These days is Microsoft’s March 2025 Patch Tuesday, which incorporates safety updates for 57 flaws, together with six actively exploited zero-day vulnerabilities.
This Patch Tuesday additionally fixes 3 “Important” vulnerabilities, all far flung code execution vulnerabilities.
The selection of insects in each and every vulnerability class is indexed underneath:
- 23 Elevation of Privilege Vulnerabilities
- 3 Safety Characteristic Bypass Vulnerabilities
- 23 Far flung Code Execution Vulnerabilities
- 4 Knowledge Disclosure Vulnerabilities
- 1 Denial of Carrier Vulnerabilities
- 3 Spoofing Vulnerabilities
The above numbers don’t come with Mariner flaws and 10 Microsoft Edge vulnerabilities fastened previous this month.
To be informed extra concerning the non-security updates launched lately, you’ll evaluation our devoted articles at the Home windows 11 KB5053598 & KB5053602 cumulative updates.
Six actively exploited zero-days
This month’s Patch Tuesday fixes six actively exploited zero-days and person who was once publicly uncovered, for a complete of 7 zero-days.
Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited whilst no legitimate repair is to be had.
A number of the actively exploited 0 days are associated with Home windows NTFS insects that contain mounting VHD drives.
The actively exploited zero-day vulnerability in lately’s updates are:
CVE-2025-24983 – Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Microsoft says this vulnerability will permit native attackers to achieve SYSTEM privileges at the software after profitable a race situation.
Microsoft has no longer shared how the flaw was once exploited in assaults. On the other hand, because it was once came upon by way of Filip Jurčacko with ESET, we will be able to most likely be told extra in a long term file.
BleepingComputer contacted ESET for more info about this flaw.
CVE-2025-24984 – Home windows NTFS Knowledge Disclosure Vulnerability
Microsoft says that this flaw will also be exploited by way of attackers who’ve bodily get entry to to the software and insert a malicious USB force.
Exploiting the flaw lets in the attackers to learn parts of heap reminiscence and thieve knowledge.
Microsoft says that this vulnerability was once disclosed anonymously.
CVE-2025-24985 – Home windows Speedy FAT Report Machine Motive force Far flung Code Execution Vulnerability
Microsoft says that this far flung code execution vulnerability is brought about by way of an integer overflow or wraparound in Home windows Speedy FAT Motive force that, when exploited, lets in an attacker to execute code.
“An attacker can trick a neighborhood person on a susceptible machine into mounting a specifically crafted VHD that may then cause the vulnerability,” explains Microsoft.
Whilst Microsoft has no longer shared information about the way it was once exploited however malicious VHD photographs have been in the past allotted in phishing assaults and thru pirated tool websites.
Microsoft says that this vulnerability was once disclosed anonymously.
CVE-2025-24991 – Home windows NTFS Knowledge Disclosure Vulnerability
Microsoft says that attackers can exploit this flaw to learn small parts heap reminiscence and thieve knowledge.
Attackers can exploit the flaw by way of tricking a person into mounting a malicious VHD record.
Microsoft says that this vulnerability was once disclosed anonymously.
CVE-2025-24993 – Home windows NTFS Far flung Code Execution Vulnerability
Microsoft says that this far flung code execution vulnerability is brought about by way of a heap-based buffer overflow computer virus in Home windows NTFS that permits an attacker to execute code.
“An attacker can trick a neighborhood person on a susceptible machine into mounting a specifically crafted VHD that may then cause the vulnerability,” explains Microsoft
Microsoft says that this vulnerability was once disclosed anonymously.
CVE-2025-26633 – Microsoft Control Console Safety Characteristic Bypass Vulnerability
Whilst Microsoft has no longer shared any information about this flaw, in response to its description, it should contain a computer virus that permits malicious Microsoft Control Console (.msc) recordsdata to circumvent Home windows safety features and execute code.
“In an e mail or rapid message assault situation, the attacker may just ship the centered person a specifically crafted record this is designed to take advantage of the vulnerability,” explains Microsoft.
“Finally an attacker would don’t have any technique to power a person to view attacker-controlled content material. As a substitute, an attacker must persuade a person to do so. As an example, an attacker may just trap a person to both click on a hyperlink that directs the person to the attacker’s web site or ship a malicious attachment.”
Microsoft says Aliakbar Zahravi from Development Micro came upon this flaw. BleepingComputer contacted Development Micro to be told extra about how this flaw was once exploited.
