serisec

Microsoft March 2025 Patch Tuesday: Fixes for 57 Vulnerabilities & 6 Actively Exploited Zero-Days

Microsoft March 2025 Patch Tuesday: Fixes for 57 Vulnerabilities & 6 Actively Exploited Zero-Days











Microsoft’s March 2025 Patch Tuesday addresses 57 vulnerabilities, including six zero-day vulnerabilities that are currently being exploited. The security update includes fixes for Windows, Microsoft Office, Azure, and other components.

The March patch tuesday update included fixes for:

In addition to the zero-day flaws, this Patch Tuesday includes fixes for:

  • 23 Elevation of Privilege Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 23 Remote Code Execution Vulnerabilities
  • 4 Information Disclosure Vulnerabilities
  • 1 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities

Zero-Day Vulnerabilities

A zero-day vulnerability is one that is actively exploited or publicly disclosed before an official patch is available1. This month’s Patch Tuesday addresses six actively exploited zero-day flaws and one that has been publicly exposed1.

The actively exploited zero-day vulnerabilities included in today’s updates are:

  • CVE-2025-24983Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability This vulnerability allows a local attacker to gain SYSTEM privileges on a device after winning a race condition. Filip Jurčacko reported it from ESET, who found that the exploit was deployed via the PipeMagic backdoor and targeted older Windows versions, such as Windows 8.1 and Server 2012 R2. The vulnerability is also present in newer Windows OS versions, including Windows 10 build 1809 and Windows Server 2016.
  • CVE-2025-24984Windows NTFS Information Disclosure Vulnerability Attackers with physical access to a device can exploit this vulnerability by inserting a malicious USB drive to read portions of heap memory and steal information.
  • CVE-2025-24985Windows Fast FAT File System Driver Remote Code Execution Vulnerability This vulnerability is a combination of integer overflow and heap-based buffer overflow defects in the Windows Fast FAT File System Driver.
  • CVE-2025-24991Windows NTFS Information Disclosure Vulnerability
  • CVE-2025-24993Windows NTFS Remote Code Execution Vulnerability An attacker could exploit these vulnerabilities by tricking a target into mounting a malicious virtual hard disk, which could lead to local code execution or disclosure of memory contents.
  • CVE-2025-26633Microsoft Management Console Security Feature Bypass Vulnerability Exploitation requires user interaction, where an attacker must convince a user to click a malicious link or open a malicious file to circumvent security restrictions and gain unauthorized access to administrative tools or system settings.

Other Important Vulnerabilities

Some of the critical vulnerabilities that have been fixed this month include:

  • CVE-2025-24045 and CVE-2025-24035 These are two critical vulnerabilities in Windows Remote Desktop Services (RDS). An attacker could exploit these vulnerabilities by connecting to a system with the Remote Desktop Gateway role, triggering a race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.
  • CVE-2025-24044 – Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerabilities A local, authenticated attacker would need to win a race condition in order to exploit this vulnerability. Successful exploitation of the vulnerability would allow the attacker to gain SYSTEM privileges.
  • CVE-2025-24064 – Windows Domain Name Service Remote Code Execution Vulnerability
  • CVE-2025-24084 – Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability

