January 2025 [Experts Analyze New Hyper-V, Active Directory, and macOS Vulnerabilities]

Episode 15   Published January 14, 2025 14 minute watch

Summary

Automox security experts call January 2025 a light Patch Tuesday with two Windows flaws worth your attention. Seth Hoyt walks through CVE-2025-21293, an Active Directory Domain Services elevation-of-privilege bug that hands an attacker system-level admin if a victim opens a malicious file delivered by phishing. The Hyper-V kernel integration set, three CVEs, is the only group seen under active exploitation and can become a guest-to-host escape. Tom Bowyer covers the macOS 15.2 WebKit fixes, where a crafted website or malicious ad can trigger remote code execution, and why Mac is drawing more attacker attention as enterprise adoption grows.