Microsoft started 2025 with a hefty patch launch this month, addressing eight zero-days with 159 patches for Windows, Microsoft Office and Visual Studio. Both Windows and Microsoft Office have “Patch Now” suggestions (with no browser or Exchange patches) for January.
Microsoft additionally launched a big servicing stack replace (SSU) that adjustments how desktop and server platforms are up to date, requiring further testing on how MSI Installer, MSIX and AppX packages are put in, up to date, and uninstalled.
To navigate these adjustments, the Readiness group has offered this handy infographic detailing the dangers of deploying the updates.
Known points
Readiness labored with each Citrix and Microsoft to element the extra severe replace points affecting enterprise desktops, together with:
Windows 10/11: Following the set up of the October 2024 safety replace, some clients report that theOpenSSH (Open Secure Shell) service fails to start out, stopping SSH connections. The service fails with out detailed logging; guide intervention is required to run the sshd.exe course of. Microsoft is investigating the problem with no (as of now) revealed schedule for both mitigations or a decision.
Citrix reported vital points with its Session Recording Agent (SRA), inflicting the January replace to fail to finish efficiently. Microsoft revealed a safety bulletin (KB5050009) that claims: “Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings.” Once this example happens, nonetheless, the replace course of stops and proceeds to rollback to the unique state.
In brief, you probably have the Citrix SRA put in, your gadget was (doubtless) not up to date this month.
Major revisions
For this Patch Tuesday, we have now the next revisions to beforehand launched updates:
CVE-2025-21311: Windows Installer Elevation of Privilege Vulnerability. Microsoft has launched an up to date group coverage (SkuSiPolicy.p7b) to higher deal with safety associated points with VBS scripts included within the information be aware, “Guidance for blocking rollback of Virtualization-based Security (VBS)”.
CVE-2025-21308: Windows Themes Spoofing Vulnerability. Microsoft recommends disabling NTLM for desktop methods to deal with this vulnerability. Guidance on the course of will be discovered right here: Restrict NTLM: Outgoing NTLM visitors to distant servers.
Microsoft additionally launched CVE-2025-21224 to deal with two reminiscence associated safety vulnerabilities within the legacy line printer daemon (LPD), a Windows function that has been deprecated for 15 years. I can’t see issues bettering for these print-related capabilities (given the issues we’ve seen for the previous decade). Maybe now could be the time to start out eradicating these legacy options out of your platform.
Windows lifecycle and enforcement updates
The following Microsoft merchandise will probably be retired this yr:
Microsoft Genomics: Jan. 6, 2025
Visual Studio App Center: March 31, 2025
SAP HANA Large Instances (HLI): June 30, 2025
Of course, we don’t want to say the elephant within the room. Microsoft will finish assist for Windows 10 in October.
Each month, we analyze Microsoft’s updates throughout key product households — Windows, Office, and developer instruments — that will help you prioritize patching efforts. This prescriptive, actionable, steering is predicated on assessing a big utility portfolio and an in depth evaluation of the Microsoft patches and their potential influence on the Windows platforms and apps.
For this launch cycle from Microsoft, we have now grouped the crucial updates and required testing efforts into totally different practical areas together with:
Remote desktop
January has a heavy give attention to Remote Desktop Gateway (RD Gateway) and community protocols, with the next testing steering:
RD Gateway Connections: Ensure RD Gateway (RDG) continues to facilitate each UDP and TCP visitors seamlessly with out efficiency degradation. Try disconnecting RDG from an present/established connection.
VPN, Wi-Fi, and Bluetooth Scenarios: take a look at end-to-end configurations and close by sharing performance.
DNS Management for Operators: Verify that customers within the “Network Configuration Operators” group can handle DNS consumer settings effortlessly.
Local Windows file system and storage
File system and storage elements additionally get minor updates. Desktop and server file system testing efforts ought to give attention to:
Offline Files and Mapped Drives: Test mapped community drives underneath each on-line and offline circumstances. Pay shut consideration to Sync Center standing updates.
