Important Notice: Security vulnerabilities of Microsoft (updated at 16 January 2025)
jovitatou2025-01-16T11:16:55+08:00資訊安全警示 Information Security Alert
To: All Users
As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its January security update notice, there is 159 vulnerability updates this time.
The updates this time mainly cover the following components: .NET, .NET and Visual Studio, Microsoft Windows Search Component, Windows Installer, Windows Kerberos, Windows Kernel Memory, Windows Remote Desktop Services, Windows Secure Boot products vulnerabilities.
Details of the vulnerabilities:
- Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21333
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21334
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21335
- Windows OLE Remote Code Execution Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21298
- Microsoft Excel Remote Code Execution Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21354
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21362
- Windows Remote Desktop Services Remote Code Execution Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21309
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21297
- BranchCache Remote Code Execution Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21296
- Microsoft Office Remote Code Execution Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21365
For more details about Microsoft January Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan
If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible.
Reference
- How to download and install software in a secure manner?
- Basic Knowledge of Online Safety and Security
- Other Information Security Tips
Should you have any enquiries, please feel free to contact ICTO Help Desk.
ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo
Information and Communication Technology Office
各位用戶:
資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Microsoft 近日發布了 1月安全更新通告,此次包含了 159個漏洞更新。
此次釋出的更新主要涵蓋了以下組件: .NET, .NET and Visual Studio, Microsoft Windows Search Component, Windows Installer, Windows Kerberos, Windows Kernel Memory, Windows Remote Desktop Services, Windows Secure Boot 等產品的漏洞。
漏洞詳情:
- Windows Hyper-V NT Kernel Integration VSP 許可權提升漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21333
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21334
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21335
- Windows OLE 遠端代碼執行漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21298
- Microsoft Excel 遠端代碼執行漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21354
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21362
- Windows 遠端桌面服務遠端代碼執行漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21309
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21297
- BranchCache 遠端代碼執行漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21296
- Microsoft Office 遠端代碼執行漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21365
Microsoft 1月更新有關詳情可參考:https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan
倘有使用相關受影響產品,須盡快安裝由微軟公司釋出的安全更新。
參考資料
如有任何疑問,請聯絡資訊及通訊科技部服務中心。
服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo
資訊及通訊科技部