The publicly disclosed zero-day is:
CVE-2025-26630 – Microsoft Get admission to Far flung Code Execution Vulnerability
Microsoft says this far flung code execution flaw is brought about by way of a use after loose reminiscence computer virus in Microsoft Place of business Get admission to.
To milk the flaw, a person should be tricked into opening a specifically crafted Get admission to record. This will also be completed via phishing or social engineering assaults.
On the other hand, the flaw can’t be exploited during the preview pane.
Microsoft has no longer shared who disclosed this flaw.
Fresh updates from different corporations
Different distributors who launched updates or advisories in March 2025 come with:
The March 2025 Patch Tuesday Safety Updates
Underneath is your complete record of resolved vulnerabilities within the March 2025 Patch Tuesday updates.
To get entry to the whole description of each and every vulnerability and the techniques it impacts, you’ll view the complete file right here.
| Tag | CVE ID | CVE Identify | Severity |
|---|---|---|---|
| .NET | CVE-2025-24043 | WinDbg Far flung Code Execution Vulnerability | Essential |
| ASP.NET Core & Visible Studio | CVE-2025-24070 | ASP.NET Core and Visible Studio Elevation of Privilege Vulnerability | Essential |
| Azure Agent Installer | CVE-2025-21199 | Azure Agent Installer for Backup and Web page Restoration Elevation of Privilege Vulnerability | Essential |
| Azure Arc | CVE-2025-26627 | Azure Arc Installer Elevation of Privilege Vulnerability | Essential |
| Azure CLI | CVE-2025-24049 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | Essential |
| Azure PromptFlow | CVE-2025-24986 | Azure Promptflow Far flung Code Execution Vulnerability | Essential |
| Kernel Streaming WOW Thunk Carrier Motive force | CVE-2025-24995 | Kernel Streaming WOW Thunk Carrier Motive force Elevation of Privilege Vulnerability | Essential |
| Microsoft Native Safety Authority Server (lsasrv) | CVE-2025-24072 | Microsoft Native Safety Authority (LSA) Server Elevation of Privilege Vulnerability | Essential |
| Microsoft Control Console | CVE-2025-26633 | Microsoft Control Console Safety Characteristic Bypass Vulnerability | Essential |
| Microsoft Place of business | CVE-2025-24083 | Microsoft Place of business Far flung Code Execution Vulnerability | Essential |
| Microsoft Place of business | CVE-2025-26629 | Microsoft Place of business Far flung Code Execution Vulnerability | Essential |
| Microsoft Place of business | CVE-2025-24080 | Microsoft Place of business Far flung Code Execution Vulnerability | Essential |
| Microsoft Place of business | CVE-2025-24057 | Microsoft Place of business Far flung Code Execution Vulnerability | Important |
| Microsoft Place of business Get admission to | CVE-2025-26630 | Microsoft Get admission to Far flung Code Execution Vulnerability | Essential |
| Microsoft Place of business Excel | CVE-2025-24081 | Microsoft Excel Far flung Code Execution Vulnerability | Essential |
| Microsoft Place of business Excel | CVE-2025-24082 | Microsoft Excel Far flung Code Execution Vulnerability | Essential |
| Microsoft Place of business Excel | CVE-2025-24075 | Microsoft Excel Far flung Code Execution Vulnerability | Essential |
| Microsoft Place of business Phrase | CVE-2025-24077 | Microsoft Phrase Far flung Code Execution Vulnerability | Essential |
| Microsoft Place of business Phrase | CVE-2025-24078 | Microsoft Phrase Far flung Code Execution Vulnerability | Essential |
| Microsoft Place of business Phrase | CVE-2025-24079 | Microsoft Phrase Far flung Code Execution Vulnerability | Essential |
| Microsoft Streaming Carrier | CVE-2025-24046 | Kernel Streaming Carrier Motive force Elevation of Privilege Vulnerability | Essential |
| Microsoft Streaming Carrier | CVE-2025-24067 | Kernel Streaming Carrier Motive force Elevation of Privilege Vulnerability | Essential |
| Microsoft Home windows | CVE-2025-25008 | Home windows Server Elevation of Privilege Vulnerability | Essential |
| Microsoft Home windows | CVE-2024-9157 | Synaptics: CVE-2024-9157 Synaptics Carrier Binaries DLL Loading Vulnerability | Essential |
| Far flung Desktop Shopper | CVE-2025-26645 | Far flung Desktop Shopper Far flung Code Execution Vulnerability | Important |
| Position: DNS Server | CVE-2025-24064 | Home windows Area Identify Carrier Far flung Code Execution Vulnerability | Important |
