Microsoft Patch Tuesday – January 2025 | Smart Thinking Solutions

Yesterday was the second Tuesday of the month, Microsoft Patch Tuesday. The day the cyber security world thinks about Microsoft patches and vulnerabilities. But remember other vendors also release cyber security and functionality updates and patches on or around the same time – check those as well.

Cyber Security Highlights

There are 159 vulnerabilities being patched this month – eight of which are zero-day vulnerabilities and three of these are actively being exploited. Twelve of the vulnerabilities are classed as “critical”.

These patches need applying as soon as possible to stop your organisation being vulnerable to attack.

Our support team have started reviewing our client monitoring reports and the SOC to check that the Microsoft Patch Tuesday updates have been completed. Our team will also keep an eye on the reports for the next day or two to check there are no issues, stagglers or absconders! It is always a busy time for us and should be for you or your IT or Cyber Security Support as well.

The Full Monty

Here is Microsoft’s detailed page on Patch Tuesday for January 2025:

January 2025 Security Updates – Release Notes – Security Update Guide – Microsoft

Microsoft Patch Tuesday patches are essential for your cyber security

Your Takeaway from Microsoft Patch Tuesday.

As always the day after Patch Tuesday is a busy day for our team as we check the reports from the SOC and RMM to ensure the clients we look after, everyone in their organisations have updated their systems. If you do not have that kind of support then get these updates done and check that the auto-updating has auto-updated.

Ok, so you do not use Windows – you are a Mac person and proud of it, Patch Tuesday has no impact on you. But what happens when your supplier or best client skips the Patch Tuesday updates? These updates are important for everyone!

Why is Microsoft’s Patch Tuesday Important?

Last year a high-profile hack of the UK’s Electoral Commission, was partly attributed to a failure to apply updates and patches to their systems:

Just when you thought the election was behind us!

Patching and updates are an important step in every cyber security plan – you and you team must get them done – read about that here:

How Microsoft Patch Tuesday can help your cyber security planning

and here:

Don’t Skip That Restart | Octagon Technology

If you’d like our team to check that the updates are being done, have a look here.

Do you want to know more?

Clive Catton MSc (Cyber Security) – by-line and other articles

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cyber Security Highlights

The Full Monty

Your Takeaway from Microsoft Patch Tuesday.

Why is Microsoft’s Patch Tuesday Important?

Further Reading