PortalFuse Weekly Security Update Report (Windows and Edge Edition) – January 14, 2025

The January 2025 security updates address several critical vulnerabilities, categorized as follows:

1. Elevation of Privilege Vulnerabilities:

   • CVE-2025-21378 (Windows CSC Service): Heap-based buffer overflow granting SYSTEM privileges.
   • CVE-2025-21335 (Windows Hyper-V NT Kernel): Use-after-free condition affecting Hyper-V integration, compromising guest and host environments.
   • CVE-2025-21265 & CVE-2025-21310 (Windows Digital Media): Vulnerabilities triggered by physical access and malicious USB drives, escalating privileges.
   • CVE-2025-21275 (Windows App Package Installer): Allows bypassing restrictions to gain elevated privileges.

   Other vulnerabilities include issues in the Microsoft Brokering File System and Windows Virtualization-Based Security.

2. Remote Code Execution (RCE) Vulnerabilities:

   • CVE-2025-21298 (Windows OLE): Exploitable through crafted emails or documents to run arbitrary code.
   • CVE-2025-21296 (BranchCache): Malicious code execution in local network setups.
   • CVE-2025-21291 (Windows Direct Show): Exploits malformed media files to trigger RCE.
   • CVE-2025-21289 (Windows Shell): Allows code execution through malicious scripts.

   Additional RCE vulnerabilities could lead to significant damage if left unpatched.

3. Information Disclosure Vulnerabilities:

   • CVE-2025-21319 (Windows Kernel Memory): Exposes sensitive memory details in logs.
   • CVE-2025-21288 (Windows COM Server): Uninitialized COM resources leak heap memory.
   • CVE-2025-21210 & CVE-2025-21214 (Windows BitLocker): Risk of exposing encryption keys through physical access or side-channel attacks.

4. Security Feature Bypass Vulnerabilities:

   • CVE-2025-21299 (Windows Kerberos): Bypasses Windows Defender Credential Guard, gaining access to Kerberos tickets.
   • CVE-2025-21340 (Windows Virtualization-Based Security): Bypasses hypervisor isolation.
   • CVE-2025-21215 & CVE-2024-7344 (Secure Boot): Exploits in the boot process allowing attackers to tamper with security checks.

5. Denial of Service (DoS) Vulnerabilities:

   • CVE-2025-21284 & CVE-2025-21280 (Windows Virtual TPM): Causes system crashes by exploiting the Virtual TPM.
   • CVE-2025-21274 (Windows Event Tracing): Crashes logging services, allowing undetected attacks.
   • CVE-2025-21207 (Windows Connected Devices Platform Service): Disables network-based device management, causing downtime.

Join us as we discuss the latest CVEs, how they affect you and how to stay protected!