BitLocker: Validate drive locking and unlocking, BitLocker-native boot eventualities, and post-hibernation states with BitLocker enabled.
Virtualization and Microsoft Hyper-V
Hyper-V and digital machines obtain light-weight updates:
Traffic Testing: Install the Hyper-V function and restart methods. Monitor community efficiency and guarantee no regressions in digital community visitors or digital machine administration.
Security and authentication
Key areas for security-related testing embody:
Digest Authentication Stress Testing: Simulate heavy masses whereas utilizing Digest authentication to uncover potential points.
SPNEGO Negotiations: Verify Secure Negotiation Protocol (SPNEGO) functionalities in cross-domain or multi-forest Active Directory setups.
Authentication Scenarios: Test functions counting on LSASS processes and be certain that protocols like Kerberos, NTLM, and certificate-based authentication stay steady underneath load.
Other crucial updates
There are some further testing priorities for this launch:
App Deployment Scenarios: Install and replace MSIX/Appx packages with and with out packaged companies, confirming admin-only necessities for updates.
WebSocket Connections: Establish and monitor safe WebSocket connections, guaranteeing correct encryption and handshake outcomes.
Graphics and Themes: Test GDI+-based apps and workflows involving theme information to make sure UI parts render appropriately throughout totally different view modes. Some recommendations embody international language functions that depend on Input Method Editors (IMEs).
January’s updates preserve a medium-risk profile for many methods, however testing stays important — particularly for networking, authentication, and file system eventualities. We advocate prioritizing distant community visitors validation, with gentle testing for storage and virtualization environments. If you’ve got a big MSIX/Appx bundle portfolio, there’s quite a lot of work to do to make sure that your bundle installs, updates and uninstalls efficiently.
Each month, we break down the replace cycle into product households (as outlined by Microsoft) with the next fundamental groupings:
Browsers (Microsoft IE and Edge)
Microsoft Windows (each desktop and server)
Microsoft Office
Microsoft Exchange and SQL Server
Microsoft Developer Tools (Visual Studio and .NET)
Adobe (if you happen to get this far)
Browsers
There had been no Microsoft browser updates for Patch Tuesday this month. Expect Chromium updates that can have an effect on Microsoft Edge within the coming week. (You can discover the enterprise launch schedule for Chromium right here.)
Microsoft Windows
This is a pretty big replace for the Windows ecosystem, with 124 patches for each desktops and servers, overlaying over 50 product/function teams. We’ve highlighted a few of the main areas of curiosity:
Fax/Telephony
MSI/AppX/Installer and the Windows replace mechanisms
Windows COM/DCOM/OLE
Networking, Remote Desktop
Kerberos, Digital Certificates, BitLocker, Windows Boot Manager
Windows graphics (GDI) and Kernel drivers
Unfortunately, Windows safety vulnerabilities CVE-2025-21275 and CVE-2025-21308 each have an effect on core utility performance and have been publicly disclosed. Add these Windows updates to your “Patch Now” launch schedule.
Microsoft Office
Microsoft Office will get three crucial updates, and an additional 17 patches rated essential. Unusually, three Microsoft Office updates affecting Microsoft Access fall into the zero-day class with CVE-2025-21366, CVE-2025-21395 and CVE-2025-21186 publicly disclosed. Add these Microsoft updates to your “Patch Now” calendar.
Microsoft Exchange and SQL Server
There had been no updates from Microsoft for SQL Server or Microsoft Exchange servers this month.
Microsoft Developer Tools (Visual Studio and .NET)
Microsoft has launched seven updates rated as essential affecting Microsoft .NET and Visual Studio. Given the pressing consideration required for Office and Windows this month, you possibly can add these commonplace, low-profile patches to your commonplace developer launch schedule.
Adobe and third-party updates
No Adobe associated patches had been launched by Microsoft this month. However, two third-party, growth associated updates had been revealed; they have an effect on GitHub (CVE-2024-50338) and CERT CC patch (CVE-2024-7344). Both updates will be added to the usual developer launch schedule.