Immediately is Microsoft’s March 2025 Patch Tuesday, which incorporates security updates for 57 flaws, together with six actively exploited zero-day vulnerabilities.
This Patch Tuesday additionally fixes six “Vital” vulnerabilities, all distant code execution vulnerabilities.
The variety of bugs in every vulnerability class is listed beneath:
- 23 Elevation of Privilege Vulnerabilities
- 3 Safety Characteristic Bypass Vulnerabilities
- 23 Distant Code Execution Vulnerabilities
- 4 Data Disclosure Vulnerabilities
- 1 Denial of Service Vulnerabilities
- 3 Spoofing Vulnerabilities
The above numbers don’t embody Mariner flaws and 10 Microsoft Edge vulnerabilities mounted earlier this month.
To be taught extra in regards to the non-security updates launched at this time, you may assessment our devoted articles on the Home windows 11 KB5053598 & KB5053602 cumulative updates and the Home windows 10 KB5053606 replace.
Six actively exploited zero-days
This month’s Patch Tuesday fixes six actively exploited zero-days and one which was publicly uncovered, for a complete of seven zero-days.
Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited whereas no official repair is obtainable.
Just a few of the actively exploited zero days are associated to Home windows NTFS bugs that contain mounting VHD drives.
The actively exploited zero-day vulnerability in at this time’s updates are:
CVE-2025-24983 – Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Microsoft says this vulnerability will enable native attackers to realize SYSTEM privileges on the machine after successful a race situation.
Microsoft has not shared how the flaw was exploited in assaults. Nevertheless, because it was found by Filip Jurčacko with ESET, we are going to seemingly be taught extra in a future report.
BleepingComputer contacted ESET for extra details about this flaw.
CVE-2025-24984 – Home windows NTFS Data Disclosure Vulnerability
Microsoft says that this flaw will be exploited by attackers who’ve bodily entry to the machine and insert a malicious USB drive.
Exploiting the flaw permits the attackers to learn parts of heap reminiscence and steal info.
Microsoft says that this vulnerability was disclosed anonymously.
CVE-2025-24985 – Home windows Quick FAT File System Driver Distant Code Execution Vulnerability
Microsoft says that this distant code execution vulnerability is brought on by an integer overflow or wraparound in Home windows Quick FAT Driver that, when exploited, permits an attacker to execute code.
“An attacker can trick an area person on a susceptible system into mounting a specifically crafted VHD that will then set off the vulnerability,” explains Microsoft.
Whereas Microsoft has not shared particulars about the way it was exploited however malicious VHD pictures have been beforehand distributed in phishing assaults and thru pirated software program websites.
Microsoft says that this vulnerability was disclosed anonymously.
CVE-2025-24991 – Home windows NTFS Data Disclosure Vulnerability
Microsoft says that attackers can exploit this flaw to learn small parts heap reminiscence and steal info.
Attackers can exploit the flaw by tricking a person into mounting a malicious VHD file.
Microsoft says that this vulnerability was disclosed anonymously.
CVE-2025-24993 – Home windows NTFS Distant Code Execution Vulnerability
Microsoft says that this distant code execution vulnerability is brought on by a heap-based buffer overflow bug in Home windows NTFS that enables an attacker to execute code.
“An attacker can trick an area person on a susceptible system into mounting a specifically crafted VHD that will then set off the vulnerability,” explains Microsoft
Microsoft says that this vulnerability was disclosed anonymously.
CVE-2025-26633 – Microsoft Administration Console Safety Characteristic Bypass Vulnerability
Whereas Microsoft has not shared any particulars about this flaw, primarily based on its description, it might contain a bug that enables malicious Microsoft Administration Console (.msc) information to bypass Home windows security options and execute code.
“In an e-mail or prompt message assault situation, the attacker may ship the focused person a specifically crafted file that’s designed to take advantage of the vulnerability,” explains Microsoft.
“In any case an attacker would don’t have any option to pressure a person to view attacker-controlled content material. As an alternative, an attacker must persuade a person to take motion. For instance, an attacker may entice a person to both click on a hyperlink that directs the person to the attacker’s web site or ship a malicious attachment.”
Microsoft says Aliakbar Zahravi from Development Micro found this flaw. BleepingComputer contacted Development Micro to be taught extra about how this flaw was exploited.
The publicly disclosed zero-day is:
CVE-2025-26630 – Microsoft Entry Distant Code Execution Vulnerability
Microsoft says this distant code execution flaw is brought on by a use after free reminiscence bug in Microsoft Workplace Entry.
To use the flaw, a person should be tricked into opening a specifically crafted Entry file. This may be completed via phishing or social engineering assaults.
Nevertheless, the flaw can’t be exploited via the preview pane.
Microsoft says the flaw was found by Unpatched.ai.
Latest updates from different firms
Different distributors who launched updates or advisories in March 2025 embody:
The March 2025 Patch Tuesday Safety Updates
Under is the whole listing of resolved vulnerabilities within the March 2025 Patch Tuesday updates.
