Microsoft Monthly Updates - 20250115004

wagov · Jan 15, 2025 · e13ac61 · e13ac61
1 parent 386666c
commit e13ac61
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/docs/advisories/20250115004-Microsoft-January-Updates.md b/docs/advisories/20250115004-Microsoft-January-Updates.md
@@ -0,0 +1,25 @@
+# Microsoft Monthly Updates - 20250115004
+
+## Overview
+
+Microsoft has released security updates to address 159 vulnerabilities in multiple products. A Cyber threat actor could leverage some of these vulnerabilities to exploit the affected system.
+
+## What is vulnerable?
+
+### Critical Vulnerabilities
+
+| Product(s) Affected           | CVE                                                               | CVSS | Severity |
+| ----------------------------- | ----------------------------------------------------------------- | ---- | -------- |
+| Windows NTLM | [CVE-2025-21311](https://nvd.nist.gov/vuln/detail/CVE-2025-21311) | 9.8  | Critical |
+| Windows OLE      | [CVE-2025-21298](https://nvd.nist.gov/vuln/detail/CVE-2025-21298) | 9.8  | Critical |
+| Reliable Multicast Transport Driver (RMCAST)      | [CVE-2025-21307](https://nvd.nist.gov/vuln/detail/CVE-2025-21307) | 9.8  | Critical |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Microsoft January 2025 Security Updates: <https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan>