Microsoft’s struggles with zero-days have stretched into 2025 with fresh news of a trio of already-exploited vulnerabilities in the Windows Hyper-V platform.

The software giant on Tuesday called urgent attention to three separate flaws in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) and warned that malicious attackers are already launching privilege escalation exploits.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said in a series of barebones advisories.

As is customary, the company did not release technical details or IOCs (indicators of compromise) to help defenders hunt for signs of compromise.

The three exploited zero-days — CVE-2025-21334, CVE-2025-21333 and CVE-2025-21335 — affect the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) that  handles efficient resource management and communication between the host system and guest virtual machines (VMs). 

The January Patch Tuesday rollout includes fixes for a whopping 160 security defects in a range of Windows OS, applications and components.  

Microsoft tagged 12 bulletins with critical-severity ratings and stressed that many of these issues can lead to remote code execution attacks.

Remote code execution risks have been identified in Microsoft Digest Authentication, Remote Desktop Services, WIndows OLE, Microsoft Excel and the Windows Reliable Multicast Transport Driver (RMCAST.

According to ZDI, a company that tracks software vulnerabilities , this is the largest number of CVEs addressed in any single month since at least 2017 and is more than double the usual amount of CVEs fixed in January. 

“This comes on the heels of a record number of December patches and could be an ominous sign for patch levels in 2025,” according to ZDI data.

Related: Microsoft Confirms Zero-Day Exploitation of Task Scheduler Flaw

Related: Zero-Day Summer: Microsoft Warns of Fresh New Software Exploits

Related: Microsoft Warns of Six Windows Zero-Days Being Actively Exploited

Related: Zero-Click Exploit Drive Urgent Patching of Windows TCP/IP Flaw