Featured Story
WARNING: Microsoft Patch Tuesday January – Patch Immediately!
Microsoft patched 157 vulnerabilities in its January 2025 Patch Tuesday release, including 5 zero-day vulnerabilities and 3 that are actively exploited. The most notable include:
- Hyper-V (CVE-2025-21333, 21334, 21335): Privilege escalation flaws exploited in the wild.
- Microsoft Access (CVE-2025-21186, 21366, 21395): Remote code execution vulnerabilities requiring user interaction.
- Windows OLE (CVE-2025-21298): Critical RCE vulnerability via malicious emails (CVSS 9.8).
- NTLMv1 (CVE-2025-21311): Privilege escalation through a deprecated protocol (CVSS 9.8).
Microsoft’s January release is particularly urgent, with active exploitation reported. Administrators should prioritize patching, especially for RCE and privilege escalation flaws. Review Microsoft’s full update list and disable legacy protocols like NTLMv1 to reduce exposure.
Other Stories
CISA Shares Guidance for Microsoft Expanded Logging Capabilities
CISA has issued guidance for using Microsoft 365’s newly expanded audit logs. These logs, now available to standard Purview Audit users, enhance threat hunting by exposing key security events like email access and admin operations.
Previously restricted logs like
MailItemsAccessed are now widely accessible, enabling better detection of threats such as Business Email Compromise and insider attacks. Organizations should integrate these logs and ensure analysts know how to interpret them effectively.7-Zip Fixes Bug That Bypasses Windows MoTW Security Warnings
Tracked as CVE-2025-0411, this 7-Zip vulnerability lets attackers bypass Windows’ Mark-of-the-Web (MoTW) flag when extracting nested archives. Malicious files may execute without standard warnings. Fixed in version 24.09 (November 2024), but many systems remain unpatched due to 7-Zip’s lack of auto-update.
We strongly advise all users to upgrade to version 24.09 or later immediately. This vulnerability could allow malware like DarkGate or DarkMe to bypass user defenses. Organizations should include 7-Zip in their patch management programs.
Phishing Emails in Circulation in the Name of Bol.com
Cybercriminals are impersonating Bol.com in fraudulent emails promising fake rewards like cheap Adidas sneakers. These messages are not from the legitimate e-commerce store and aim to harvest user credentials or install malware.
Key tips to avoid phishing:
- Never click on suspicious links—visit the official website directly
- Don’t open unexpected attachments
- Don’t install software from emails
Report suspicious emails to: suspicious@safeonweb.be. Our SOC is also available to help assess questionable communications.
Contact the Approach Cyber SOC team for tailored support and training programs.
