Microsoft Patch Tuesday March 2025
This month’s Patch Tuesday brings critical updates to address 57 vulnerabilities, including seven zero-days that have been actively exploited. Among these, six are rated as “Critical,” with the majority being remote code execution flaws. As always, it's crucial to apply these updates as soon as possible to safeguard your systems.
Breakdown of the Vulnerabilities
The Patch Tuesday update covers a wide range of vulnerabilities, with the most concerning ones being related to Windows NTFS and the Fast FAT file system driver. Here's a summary of the vulnerability types:
• 23 Elevation of Privilege Vulnerabilities
• 3 Security Feature Bypass Vulnerabilities
• 23 Remote Code Execution Vulnerabilities
• 4 Information Disclosure Vulnerabilities
• 1 Denial of Service Vulnerability
• 3 Spoofing Vulnerabilities
This list does not include vulnerabilities addressed earlier this month in Mariner flaws and 10 Microsoft Edge vulnerabilities.
A Close Look at the 7 Zero-Day Vulnerabilities
Zero-day vulnerabilities are particularly alarming as they are actively exploited by attackers and have no fix available until the patch is released. In this case, Microsoft addresses six actively exploited zero-day flaws and one publicly disclosed vulnerability, which is a concerning combination.
Key Zero-Day Vulnerabilities:
1. CVE-2025-24983 – Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
This flaw allows local attackers to gain SYSTEM-level privileges on the device by exploiting a race condition. Although Microsoft hasn't shared full details, we expect further insights from ESET, who discovered the vulnerability.
2. CVE-2025-24984 – Windows NTFS Information Disclosure Vulnerability
Attackers with physical access can exploit this flaw to steal sensitive data by inserting a malicious USB drive. This vulnerability was disclosed anonymously.
3. CVE-2025-24985 – Windows Fast FAT File System Driver Remote Code Execution Vulnerability
This flaw enables attackers to execute arbitrary code by tricking a local user into mounting a specially crafted VHD. Previous attacks have used malicious VHDs distributed through phishing emails and pirated software.
4. CVE-2025-24991 – Windows NTFS Information Disclosure Vulnerability
Similar to the previous NTFS flaw, this vulnerability allows attackers to steal information by exploiting a malicious VHD file.
5. CVE-2025-24993 – Windows NTFS Remote Code Execution Vulnerability
A heap-based buffer overflow in NTFS allows attackers to execute code by getting a local user to mount a specially crafted VHD.
6. CVE-2025-26633 – Microsoft Management Console Security Feature Bypass Vulnerability
This flaw lets malicious .msc files bypass Windows security features to execute code. The attack would require social engineering to convince a user to open a malicious attachment or click a link.
7. CVE-2025-26630 – Microsoft Access Remote Code Execution Vulnerability(Publicly Disclosed)
Exploiting this flaw requires tricking a user into opening a specially crafted Access file, usually through phishing. However, the flaw can't be exploited via the preview pane.
Other Notable Vulnerabilities
Beyond the zero-days, Microsoft also patched a host of other vulnerabilities that could potentially be exploited in various attack scenarios. These updates are vital for preventing further exploitation of systems that are still vulnerable.
What Else is Being Fixed This Month?
Other companies also released security updates in March 2025 to address critical vulnerabilities in their products:
• Broadcom fixed three zero-day flaws in VMware ESXi.
• Cisco patched a WebEx vulnerability that exposed credentials, along with critical flaws in Small Business routers.
• Google released fixes for an exploited zero-day in Android's Linux kernel driver.
• Ivanti released updates for Secure Access Client (SAC) and Neurons for MDM.
• Fortinet rolled out fixes for several products, including FortiManager and FortiOS.
• Paragon disclosed a flaw exploited by ransomware gangs.
• SAP released security updates for multiple products.
To Sum Up
It’s essential to apply Microsoft’s March 2025 Patch Tuesday updates as soon as possible to protect your systems from these vulnerabilities. Zero-days are particularly concerning as they are actively being exploited, so timely patching is your first line of defence. Stay vigilant and ensure that your security measures are up to date. For a comprehensive list of resolved vulnerabilities and affected systems, view the full Patch Tuesday report here.