| Position: Home windows Hyper-V | CVE-2025-24048 | Home windows Hyper-V Elevation of Privilege Vulnerability | Essential |
| Position: Home windows Hyper-V | CVE-2025-24050 | Home windows Hyper-V Elevation of Privilege Vulnerability | Essential |
| Visible Studio | CVE-2025-24998 | Visible Studio Elevation of Privilege Vulnerability | Essential |
| Visible Studio | CVE-2025-25003 | Visible Studio Elevation of Privilege Vulnerability | Essential |
| Visible Studio Code | CVE-2025-26631 | Visible Studio Code Elevation of Privilege Vulnerability | Essential |
| Home windows Not unusual Log Report Machine Motive force | CVE-2025-24059 | Home windows Not unusual Log Report Machine Motive force Elevation of Privilege Vulnerability | Essential |
| Home windows Pass Tool Carrier | CVE-2025-24994 | Microsoft Home windows Pass Tool Carrier Elevation of Privilege Vulnerability | Essential |
| Home windows Pass Tool Carrier | CVE-2025-24076 | Microsoft Home windows Pass Tool Carrier Elevation of Privilege Vulnerability | Essential |
| Home windows exFAT Report Machine | CVE-2025-21180 | Home windows exFAT Report Machine Far flung Code Execution Vulnerability | Essential |
| Home windows Speedy FAT Motive force | CVE-2025-24985 | Home windows Speedy FAT Report Machine Motive force Far flung Code Execution Vulnerability | Essential |
| Home windows Report Explorer | CVE-2025-24071 | Microsoft Home windows Report Explorer Spoofing Vulnerability | Essential |
| Home windows Kernel Reminiscence | CVE-2025-24997 | DirectX Graphics Kernel Report Denial of Carrier Vulnerability | Essential |
| Home windows Kernel-Mode Drivers | CVE-2025-24066 | Kernel Streaming Carrier Motive force Elevation of Privilege Vulnerability | Essential |
| Home windows MapUrlToZone | CVE-2025-21247 | MapUrlToZone Safety Characteristic Bypass Vulnerability | Essential |
| Home windows Mark of the Internet (MOTW) | CVE-2025-24061 | Home windows Mark of the Internet Safety Characteristic Bypass Vulnerability | Essential |
| Home windows NTFS | CVE-2025-24993 | Home windows NTFS Far flung Code Execution Vulnerability | Essential |
| Home windows NTFS | CVE-2025-24984 | Home windows NTFS Knowledge Disclosure Vulnerability | Essential |
| Home windows NTFS | CVE-2025-24992 | Home windows NTFS Knowledge Disclosure Vulnerability | Essential |
| Home windows NTFS | CVE-2025-24991 | Home windows NTFS Knowledge Disclosure Vulnerability | Essential |
| Home windows NTLM | CVE-2025-24996 | NTLM Hash Disclosure Spoofing Vulnerability | Essential |
| Home windows NTLM | CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability | Essential |
| Home windows Far flung Desktop Products and services | CVE-2025-24035 | Home windows Far flung Desktop Products and services Far flung Code Execution Vulnerability | Important |
| Home windows Far flung Desktop Products and services | CVE-2025-24045 | Home windows Far flung Desktop Products and services Far flung Code Execution Vulnerability | Important |
| Home windows Routing and Far flung Get admission to Carrier (RRAS) | CVE-2025-24051 | Home windows Routing and Far flung Get admission to Carrier (RRAS) Far flung Code Execution Vulnerability | Essential |
| Home windows Subsystem for Linux | CVE-2025-24084 | Home windows Subsystem for Linux (WSL2) Kernel Far flung Code Execution Vulnerability | Important |
| Home windows Telephony Server | CVE-2025-24056 | Home windows Telephony Carrier Far flung Code Execution Vulnerability | Essential |
| Home windows USB Video Motive force | CVE-2025-24988 | Home windows USB Video Elegance Machine Motive force Elevation of Privilege Vulnerability | Essential |
| Home windows USB Video Motive force | CVE-2025-24987 | Home windows USB Video Elegance Machine Motive force Elevation of Privilege Vulnerability | Essential |
| Home windows USB Video Motive force | CVE-2025-24055 | Home windows USB Video Elegance Machine Motive force Knowledge Disclosure Vulnerability | Essential |
| Home windows Win32 Kernel Subsystem | CVE-2025-24044 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Essential |
| Home windows Win32 Kernel Subsystem | CVE-2025-24983 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Essential |
In keeping with an research of 14M malicious movements, uncover the highest 10 MITRE ATT&CK tactics at the back of 93% of assaults and how you can protect towards them.