January’s (2025) Patch Tuesday Damage Report

** 2 Weeks After Patch Tuesday **

A bunch of nothing-burgers!

With some closure from Microsoft on the System Guard Runtime Monitor Broker Service (SgrmBroker.exe) not running after update (been effectively deprecated for years) and other minor inconveniences (or great reprieves if you’re on work calls constantly), this month’s updates are pretty chill.

Server 2022

• Virtual machines with outdated VM tools installation causing high CPU consumption

Server 2016

• OneNote crashing when running Office version 2412

Windows 10

• 802.11x authentication failures

Miscellaneous

• USB audio devices might not work after update

---

** 72 Hours After Patch Tuesday **

Whelp, this month’s been a chatty one so far. We even have one report of Blue Screens of Death popping up. Of note though, we have two reports of local Windows authentication services causing disruptions (Kerberos and Local Security Authority Process), and System Guard runtime Monitor Broker Service not running after updates (this service protects the operating system from malicious code execution).

Some other mildly annoying disruptions have been reported as well, so certainly not a home run we were expecting to kick off the new year. 

No disruptions detected or reported on the trackd platform.

Windows 11

• Microsoft Teams no longer starting automatically/disappearing altogether

Server 2022

• Virtual machine unable to to find NIC
• Kerberos ticket granting disrupts SSO authentication with SAP
• Hyper-V VM Domain Controllers seemingly rebooting due to authentication bug (Kerberos and/or Local Security Authority Process).

Server 2016

• Office 365 apps crashing (has since been fixed)

Miscellaneous

• System Guard Runtime Monitor Broker Service (SgrmBroker.exe) not running after update (surprisingly no reported system disruption) (2nd, 3rd)
• Calculator app disappearing/greyed out
• Non-OS specific isolated of report blue screen when booting
• Outlook signatures dropdown text appears blank/missing
• .NET installation stalls/requires multiple reboots

---

Happy New Year! 

We’re ringing in 2025 with a whopping 159 vulnerabilities (3 criticals and 3 Hyper-V zero days). We also see 3 vulnerabilities that have functional exploit code, but are not actively being exploited.

Not too bad a start unless you have some Hyper-V to tend to and hopefully no major stability issues generally.

I’ll be back in ~72 hours with an update!

Zero Days:

• CVE-2025-21333 – Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege
• CVE-2025-21334 – Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege
• CVE-2025-21335 – Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege

New year; new patching cadence?