To entry the total description of every vulnerability and the programs it impacts, you may view the full report right here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET | CVE-2025-24043 | WinDbg Distant Code Execution Vulnerability | Necessary |
| ASP.NET Core & Visible Studio | CVE-2025-24070 | ASP.NET Core and Visible Studio Elevation of Privilege Vulnerability | Necessary |
| Azure Agent Installer | CVE-2025-21199 | Azure Agent Installer for Backup and Web site Restoration Elevation of Privilege Vulnerability | Necessary |
| Azure Arc | CVE-2025-26627 | Azure Arc Installer Elevation of Privilege Vulnerability | Necessary |
| Azure CLI | CVE-2025-24049 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | Necessary |
| Azure PromptFlow | CVE-2025-24986 | Azure Promptflow Distant Code Execution Vulnerability | Necessary |
| Kernel Streaming WOW Thunk Service Driver | CVE-2025-24995 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Necessary |
| Microsoft Native Safety Authority Server (lsasrv) | CVE-2025-24072 | Microsoft Native Safety Authority (LSA) Server Elevation of Privilege Vulnerability | Necessary |
| Microsoft Administration Console | CVE-2025-26633 | Microsoft Administration Console Safety Characteristic Bypass Vulnerability | Necessary |
| Microsoft Workplace | CVE-2025-24083 | Microsoft Workplace Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace | CVE-2025-26629 | Microsoft Workplace Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace | CVE-2025-24080 | Microsoft Workplace Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace | CVE-2025-24057 | Microsoft Workplace Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Entry | CVE-2025-26630 | Microsoft Entry Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Excel | CVE-2025-24081 | Microsoft Excel Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Excel | CVE-2025-24082 | Microsoft Excel Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Excel | CVE-2025-24075 | Microsoft Excel Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Phrase | CVE-2025-24077 | Microsoft Phrase Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Phrase | CVE-2025-24078 | Microsoft Phrase Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Phrase | CVE-2025-24079 | Microsoft Phrase Distant Code Execution Vulnerability | Necessary |
| Microsoft Streaming Service | CVE-2025-24046 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Necessary |
| Microsoft Streaming Service | CVE-2025-24067 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Necessary |
| Microsoft Home windows | CVE-2025-25008 | Home windows Server Elevation of Privilege Vulnerability | Necessary |
| Microsoft Home windows | CVE-2024-9157 | Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability | Necessary |
| Distant Desktop Shopper | CVE-2025-26645 | Distant Desktop Shopper Distant Code Execution Vulnerability | Vital |
| Function: DNS Server | CVE-2025-24064 | Home windows Area Title Service Distant Code Execution Vulnerability | Vital |
| Function: Home windows Hyper-V | CVE-2025-24048 | Home windows Hyper-V Elevation of Privilege Vulnerability | Necessary |
| Function: Home windows Hyper-V | CVE-2025-24050 | Home windows Hyper-V Elevation of Privilege Vulnerability | Necessary |
| Visible Studio | CVE-2025-24998 | Visible Studio Elevation of Privilege Vulnerability | Necessary |
| Visible Studio | CVE-2025-25003 | Visible Studio Elevation of Privilege Vulnerability | Necessary |
| Visible Studio Code | CVE-2025-26631 | Visible Studio Code Elevation of Privilege Vulnerability | Necessary |
| Home windows Frequent Log File System Driver | CVE-2025-24059 | Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability | Necessary |
| Home windows Cross Gadget Service | CVE-2025-24994 | Microsoft Home windows Cross Gadget Service Elevation of Privilege Vulnerability | Necessary |
| Home windows Cross Gadget Service | CVE-2025-24076 | Microsoft Home windows Cross Gadget Service Elevation of Privilege Vulnerability | Necessary |
| Home windows exFAT File System | CVE-2025-21180 | Home windows exFAT File System Distant Code Execution Vulnerability | Necessary |
| Home windows Quick FAT Driver | CVE-2025-24985 | Home windows Quick FAT File System Driver Distant Code Execution Vulnerability | Necessary |
| Home windows File Explorer | CVE-2025-24071 | Microsoft Home windows File Explorer Spoofing Vulnerability | Necessary |
| Home windows Kernel Reminiscence | CVE-2025-24997 | DirectX Graphics Kernel File Denial of Service Vulnerability | Necessary |
| Home windows Kernel-Mode Drivers | CVE-2025-24066 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Necessary |
| Home windows MapUrlToZone | CVE-2025-21247 | MapUrlToZone Safety Characteristic Bypass Vulnerability | Necessary |
| Home windows Mark of the Internet (MOTW) | CVE-2025-24061 | Home windows Mark of the Internet Safety Characteristic Bypass Vulnerability | Necessary |
| Home windows NTFS | CVE-2025-24993 | Home windows NTFS Distant Code Execution Vulnerability | Necessary |
| Home windows NTFS | CVE-2025-24984 | Home windows NTFS Data Disclosure Vulnerability | Necessary |
| Home windows NTFS | CVE-2025-24992 | Home windows NTFS Data Disclosure Vulnerability | Necessary |
| Home windows NTFS | CVE-2025-24991 | Home windows NTFS Data Disclosure Vulnerability | Necessary |
| Home windows NTLM | CVE-2025-24996 | NTLM Hash Disclosure Spoofing Vulnerability | Necessary |
| Home windows NTLM | CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability | Necessary |
| Home windows Distant Desktop Providers | CVE-2025-24035 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability | Vital |
| Home windows Distant Desktop Providers | CVE-2025-24045 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability | Vital |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-24051 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability | Necessary |
| Home windows Subsystem for Linux | CVE-2025-24084 | Home windows Subsystem for Linux (WSL2) Kernel Distant Code Execution Vulnerability | Vital |
| Home windows Telephony Server | CVE-2025-24056 | Home windows Telephony Service Distant Code Execution Vulnerability | Necessary |
| Home windows USB Video Driver | CVE-2025-24988 | Home windows USB Video Class System Driver Elevation of Privilege Vulnerability | Necessary |
| Home windows USB Video Driver | CVE-2025-24987 | Home windows USB Video Class System Driver Elevation of Privilege Vulnerability | Necessary |
| Home windows USB Video Driver | CVE-2025-24055 | Home windows USB Video Class System Driver Data Disclosure Vulnerability | Necessary |
| Home windows Win32 Kernel Subsystem | CVE-2025-24044 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Necessary |
| Home windows Win32 Kernel Subsystem | CVE-2025-24983 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Necessary |
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and how you can defend towards them.
