Malware & Threats

Microsoft Patches Trio of Exploited Windows Hyper-V Zero-Days

Patch Tuesday: Microsoft’s January Patch Tuesday rollout includes fixes for 160 security defects, the largest number of CVEs addressed in any single month since at least 2017.

Zero-day

Microsoft’s struggles with zero-days have stretched into 2025 with fresh news of a trio of already-exploited vulnerabilities in the Windows Hyper-V platform.

The software giant on Tuesday called urgent attention to three separate flaws in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) and warned that malicious attackers are already launching privilege escalation exploits.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said in a series of barebones advisories.

As is customary, the company did not release technical details or IOCs (indicators of compromise) to help defenders hunt for signs of compromise.

The three exploited zero-days — CVE-2025-21334, CVE-2025-21333 and CVE-2025-21335 — affect the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) that  handles efficient resource management and communication between the host system and guest virtual machines (VMs). 

The January Patch Tuesday rollout includes fixes for a whopping 160 security defects in a range of Windows OS, applications and components.  

Advertisement. Scroll to continue reading.

Microsoft tagged 12 bulletins with critical-severity ratings and stressed that many of these issues can lead to remote code execution attacks.

Remote code execution risks have been identified in Microsoft Digest Authentication, Remote Desktop Services, WIndows OLE, Microsoft Excel and the Windows Reliable Multicast Transport Driver (RMCAST.

According to ZDI, a company that tracks software vulnerabilities , this is the largest number of CVEs addressed in any single month since at least 2017 and is more than double the usual amount of CVEs fixed in January. 

“This comes on the heels of a record number of December patches and could be an ominous sign for patch levels in 2025,” according to ZDI data.

Related: Microsoft Confirms Zero-Day Exploitation of Task Scheduler Flaw

Related: Zero-Day Summer: Microsoft Warns of Fresh New Software Exploits

Related: Microsoft Warns of Six Windows Zero-Days Being Actively Exploited

Related: Zero-Click Exploit Drive Urgent Patching of Windows TCP/IP Flaw

Related Content

Artificial Intelligence

Microsoft's new Teams admin policy requires organizer approval for external AI bots, giving organizations greater visibility and control over automated participants in sensitive meetings.

Cybercrime

Hundreds of C&C servers were disrupted in an operation involving law enforcement and several cybersecurity companies.

Vulnerabilities

The company warned about zero-day attacks exploiting the Exchange Server vulnerability CVE-2026-42897 on May 14. 

Vulnerabilities

Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.

ICS/OT

In addition, Rockwell Automation announced some enhancements to its SecureOT cybersecurity solution for OT.

Vulnerabilities

Three of the vulnerabilities fixed with the latest Patch Tuesday updates were publicly disclosed before Microsoft addressed them.

Vulnerabilities

Nearly half of the security holes, most allowing arbitrary code execution, have been fixed in Adobe’s Experience Manager product.

Vulnerabilities

Microsoft responds to backlash over its threats of legal action against researchers who publicly disclose zero-day vulnerabilities.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version