Microsoft’s Patch Tuesday March 2025 update includes fixes for six actively exploited zero-days and an additional 10 vulnerabilities at higher risk of attack.
In all, the Patch Tuesday March 2025 update fixes 57 Microsoft CVEs and republishes an additional 10 non-Microsoft CVEs, including nine Chrome vulnerabilities and one from Synaptics.
Here’s a breakdown of the higher-risk vulnerabilities included in the Microsoft report, plus additional updates from other vendors issuing patch Tuesday fixes.
Zero Days: Patch Tuesday March 2025
The six zero-day vulnerabilities range in severity from 4.6 to 7.8 (CVSS:3.1). They include:
CVE-2025-24983 is a 7.0-severity Windows Win32 Kernel Subsystem Elevation of Privilege/Use After Free vulnerability. The vulnerability, reported by Filip Jurčacko of ESET, requires an attacker to win a race condition in order to gain SYSTEM privileges.
CVE-2025-24984 is a 4.6-rated Windows NTFS Information Disclosure/ Insertion of Sensitive Information into Log File vulnerability. Reported anonymously, the vulnerability requires physical access to the target computer to plug in a malicious USB drive to potentially read portions of heap memory.
CVE-2025-24985 is a 7.8-severity Windows Fast FAT File System Driver Remote Code Execution (RCE) vulnerability. Reported anonymously, the vulnerability requires an attacker to trick a local user on a vulnerable system into mounting a specially crafted virtual hard disk (VHD) to trigger the vulnerability.
CVE-2025-24991 is a 5.5-rated Windows NTFS Information Disclosure/Out-of-bounds Read vulnerability. Also requiring a local user on a vulnerable system to mount a specially crafted VHD, the vulnerability could potentially allow an attacker to read small portions of heap memory.
CVE-2025-24993 is a 7.8-rated Windows NTFS RCE/Heap-based Buffer Overflow vulnerability. Reported anonymously, the vulnerability also requires a local user on a vulnerable system to mount a specially crafted VHD to execute code locally.
CVE-2025-26633 is a 7.0-severity Microsoft Management Console Security Feature Bypass/Improper Neutralization vulnerability. Reported by Aliakbar Zahravi of Trend Micro, the vulnerability requires that a user open a specially crafted file sent by email or via a compromised website.
CISA followed by adding the six Microsoft zero-days to its Known Exploited Vulnerabilities (KEV) catalog.
Other High-Risk Microsoft Vulnerabilities
In addition to the six zero-days under active attack, Microsoft reported that an additional 10 vulnerabilities are “more likely” to be exploited. These vulnerabilities range in severity from 4.3 to 8.1 and include:
- CVE-2025-21180, a Windows exFAT File System Remote Code Execution vulnerability
- CVE-2025-21247, a MapUrlToZone Security Feature Bypass vulnerability
- CVE-2025-24035, a Windows Remote Desktop Services Remote Code Execution vulnerability
- CVE-2025-24044, a Windows Win32 Kernel Subsystem Elevation of Privilege vulnerability
- CVE-2025-24045, a Windows Remote Desktop Services Remote Code Execution vulnerability
- CVE-2025-24061, a Windows Mark of the Web Security Feature Bypass vulnerability
- CVE-2025-24066, a Windows Kernel Streaming Service Driver Elevation of Privilege vulnerability
- CVE-2025-24067, a Windows Kernel Streaming Service Driver Elevation of Privilege vulnerability
- CVE-2025-24992, a Windows NTFS Information Disclosure vulnerability
- CVE-2025-24995, a Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Other Vendors with Patch Tuesday Updates
Other vendors releasing updates on March 2025 Patch Tuesday include:
