Microsoft has warned of three previously exploited zero-day vulnerabilities in the Windows Hyper-V platform, prompting the company to urge urgent attention from defenders. The three flaws, CVE-2025-21334, CVE-2025-21333, and CVE-2025-21335, affect the NT Kernel Integration Virtualization Service Provider, which handles efficient resource management and communication between host systems and guest virtual machines.
According to Microsoft’s advisories, an attacker who successfully exploits these vulnerabilities can gain SYSTEM privileges. However, the company has not released technical details or indicators of compromise (IOCs) to aid in the detection of compromised systems.
The January Patch Tuesday rollout includes fixes for 160 security defects across various Windows OS, applications, and components. Twelve of these bulletins have critical-severity ratings, with remote code execution risks identified in Microsoft Digest Authentication, Remote Desktop Services, WIndows OLE, Microsoft Excel, and the Windows Reliable Multicast Transport Driver (RMCAST).
This is the largest number of CVEs addressed in any single month since 2017, according to ZDI, a company that tracks software vulnerabilities. The surge in patches may indicate an ominous trend for patch levels in 2025.
Source: https://www.securityweek.com/microsoft-patches-trio-of-exploited-windows-hyper-v-zero-days