A Detailed Look at the Latest Patches from Adobe and Microsoft

As we begin 2025, the importance of robust cybersecurity has never been clearer. The latest security updates from leading organisations such as Adobe and Microsoft highlight the critical need for vigilance in protecting digital systems. In this post, we’ll explore the key patches released in January 2025, their significance, and why timely implementation is essential

Adobe’s January 2025 Security Updates

Adobe has released updates addressing vulnerabilities in several of its popular products. The five bulletins cover 14 CVEs (Common Vulnerabilities and Exposures) in applications such as Photoshop, Substance 3D Stager, Illustrator on iPad, Animate, and Substance 3D Designer.

Key highlights include:

  • Substance 3D Stager: Fixes five critical vulnerabilities that could allow arbitrary code execution.

  • Photoshop: Addresses critical issues triggered by malicious file openings.

While these vulnerabilities were not publicly disclosed or actively exploited at the time of release, their potential impact underscores the importance of action. Adobe has assigned a deployment priority rating of 3, indicating a standard timeframe for applying these updates.

Microsoft’s January 2025 Security Updates

Microsoft has issued one of its largest monthly security releases, addressing 159 new CVEs across its product range, including Windows, Office, Hyper-V, SharePoint Server, .NET, and Azure. Of these vulnerabilities:

  • 11 are rated Critical, requiring immediate attention.

  • 148 are classified as Important, still necessitating prompt action

  • 5 were publicly known, and three were actively exploited at the time of release.

Microsoft Security Updates

Key Vulnerabilities Under Active Exploitation

  • Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)

    These vulnerabilities could allow authenticated users to execute code with SYSTEM privileges. Organisations using Hyper-V should prioritise these updates.

  • Windows OLE Remote Code Execution (CVE-2025-21298)

    With a CVSS score of 9.8, this vulnerability enables attackers to execute remote code via specially crafted emails in Outlook. While temporarily mitigated by configuring Outlook to read emails in plain text, applying the patch is strongly recommended.

  • SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution (CVE-2025-21295)

    A vulnerability within a core security protocol, this poses a significant risk, making immediate patching essential.

  • Windows Remote Desktop Services RCE (CVE-2025-21297, CVE-2025-21309)

    Remote, unauthenticated attackers can exploit these vulnerabilities to execute arbitrary code on Remote Desktop Gateway servers by triggering a race condition. While tricky to exploit, no user interaction is required, making this patch a priority, especially for internet-exposed gateways.

  • Windows Themes Spoofing Vulnerability (CVE-2025-21308)

    This publicly known vulnerability involves NTLM credential relaying, bypassing a previous patch (CVE-2024-38030). Systems with restricted NTLM traffic are less vulnerable. Microsoft provides guidance on enabling these restrictions—implement them and patch your systems promptly.

Why Timely Patching Matters

This month’s updates from Adobe and Microsoft highlight a growing trend of identified vulnerabilities and the increasing sophistication of cyber threats. Regular patching is crucial for:

  • Preventing Exploitation: Unpatched systems are a primary target for attackers.

  • Maintaining System Integrity: Patches close gaps that could lead to breaches or data loss.

  • Ensuring Compliance: Many regulations require organisations to maintain up-to-date software.

Cloud Computing Infographic

How Aegis Secure Technologies Can Help

At Aegis Secure Technologies, we understand the challenges of managing security updates across complex environments. Our managed services ensure:

  • Timely Patch Management: We keep your systems up to date with minimal disruption.

  • Vulnerability Monitoring: Identify and address risks before they become threats.

  • Proactive Security Support: Expert advice and tools to maintain your business resilience.

Share This Information

TAKE ACTION TODAY

Don’t let unpatched vulnerabilities put your business at risk. Contact Aegis Secure Technologies today to discuss how we can help you implement a robust patch management process and safeguard your systems.