Microsoft has launched its March 2025 safety updates, addressing a complete of 57 vulnerabilities, together with six that had been actively being exploited earlier than the patch was accessible as a part of the corporate’s Patch Tuesday. Moreover, one vulnerability was publicly disclosed earlier than a repair was launched, bringing the overall variety of zero-day flaws to seven.
In your data, Patch Tuesday is the second Tuesday of every month when Microsoft releases safety updates, bug fixes, and software program patches for Home windows, Workplace, and different Microsoft merchandise. It’s a scheduled replace cycle aimed toward bettering safety and stability.
The March 2025 Patch Tuesday replace addresses a number of safety points, together with 23 elevations of privilege vulnerabilities, 3 safety characteristic bypass vulnerabilities, 23 distant code execution vulnerabilities, 4 data disclosure vulnerabilities, 1 denial of service vulnerability, and three spoofing vulnerabilities. These counts don’t embody vulnerabilities patched in Mariner or Microsoft Edge earlier within the month.
Six of the zero-day vulnerabilities had been being actively exploited. One, tracked as CVE-2025-24983, allows native attackers to achieve system-level privileges by exploiting a race situation within the Home windows Win32 Kernel Subsystem the place a number of processes concurrently entry or modify shared sources. This flaw impacts numerous Home windows variations.
CVE-2025-24991 and CVE-2025-24984 are data disclosure vulnerabilities present in Home windows NTFS that enable an attacker with bodily entry to a Home windows gadget to learn delicate data from the system’s reminiscence, and entry parts of “heap reminiscence,” a dynamic allocation area, by inserting a malicious USB drive, doubtlessly stealing delicate knowledge or credentials. The publicly disclosed zero-day vulnerability, CVE-2025-26630, is a distant code execution (RCE) flaw in Microsoft Entry brought on by a use-after-free reminiscence bug.
Different zero-day vulnerabilities embody CVE-2025-24985, one other RCE flaw within the Home windows Quick FAT File System Driver brought on by an integer overflow. CVE-2025-24993 is a distant code execution vulnerability in Home windows NTFS brought on by a heap-based buffer overflow. These vulnerabilities might be exploited by tricking customers into mounting a crafted VHD file, permitting attackers to execute their code.
Lastly, CVE-2025-26633, a safety characteristic bypass within the Microsoft Administration Console. The attacker should persuade a consumer to work together with a malicious hyperlink or file, similar to a specifically crafted MMC (.msc) file. If profitable, the attacker can circumvent safety measures and achieve unauthorized entry to administrative instruments and system settings,
The six essential vulnerabilities, all RCE flaws with CVSS scores ranging between 7.8 via 8.8, have an effect on numerous Microsoft merchandise. Two of those influence Home windows Distant Desktop Companies (CVE-2025-24045 and CVE-2025-24035), whereas the others relate to Microsoft Workplace, Home windows Area Identify Service (CVE-2025-24064), Distant Desktop Consumer, and Home windows Subsystem for Linux Kernel (CVE-2025-24084).
The NTFS and FAT RCE flaws are highlighted as significantly regarding, as they’re a part of an exploit chain that features the NTFS data disclosure vulnerabilities. These vulnerabilities are associated to mounting digital laborious disk (VHD) recordsdata, which might be used to ship malware payloads.
Along with Microsoft, different distributors have additionally released security updates or advisories in March 2025. These embody Broadcom, Cisco, Edimax, Google, Ivanti, Fortinet, Paragon, and SAP.
Consultants emphasize the significance of making use of these patches promptly, significantly these addressing zero-day vulnerabilities. CVE-2025-24057 and CVE-2025-26630 require Workplace updates and customers of Workplace 2016 want to put in two particular patches.
Safety updates for March 2025 are actually accessible. Particulars can be found right here: https://t.co/ItXjYLFR2w #PatchTuesday #SecurityUpdateGuide pic.twitter.com/Wx1JOTwTZ2
— Safety Response (@msftsecresponse) March 11, 2025
Skilled Insights on Key Vulnerabilities
Cybersecurity consultants at Immersive have highlighted a number of vulnerabilities that warrant fast consideration:
- Home windows NTFS / FAT Distant Code Execution (CVE-2025-24984, CVE-2025-24985, CVE-2025-24991, CVE-2025-24993)
These 4 actively exploited flaws relate to distant code execution through Digital Exhausting Disk (VHD) recordsdata. Whereas not remotely exploitable over a community, attackers can trick customers into mounting malicious VHDs, doubtlessly delivering malware. Organizations ought to monitor for VHD recordsdata in emails or downloads and apply safety restrictions the place doable. Kev Breen, Senior Director of Risk Analysis, Immersive.
- Microsoft Administration Console Safety Bypass (CVE-2025-26633)
Attackers are exploiting this flaw to bypass safety restrictions through social engineering. Customers could obtain malicious
.mscrecordsdata via phishing emails or compromised web sites. Safety groups ought to monitor for.mscexecutions from untrusted sources to detect potential exploitation. Kev Breen, Senior Director of Risk Analysis, Immersive.
- Home windows Distant Desktop Companies RCE (CVE-2025-24035)
This essential vulnerability allows distant attackers to execute arbitrary code on programs with Distant Desktop Gateway enabled. Profitable exploitation might result in malware deployment, lateral motion, and safety instrument evasion. Ben Hopkins, Cybersecurity Engineer, Immersive.
- Mark of the Internet (MoTW) Bypass (CVE-2025-24061)
Attackers can exploit this flaw to bypass Home windows’ safety warnings on downloaded recordsdata. Malicious
.urlrecordsdata or web-based lures can trick customers into executing dangerous content material. As related vulnerabilities have been actively exploited previously, this stays a high-risk situation. Ben Hopkins, Cybersecurity Engineer, Immersive.
- Win32 Kernel Subsystem Privilege Escalation (CVE-2025-24983)
A race situation vulnerability permits attackers to escalate privileges to the SYSTEM degree, gaining full management over affected programs. This could allow safety evasion and credential theft utilizing instruments like Mimikatz. Microsoft has confirmed in-the-wild exploitation, reinforcing the necessity for fast patching. Natalie Silva, Lead Cybersecurity Engineer, Immersive.
Safety consultants emphasize that organizations ought to prioritize patching these vulnerabilities, particularly these actively exploited, to cut back the chance of compromise.
