Microsoft has rolled out its March 2025 Patch Tuesday update, addressing a total of 57 vulnerabilities across its software ecosystem, including 6 actively exploited Zero-day vulnerabilities.
This release includes fixes for:
- 23 Remote Code Execution Vulnerabilities
- 23 Elevation of Privilege Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 4 Information Disclosure Vulnerabilities
- 3 Spoofing Vulnerabilities
- 1 Denial of Service Vulnerability
Issued on the second Tuesday of each month, this update is vital for users and administrators, as attackers are already exploiting several of these flaws in the wild.
Below is a detailed look at the six zero-day vulnerabilities patched in this release, alongside the broader scope of the update.
Zero-Day Vulnerabilities
CVE-2025-24983: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
This zero-day allows local attackers to escalate privileges to SYSTEM level by winning a race condition.
Discovered by Filip Jurčacko of ESET, this use-after-free flaw stems from improper memory management, enabling attackers to execute malicious code on already compromised systems.
While Microsoft has not disclosed specific attack details, ESET is expected to release further insights, highlighting the severity of this privilege escalation threat.
CVE-2025-24984: Windows NTFS Information Disclosure Vulnerability
Attackers with physical access to a device can exploit this vulnerability by inserting a malicious USB drive, allowing them to read portions of heap memory and extract sensitive information.
Reported anonymously, this flaw poses a significant risk in environments where physical security is not tightly controlled, emphasizing the need for robust endpoint protection.
CVE-2025-24985: Windows Fast FAT File System Driver Remote Code Execution Vulnerability
Caused by an integer overflow and heap-based buffer overflow in the Windows Fast FAT Driver, this vulnerability enables remote code execution.
Attackers can exploit it by tricking users into mounting a specially crafted virtual hard disk (VHD), a tactic previously seen in phishing campaigns and pirated software distribution.
Microsoft notes this flaw, also anonymously disclosed, underscores the dangers of unverified file sources.
CVE-2025-24991: Windows NTFS Information Disclosure Vulnerability
Similar to CVE-2025-24984, this flaw allows attackers to access small portions of heap memory by convincing a user to mount a malicious VHD file.
Disclosed anonymously, it highlights a recurring vulnerability in the NTFS system, potentially exposing sensitive data to attackers who can socially engineer their targets effectively.
CVE-2025-24993: Windows NTFS Remote Code Execution Vulnerability
This zero-day involves a heap-based buffer overflow in the NTFS system, enabling attackers to execute code remotely.
Like CVE-2025-24985, exploitation requires a user to mount a malicious VHD, making it a potent threat in targeted attacks.
Reported anonymously, it reinforces the critical need for user awareness and timely patching.
CVE-2025-26633: Microsoft Management Console Security Feature Bypass Vulnerability
This vulnerability allows attackers to bypass security features in the Microsoft Management Console by tricking users into interacting with malicious files or links.
Though specific exploitation details are limited, this anonymously reported flaw could grant unauthorized access to administrative tools, amplifying its potential impact when paired with other exploits.
In addition to these zero-days, the update addresses a seventh zero-day that was publicly disclosed but not actively exploited.
With 57 total fixes, including critical remote code execution flaws, Microsoft urges immediate deployment to mitigate ongoing threats.
The high number of actively exploited vulnerabilities suggests advanced threat actors are already leveraging these weaknesses, making this Patch Tuesday a pivotal moment for cybersecurity in 2025.
Microsoft Patch Tuesday March 2025 Vulnerabilities List
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Microsoft Office | CVE-2025-24057 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Remote Desktop Client | CVE-2025-26645 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| Role: DNS Server | CVE-2025-24064 | Windows Domain Name Service Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Services | CVE-2025-24035 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Services | CVE-2025-24045 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Subsystem for Linux | CVE-2025-24084 | Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability | Critical |
| .NET | CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability | Important |
| ASP.NET Core & Visual Studio | CVE-2025-24070 | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability | Important |
| Azure Agent Installer | CVE-2025-21199 | Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Arc | CVE-2025-26627 | Azure Arc Installer Elevation of Privilege Vulnerability | Important |
| Azure CLI | CVE-2025-24049 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | Important |
| Azure PromptFlow | CVE-2025-24986 | Azure Promptflow Remote Code Execution Vulnerability | Important |
| Kernel Streaming WOW Thunk Service Driver | CVE-2025-24995 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Local Security Authority Server (lsasrv) | CVE-2025-24072 | Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability | Important |
| Microsoft Management Console | CVE-2025-26633 | Microsoft Management Console Security Feature Bypass Vulnerability | Important |
| Microsoft Office | CVE-2025-24083 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-26629 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-24080 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Access | CVE-2025-26630 | Microsoft Access Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-24081 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-24082 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-24075 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-24077 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-24078 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-24079 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Streaming Service | CVE-2025-24046 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Service | CVE-2025-24067 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2025-25008 | Windows Server Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2024-9157 | Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-24048 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-24050 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2025-24998 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2025-25003 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2025-26631 | Visual Studio Code Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2025-24059 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Cross Device Service | CVE-2025-24994 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability | Important |
| Windows Cross Device Service | CVE-2025-24076 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability | Important |
| Windows exFAT File System | CVE-2025-21180 | Windows exFAT File System Remote Code Execution Vulnerability | Important |
| Windows Fast FAT Driver | CVE-2025-24985 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability | Important |
| Windows File Explorer | CVE-2025-24071 | Microsoft Windows File Explorer Spoofing Vulnerability | Important |
| Windows Kernel Memory | CVE-2025-24997 | DirectX Graphics Kernel File Denial of Service Vulnerability | Important |
| Windows Kernel-Mode Drivers | CVE-2025-24066 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
| Windows MapUrlToZone | CVE-2025-21247 | MapUrlToZone Security Feature Bypass Vulnerability | Important |
| Windows Mark of the Web (MOTW) | CVE-2025-24061 | Windows Mark of the Web Security Feature Bypass Vulnerability | Important |
| Windows NTFS | CVE-2025-24993 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows NTFS | CVE-2025-24984 | Windows NTFS Information Disclosure Vulnerability | Important |
| Windows NTFS | CVE-2025-24992 | Windows NTFS Information Disclosure Vulnerability | Important |
| Windows NTFS | CVE-2025-24991 | Windows NTFS Information Disclosure Vulnerability | Important |
| Windows NTLM | CVE-2025-24996 | NTLM Hash Disclosure Spoofing Vulnerability | Important |
| Windows NTLM | CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-24051 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Telephony Server | CVE-2025-24056 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows USB Video Driver | CVE-2025-24988 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Video Driver | CVE-2025-24987 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Video Driver | CVE-2025-24055 | Windows USB Video Class System Driver Information Disclosure Vulnerability | Important |
| Windows Win32 Kernel Subsystem | CVE-2025-24044 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
| Windows Win32 Kernel Subsystem | CVE-2025-24983 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
How to Update
Users and administrators can apply these updates via:
- Windows Update: Navigate to Settings > Update & Security > Windows Update and check for updates.
- Microsoft Update Catalog: Download individual patches for offline installation.
- WSUS (Windows Server Update Services): For enterprise environments, managing updates centrally.
Microsoft’s March 2025 Patch Tuesday underscores the growing complexity of cybersecurity threats facing organizations today.
The critical nature of several vulnerabilities makes it imperative for IT teams to act swiftly in deploying these fixes. As always, users are encouraged to remain vigilant against phishing attempts and other attack vectors that might exploit unpatched systems.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
