Microsoft has addressed 157 Common Vulnerabilities and Exposures (CVEs) in its first Patch Tuesday update for 2025, marking the highest tally for any January since 2017 and breaking its previous record set in April 2024.
The significant increase comes as Microsoft had previously patched 98 CVEs in January 2023 and 48 in January 2024, with the ongoing trend averaging around 60 CVEs per January patch since 2017.
This month’s update includes eight zero-day vulnerabilities, of which three have been actively exploited. These specific vulnerabilities (CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335) are related to the Windows Hyper-V’s NT Kernel, particularly affecting the communication between virtual machines and the host operating system.
Satnam Narang, Senior…