Microsoft March 2025 Patch Tuesday Vulnerabilities List

Tag CVE ID CVE Title Severity
Microsoft Office CVE-2025-24057 Microsoft Office Remote Code Execution Vulnerability Critical
Remote Desktop Client CVE-2025-26645 Remote Desktop Client Remote Code Execution Vulnerability Critical
Role: DNS Server CVE-2025-24064 Windows Domain Name Service Remote Code Execution Vulnerability Critical
Windows Remote Desktop Services CVE-2025-24035 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical
Windows Remote Desktop Services CVE-2025-24045 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical
Windows Subsystem for Linux CVE-2025-24084 Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability Critical
.NET CVE-2025-24043 WinDbg Remote Code Execution Vulnerability Important
ASP.NET Core & Visual Studio CVE-2025-24070 ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability Important
Azure Agent Installer CVE-2025-21199 Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability Important
Azure Arc CVE-2025-26627 Azure Arc Installer Elevation of Privilege Vulnerability Important
Azure CLI CVE-2025-24049 Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability Important
Azure PromptFlow CVE-2025-24986 Azure Promptflow Remote Code Execution Vulnerability Important
Kernel Streaming WOW Thunk Service Driver CVE-2025-24995 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Important
Microsoft Local Security Authority Server (lsasrv) CVE-2025-24072 Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability Important
Microsoft Management Console CVE-2025-26633 Microsoft Management Console Security Feature Bypass Vulnerability Important
Microsoft Office CVE-2025-24083 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office CVE-2025-26629 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office CVE-2025-24080 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office Access CVE-2025-26630 Microsoft Access Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2025-24081 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2025-24082 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2025-24075 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Word CVE-2025-24077 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Office Word CVE-2025-24078 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Office Word CVE-2025-24079 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Streaming Service CVE-2025-24046 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Important
Microsoft Streaming Service CVE-2025-24067 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2025-25008 Windows Server Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2024-9157 Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability Important
Role: Windows Hyper-V CVE-2025-24048 Windows Hyper-V Elevation of Privilege Vulnerability Important
Role: Windows Hyper-V CVE-2025-24050 Windows Hyper-V Elevation of Privilege Vulnerability Important
Visual Studio CVE-2025-24998 Visual Studio Elevation of Privilege Vulnerability Important
Visual Studio CVE-2025-25003 Visual Studio Elevation of Privilege Vulnerability Important
Visual Studio Code CVE-2025-26631 Visual Studio Code Elevation of Privilege Vulnerability Important
Windows Common Log File System Driver CVE-2025-24059 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Cross Device Service CVE-2025-24994 Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability Important
Windows Cross Device Service CVE-2025-24076 Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability Important
Windows exFAT File System CVE-2025-21180 Windows exFAT File System Remote Code Execution Vulnerability Important
Windows Fast FAT Driver CVE-2025-24985 Windows Fast FAT File System Driver Remote Code Execution Vulnerability Important
Windows File Explorer CVE-2025-24071 Microsoft Windows File Explorer Spoofing Vulnerability Important
Windows Kernel Memory CVE-2025-24997 DirectX Graphics Kernel File Denial of Service Vulnerability Important
Windows Kernel-Mode Drivers CVE-2025-24066 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Important
Windows MapUrlToZone CVE-2025-21247 MapUrlToZone Security Feature Bypass Vulnerability Important
Windows Mark of the Web (MOTW) CVE-2025-24061 Windows Mark of the Web Security Feature Bypass Vulnerability Important
Windows NTFS CVE-2025-24993 Windows NTFS Remote Code Execution Vulnerability Important
Windows NTFS CVE-2025-24984 Windows NTFS Information Disclosure Vulnerability Important
Windows NTFS CVE-2025-24992 Windows NTFS Information Disclosure Vulnerability Important
Windows NTFS CVE-2025-24991 Windows NTFS Information Disclosure Vulnerability Important
Windows NTLM CVE-2025-24996 NTLM Hash Disclosure Spoofing Vulnerability Important
Windows NTLM CVE-2025-24054 NTLM Hash Disclosure Spoofing Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-24051 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Telephony Server CVE-2025-24056 Windows Telephony Service Remote Code Execution Vulnerability Important
Windows USB Video Driver CVE-2025-24988 Windows USB Video Class System Driver Elevation of Privilege Vulnerability Important
Windows USB Video Driver CVE-2025-24987 Windows USB Video Class System Driver Elevation of Privilege Vulnerability Important
Windows USB Video Driver CVE-2025-24055 Windows USB Video Class System Driver Information Disclosure Vulnerability Important
Windows Win32 Kernel Subsystem CVE-2025-24044 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Important
Windows Win32 Kernel Subsystem CVE-2025-24983 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Important

This ensures that all Critical vulnerabilities are prioritized at the top, followed by Important ones. Let me know if you need any modifications!

Given the number of actively exploited vulnerabilities, system administrators must apply these patches as soon as possible to protect their systems from potential attacks.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free. 

The post Microsoft March 2025 Patch Tuesday: Fixes for 57 Vulnerabilities & 6 Actively Exploited Zero-Days appeared first on Cyber Security News.






Guru Baran





Go to cyber-security-news




Posted

in

, , ,

by

leeanne

Tags: