Nowadays is Microsoft’s March 2025 Patch Tuesday, which contains safety updates for 57 flaws, together with six actively exploited zero-day vulnerabilities.
This Patch Tuesday additionally fixes six “Crucial” vulnerabilities, all far flung code execution vulnerabilities.
The selection of insects in each and every vulnerability class is indexed underneath:
23 Elevation of Privilege Vulnerabilities
3 Safety Function Bypass Vulnerabilities
23 Far off Code Execution Vulnerabilities
4 Knowledge Disclosure Vulnerabilities
1 Denial of Provider Vulnerabilities
3 Spoofing Vulnerabilities
The above numbers don’t come with Mariner flaws and 10 Microsoft Edge vulnerabilities mounted previous this month.
To be told extra in regards to the non-security updates launched these days, you’ll evaluate our devoted articles at the Home windows 11 KB5053598 & KB5053602 cumulative updates and the Home windows 10 KB5053606 replace.
Six actively exploited zero-days
This month’s Patch Tuesday fixes six actively exploited zero-days and person who used to be publicly uncovered, for a complete of 7 zero-days.
Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited whilst no reputable repair is to be had.
A number of the actively exploited 0 days are associated with Home windows NTFS insects that contain mounting VHD drives.
The actively exploited zero-day vulnerability in these days’s updates are:
CVE-2025-24983 – Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Microsoft says this vulnerability will permit native attackers to realize SYSTEM privileges at the software after successful a race situation.
Microsoft has now not shared how the flaw used to be exploited in assaults. Alternatively, because it used to be came upon by means of Filip Jurčacko with ESET, we can most likely be informed extra in a long term record.
BleepingComputer contacted ESET for more info about this flaw.
CVE-2025-24984 – Home windows NTFS Knowledge Disclosure Vulnerability
Microsoft says that this flaw may also be exploited by means of attackers who’ve bodily get entry to to the software and insert a malicious USB power.
Exploiting the flaw lets in the attackers to learn parts of heap reminiscence and scouse borrow knowledge.
Microsoft says that this vulnerability used to be disclosed anonymously.
CVE-2025-24985 – Home windows Speedy FAT Document Machine Driving force Far off Code Execution Vulnerability
Microsoft says that this far flung code execution vulnerability is led to by means of an integer overflow or wraparound in Home windows Speedy FAT Driving force that, when exploited, lets in an attacker to execute code.
“An attacker can trick a neighborhood consumer on a prone gadget into mounting a specifically crafted VHD that might then cause the vulnerability,” explains Microsoft.
Whilst Microsoft has now not shared information about the way it used to be exploited however malicious VHD pictures have been up to now allotted in phishing assaults and thru pirated device websites.
Microsoft says that this vulnerability used to be disclosed anonymously.
CVE-2025-24991 – Home windows NTFS Knowledge Disclosure Vulnerability
Microsoft says that attackers can exploit this flaw to learn small parts heap reminiscence and scouse borrow knowledge.
Attackers can exploit the flaw by means of tricking a consumer into mounting a malicious VHD document.
Microsoft says that this vulnerability used to be disclosed anonymously.
CVE-2025-24993 – Home windows NTFS Far off Code Execution Vulnerability
Microsoft says that this far flung code execution vulnerability is led to by means of a heap-based buffer overflow trojan horse in Home windows NTFS that permits an attacker to execute code.
“An attacker can trick a neighborhood consumer on a prone gadget into mounting a specifically crafted VHD that might then cause the vulnerability,” explains Microsoft
Microsoft says that this vulnerability used to be disclosed anonymously.
CVE-2025-26633 – Microsoft Control Console Safety Function Bypass Vulnerability
Whilst Microsoft has now not shared any information about this flaw, in response to its description, it’ll contain a trojan horse that permits malicious Microsoft Control Console (.msc) recordsdata to avoid Home windows security measures and execute code.
“In an e-mail or speedy message assault situation, the attacker may ship the focused consumer a specifically crafted document this is designed to take advantage of the vulnerability,” explains Microsoft.
“Finally an attacker would don’t have any approach to power a consumer to view attacker-controlled content material. As an alternative, an attacker must persuade a consumer to do so. As an example, an attacker may trap a consumer to both click on a hyperlink that directs the consumer to the attacker’s website online or ship a malicious attachment.”
Microsoft says Aliakbar Zahravi from Development Micro came upon this flaw. BleepingComputer contacted Development Micro to be told extra about how this flaw used to be exploited.
