Critical vulnerabilities in Windows  [17.01.25]

Please always install the security updates provided by Microsoft as soon as possible. You can check whether you are up to date by going to Start, clicking Settings and then selecting Windows Update.

On January 14, 2025, Microsoft published details of vulnerabilities that will be addressed by security updates in January as part of its monthly patch day.

• One vulnerability affects the Windows and Windows Server product line, or rather the Windows Object Linking and Embedding (OLE) technology used there, which allows embedding and linking of documents and other objects. Windows OLE is also used in Microsoft Office products such as Outlook. According to Microsoft, a successful attack can be carried out if a user opens a specially manipulated email in Microsoft Outlook or if it is displayed in the preview. No active user interaction is necessary. Rather, simply viewing the email in Outlook preview is enough to execute code on the user's client. The Common Vulnerability Scoring System rating of 9.8 makes this a critical vulnerability.
• In addition to the security hole described, another particularly serious vulnerability in the Windows Remote Desktop Service has been closed. Patches for this vulnerability are also available from the manufacturer.
• Furthermore, Microsoft reports that it has already observed attacks that exploit three elevation-of-privilege vulnerabilities that allow SYSTEM privileges to be obtained. Attackers often use such vulnerabilities to gain persistence in the system as part of an attack.

If you have any questions, please contact the IT service desk. 

Back to All news