Summary
Automox security experts call January 2025 a light Patch Tuesday with two Windows flaws worth your attention. Seth Hoyt walks through CVE-2025-21293, an Active Directory Domain Services elevation-of-privilege bug that hands an attacker system-level admin if a victim opens a malicious file delivered by phishing. The Hyper-V kernel integration set, three CVEs, is the only group seen under active exploitation and can become a guest-to-host escape. Tom Bowyer covers the macOS 15.2 WebKit fixes, where a crafted website or malicious ad can trigger remote code execution, and why Mac is drawing more attacker attention as enterprise adoption grows.
)
)
)
)
)