The publicly disclosed zero-day is:
CVE-2025-26630 – Microsoft Get entry to Far off Code Execution Vulnerability
Microsoft says this far flung code execution flaw is led to by means of a use after unfastened reminiscence trojan horse in Microsoft Place of business Get entry to.
To milk the flaw, a consumer should be tricked into opening a specifically crafted Get entry to document. This may also be accomplished via phishing or social engineering assaults.
Alternatively, the flaw can’t be exploited throughout the preview pane.
Microsoft says the flaw used to be came upon by means of Unpatched.ai.
Fresh updates from different firms
Different distributors who launched updates or advisories in March 2025 come with:
The March 2025 Patch Tuesday Safety Updates
Underneath is the whole checklist of resolved vulnerabilities within the March 2025 Patch Tuesday updates.
To get entry to the overall description of each and every vulnerability and the programs it impacts, you’ll view the complete record right here.
Tag
CVE ID
CVE Identify
Severity
.NET
CVE-2025-24043
WinDbg Far off Code Execution Vulnerability
Necessary
ASP.NET Core & Visible Studio
CVE-2025-24070
ASP.NET Core and Visible Studio Elevation of Privilege Vulnerability
Necessary
Azure Agent Installer
CVE-2025-21199
Azure Agent Installer for Backup and Website Restoration Elevation of Privilege Vulnerability
Necessary
Azure Arc
CVE-2025-26627
Azure Arc Installer Elevation of Privilege Vulnerability
Necessary
Azure CLI
CVE-2025-24049
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
Necessary
Azure PromptFlow
CVE-2025-24986
Azure Promptflow Far off Code Execution Vulnerability
Necessary
Kernel Streaming WOW Thunk Provider Driving force
CVE-2025-24995
Kernel Streaming WOW Thunk Provider Driving force Elevation of Privilege Vulnerability
Necessary
Microsoft Native Safety Authority Server (lsasrv)
CVE-2025-24072
Microsoft Native Safety Authority (LSA) Server Elevation of Privilege Vulnerability
Necessary
Microsoft Control Console
CVE-2025-26633
Microsoft Control Console Safety Function Bypass Vulnerability
Necessary
Microsoft Place of business
CVE-2025-24083
Microsoft Place of business Far off Code Execution Vulnerability
Necessary
Microsoft Place of business
CVE-2025-26629
Microsoft Place of business Far off Code Execution Vulnerability
Necessary
Microsoft Place of business
CVE-2025-24080
Microsoft Place of business Far off Code Execution Vulnerability
Necessary
Microsoft Place of business
CVE-2025-24057
Microsoft Place of business Far off Code Execution Vulnerability
Crucial
Microsoft Place of business Get entry to
CVE-2025-26630
Microsoft Get entry to Far off Code Execution Vulnerability
Necessary
Microsoft Place of business Excel
CVE-2025-24081
Microsoft Excel Far off Code Execution Vulnerability
Necessary
Microsoft Place of business Excel
CVE-2025-24082
Microsoft Excel Far off Code Execution Vulnerability
Necessary
Microsoft Place of business Excel
CVE-2025-24075
Microsoft Excel Far off Code Execution Vulnerability
Necessary
Microsoft Place of business Phrase
CVE-2025-24077
Microsoft Phrase Far off Code Execution Vulnerability
Necessary
Microsoft Place of business Phrase
CVE-2025-24078
Microsoft Phrase Far off Code Execution Vulnerability
Necessary
Microsoft Place of business Phrase
CVE-2025-24079
Microsoft Phrase Far off Code Execution Vulnerability
Necessary
Microsoft Streaming Provider
CVE-2025-24046
Kernel Streaming Provider Driving force Elevation of Privilege Vulnerability
Necessary
Microsoft Streaming Provider
CVE-2025-24067
Kernel Streaming Provider Driving force Elevation of Privilege Vulnerability
Necessary
Microsoft Home windows
CVE-2025-25008
Home windows Server Elevation of Privilege Vulnerability
Necessary
Microsoft Home windows
CVE-2024-9157
Synaptics: CVE-2024-9157 Synaptics Provider Binaries DLL Loading Vulnerability
Necessary
Far off Desktop Shopper
CVE-2025-26645
Far off Desktop Shopper Far off Code Execution Vulnerability
Crucial
Position: DNS Server
CVE-2025-24064
Home windows Area Title Provider Far off Code Execution Vulnerability
Crucial
