January 2025 Patch Tuesday: 10 Critical Vulnerabilities and Eight Zero-Days Among 159 CVEs

This bulletin summarizes numerous Microsoft vulnerabilities—several critical RCEs and EoP flaws (multiple CVEs) affecting Hyper-V, Office Access, Remote Desktop Services, OLE, NTLMv1, BranchCache, and other components—notes active exploitation of Hyper-V zero-days and public disclosure of some Office access flaws, provides CVSS ratings (up to 9.8), attack vectors, and mitigation recommendations (patching, network-level controls, NTLM restrictions).