (strong baseline) | Yes (advanced) |
| Firewall | Yes | Yes (advanced, customizable) |
| Secure VPN | No | Yes |
| Identity monitoring | No | Yes |
| Cross-device protection (Mac, Android, iOS) | No | Yes |
| Password manager | Limited (browser-based) | Yes (secure, cross-device) |
| Web protection | Yes (Edge browser) | Yes (all browsers) |
Cybercriminals constantly develop new malware, sophisticated phishing scams, elaborate ruses and zero-day exploits that target your behavior—like tricking you into clicking a malicious link, downloading a compromised file, or giving your personal information such as your bank and credit card numbers. Some scams even target your devices with risky apps or links on social media.
As thousands of new threat variants are discovered daily, having dedicated and up-to-date virus protection for Windows 11 is essential for comprehensive security. Ultimately, you don’t need to disable Windows Defender’s firewall, but adding a comprehensive security suite provides crucial layers of protection against phishing, identity theft, and unsecured Wi-Fi that are essential for staying safe online today. Having another antivirus program can make sure you have real-time protection and access to the latest security features. Better to be safe than sorry!
From Windows 10, the upgraded Windows 11 introduces significant security enhancements, thanks to a more robust security architecture that applies stricter hardware requirements. Mandatory features such as Trusted Platform Module (TPM) 2.0, Virtualization-Based Security (VBS), and Secure Boot create a much stronger “secure-by-default” defense against attacks that target the boot process and system integrity.
However, this enhanced baseline security does not eliminate the need for more diligent protection. The vast majority of cyberattacks target the user, not the hardware. Cybercriminals still employ phishing emails, malicious downloads, and insecure websites to compromise your device, regardless of the operating system’s strength. While it’s true that Windows 11 has made great strides in security, the threat landscape has evolved even faster. Installing a multi-layered security solution remains a critical tool for proactively protecting your personal data and online activities.
In Windows 11, you can augment the built-in Windows Defender with a free antivirus option, but it’s important to understand the trade-offs. Free antivirus solutions typically offer only basic malware protection and lack crucial features that are standard in paid suites, such as a secure VPN, identity monitoring services, advanced phishing protection, a password manager, and dedicated customer support. Some free software may also collect and sell your browsing data to third parties to generate revenue.
While free is tempting, investing in a paid suite with total protection provides peace of mind, knowing that all aspects of your digital life—from your device security to your personal identity and online privacy—are actively protected by an integrated, powerful solution.
Using Microsoft’s built-in antivirus software can protect your Windows devices from viruses and malware. Follow these basic Windows Defender management steps:
In most cases, you can retain your third-party antivirus when you move to Windows 11. Reputable antivirus providers ensure their software is fully compatible with new operating system releases. Before you upgrade to Windows 11, ensure your antivirus software is updated to the latest version. Your subscription should carry over to the new OS seamlessly.
The benefit of using a cross-platform security suite is that your license and protection extend beyond a single OS version. Whether you’re on Windows 10, Windows 11, a Mac, or a mobile device, your protection remains active and managed from a single account, avoiding the hassle of finding new software or purchasing new licenses every time you upgrade or change devices.
Windows Defender provides a solid starting point of security for your computer, but it is good to reinforce that capability with a comprehensive solution. Antivirus protection programs available in the market today aren’t all created equal. When looking for the best antivirus software for your needs, here are some things to consider for your devices running on Windows 11.
Today’s cybercriminals are relentlessly creating new threats every day to steal your identity, money, and personal data. Thinking of antivirus as just for viruses is outdated; modern security suites are about total digital wellness. McAfee+ was developed with an understanding of how cybercriminals operate. Our all-in-one protection includes:
Whether you’re using Windows 10 or the latest Windows 11, the built-in Microsoft Defender provides a good starting point for your device’s security. However, an antivirus is just one layer of security. To be truly protected from the full spectrum of today’s online threats, you need a more comprehensive approach. Adding a trusted security suite gains you layers of protection for your identity, privacy, and data that go far beyond basic antivirus defense.
When you install a third-party antivirus like McAfee Total Protection, it seamlessly takes over as the primary real-time protection provider, while Windows Defender can remain available for periodic scans, ensuring there are no conflicts. To check your security status, simply navigate to Windows Security > Virus & threat protection to see which provider is active.
For complete peace of mind, comprehensive solutions like McAfee Total Protection add critical features like a VPN for online privacy, identity monitoring, and protection for all your devices, not just your Windows personal computer.
The post Does Windows 10 or 11 Need Antivirus Software? appeared first on McAfee Blog.
Thief Raccoon is a tool designed for educational purposes to demonstrate how phishing attacks can be conducted on various operating systems. This tool is intended to raise awareness about cybersecurity threats and help users understand the importance of security measures like 2FA and password management.
```bash git clone https://github.com/davenisc/thief_raccoon.git cd thief_raccoon
```bash apt install python3.11-venv
```bash python -m venv raccoon_venv source raccoon_venv/bin/activate
```bash pip install -r requirements.txt
Usage
```bash python app.py
After running the script, you will be presented with a menu to select the operating system. Enter the number corresponding to the OS you want to simulate.
If you are on the same local network (LAN), open your web browser and navigate to http://127.0.0.1:5000.
If you want to make the phishing page accessible over the internet, use ngrok.
Using ngrok
Download ngrok from ngrok.com and follow the installation instructions for your operating system.
Expose your local server to the internet:
Get the public URL:
After running the above command, ngrok will provide you with a public URL. Share this URL with your test subjects to access the phishing page over the internet.
How to install Ngrok on Linux?
```bash curl -s https://ngrok-agent.s3.amazonaws.com/ngrok.asc \ | sudo tee /etc/apt/trusted.gpg.d/ngrok.asc >/dev/null \ && echo "deb https://ngrok-agent.s3.amazonaws.com buster main" \ | sudo tee /etc/apt/sources.list.d/ngrok.list \ && sudo apt update \ && sudo apt install ngrok
```bash ngrok config add-authtoken xxxxxxxxx--your-token-xxxxxxxxxxxxxx
Deploy your app online
Put your app online at ephemeral domain Forwarding to your upstream service. For example, if it is listening on port http://localhost:8080, run:
```bash ngrok http http://localhost:5000
Example
```bash python app.py
```bash Select the operating system for phishing: 1. Windows 10 2. Windows 11 3. Windows XP 4. Windows Server 5. Ubuntu 6. Ubuntu Server 7. macOS Enter the number of your choice: 2
Open your browser and go to http://127.0.0.1:5000 or the ngrok public URL.
Disclaimer
This tool is intended for educational purposes only. The author is not responsible for any misuse of this tool. Always obtain explicit permission from the owner of the system before conducting any phishing tests.
License
This project is licensed under the MIT License. See the LICENSE file for details.
ScreenShots
Credits
Developer: @davenisc Web: https://davenisc.com
FreshRSS 