Position: Home windows Hyper-V
CVE-2025-24048
Home windows Hyper-V Elevation of Privilege Vulnerability
Necessary
Position: Home windows Hyper-V
CVE-2025-24050
Home windows Hyper-V Elevation of Privilege Vulnerability
Necessary
Visible Studio
CVE-2025-24998
Visible Studio Elevation of Privilege Vulnerability
Necessary
Visible Studio
CVE-2025-25003
Visible Studio Elevation of Privilege Vulnerability
Necessary
Visible Studio Code
CVE-2025-26631
Visible Studio Code Elevation of Privilege Vulnerability
Necessary
Home windows Commonplace Log Document Machine Driving force
CVE-2025-24059
Home windows Commonplace Log Document Machine Driving force Elevation of Privilege Vulnerability
Necessary
Home windows Pass Software Provider
CVE-2025-24994
Microsoft Home windows Pass Software Provider Elevation of Privilege Vulnerability
Necessary
Home windows Pass Software Provider
CVE-2025-24076
Microsoft Home windows Pass Software Provider Elevation of Privilege Vulnerability
Necessary
Home windows exFAT Document Machine
CVE-2025-21180
Home windows exFAT Document Machine Far off Code Execution Vulnerability
Necessary
Home windows Speedy FAT Driving force
CVE-2025-24985
Home windows Speedy FAT Document Machine Driving force Far off Code Execution Vulnerability
Necessary
Home windows Document Explorer
CVE-2025-24071
Microsoft Home windows Document Explorer Spoofing Vulnerability
Necessary
Home windows Kernel Reminiscence
CVE-2025-24997
DirectX Graphics Kernel Document Denial of Provider Vulnerability
Necessary
Home windows Kernel-Mode Drivers
CVE-2025-24066
Kernel Streaming Provider Driving force Elevation of Privilege Vulnerability
Necessary
Home windows MapUrlToZone
CVE-2025-21247
MapUrlToZone Safety Function Bypass Vulnerability
Necessary
Home windows Mark of the Internet (MOTW)
CVE-2025-24061
Home windows Mark of the Internet Safety Function Bypass Vulnerability
Necessary
Home windows NTFS
CVE-2025-24993
Home windows NTFS Far off Code Execution Vulnerability
Necessary
Home windows NTFS
CVE-2025-24984
Home windows NTFS Knowledge Disclosure Vulnerability
Necessary
Home windows NTFS
CVE-2025-24992
Home windows NTFS Knowledge Disclosure Vulnerability
Necessary
Home windows NTFS
CVE-2025-24991
Home windows NTFS Knowledge Disclosure Vulnerability
Necessary
Home windows NTLM
CVE-2025-24996
NTLM Hash Disclosure Spoofing Vulnerability
Necessary
Home windows NTLM
CVE-2025-24054
NTLM Hash Disclosure Spoofing Vulnerability
Necessary
Home windows Far off Desktop Products and services
CVE-2025-24035
Home windows Far off Desktop Products and services Far off Code Execution Vulnerability
Crucial
Home windows Far off Desktop Products and services
CVE-2025-24045
Home windows Far off Desktop Products and services Far off Code Execution Vulnerability
Crucial
Home windows Routing and Far off Get entry to Provider (RRAS)
CVE-2025-24051
Home windows Routing and Far off Get entry to Provider (RRAS) Far off Code Execution Vulnerability
Necessary
Home windows Subsystem for Linux
CVE-2025-24084
Home windows Subsystem for Linux (WSL2) Kernel Far off Code Execution Vulnerability
Crucial
Home windows Telephony Server
CVE-2025-24056
Home windows Telephony Provider Far off Code Execution Vulnerability
Necessary
Home windows USB Video Driving force
CVE-2025-24988
Home windows USB Video Magnificence Machine Driving force Elevation of Privilege Vulnerability
Necessary
Home windows USB Video Driving force
CVE-2025-24987
Home windows USB Video Magnificence Machine Driving force Elevation of Privilege Vulnerability
Necessary
Home windows USB Video Driving force
CVE-2025-24055
Home windows USB Video Magnificence Machine Driving force Knowledge Disclosure Vulnerability
Necessary
Home windows Win32 Kernel Subsystem
CVE-2025-24044
Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Necessary
Home windows Win32 Kernel Subsystem
CVE-2025-24983
Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Necessary
According to an research of 14M malicious movements, uncover the highest 10 MITRE ATT&CK tactics at the back of 93% of assaults and how one can protect towards them.
Learn the Pink Document 2025