Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Members of public are advised to stay vigilant and not follow any instructions given by these scammers. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. January 2025 Monthly Patch
Alerts

January 2025 Monthly Patch

15 January 2025

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

The vulnerabilities that have been classified as Critical in severity are listed in the table below.

For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2025-Jan

CRITICAL VULNERABILITIES

Critical vulnerabilities

CVE Number

CVE Name

Base Score

Reference

CVE-2025-21307

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

9.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21307

CVE-2025-21298

Windows OLE Remote Code Execution Vulnerability

9.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21298

CVE-2025-21311

Windows NTLM V1 Elevation of Privilege Vulnerability

9.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21311

CVE-2025-21385

Microsoft Purview Information Disclosure Vulnerability

8.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21385

CVE-2025-21380

Azure Marketplace SaaS Resources Information Disclosure Vulnerability

8.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21380

CVE-2025-21362

Microsoft Excel Remote Code Execution Vulnerability

8.4

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21362

CVE-2025-21354

Microsoft Excel Remote Code Execution Vulnerability

8.4

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21354

CVE-2025-21309

Windows Remote Desktop Services Remote Code Execution Vulnerability

8.1

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21309

CVE-2025-21297

Windows Remote Desktop Services Remote Code Execution Vulnerability

8.1

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21297

CVE-2025-21295

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

8.1

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21295

CVE-2025-21294

Microsoft Digest Authentication Remote Code Execution Vulnerability

8.1

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21294

CVE-2025-21296

BranchCache Remote Code Execution Vulnerability

7.5

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21296