Experts Analyze 159 New Vulnerabilities and 3 Zero-Days

Welcome to the first Patch Tuesday of 2025! 

Automox cybersecurity experts offer critical insights on this month's updates. Below, they’ll cover key Windows vulnerabilities in Active Directory and Windows Hyper-V and dive into the security contents of macOS 15.2. Addressing these issues promptly will help strengthen your security stance and protect against these potential threats.

For more insights, be sure to check out the Patch [FIX] Tuesday podcast, or give it a watch on YouTube.

Let’s see how this month stacks up:

Active Directory Domain Services Elevation of Privilege Vulnerability

CVE-2025-21293 (CVSS 8.8/10) impacts Active Directory Domain Services by allowing attackers to escalate their privileges if exploited. It works by enticing a victim to interact with a malicious file (often delivered through phishing emails). 

Advancements in AI have enabled attackers to automate and personalize phishing schemes, making it harder for users to distinguish malicious attempts. These refined tactics increase the likelihood of users being deceived into engaging with harmful content. Once successful, attackers can gain administrative access to vital systems, escalating a single compromised endpoint into a widespread security breach across the network.

To prevent exploitation, ensure your endpoint protection tools are updated to detect malicious activity before execution. Continuous log monitoring and real-time alert systems should capture unusual behaviors preemptively. Education on phishing threats remains a key defense, helping users recognize and avoid potential traps.

Restricting access to domain controllers and limiting them to essential tasks is crucial. Regularly tested backups and a solid incident response plan ensure quick recovery and containment during breaches. Isolating critical systems further reduces exposure.

 — Seth Hoyt, Senior Security Engineer, Automox

These vulnerabilities affect Hyper-V environments, specifically within NT Kernel integrations. Attackers exploiting CVE-2025-21335,  CVE-2025-21333, and CVE-2025-21334  (CVSS 7.8/10) may gain elevated privileges if they access guest systems and execute code. Without proper safeguards, such vulnerabilities escalate to full guest-to-host takeovers, posing significant security risks across your virtual environment. 

Unmitigated, these vulnerabilities potentially grant attackers control of all virtual machines (VMs) hosted within Hyper-V.

Mitigation relies on implementing strong access controls and adhering to best practices for VM and hypervisor management. Limiting permissions on guest systems and utilizing monitoring tools like EDR software, configured to monitor both guest and host systems, catch malicious behaviors early. Isolating high-value systems within your virtual environments through network segmentation and strict access controls contains potential risks.

Patching these vulnerabilities immediately and maintaining resilient system configurations avoid exploits.

 — Ryan Braunstein, Security Manager, Automox

Critical Security Fixes Addressed

The macOS 15.2 update includes patches for WebKit vulnerabilities. These vulnerabilities allow attackers to execute malicious code by leading users to browse a compromised website or interact with malicious ads. 

Threats targeting WebKit highlight a shift towards exploiting macOS environments as their user base within enterprises grows. What was once considered a less targeted operating system now faces increased scrutiny and risks.

Always run the latest macOS version and keep WebKit-based apps updated across endpoints to limit vulnerability exposure. Regularly reviewing and refining detection strategies on macOS devices is crucial. Many tools designed for enterprise security are still catching up to fully secure macOS environments. Until then, robust patch management serves as your frontline defense.

Until then, robust patch management remains your frontline defense.

– Tom Bowyer, Director IT Security, Automox