Offcanvas

When Should We Call You?

Edit Template

Microsoft's March 2025 Patch Tuesday

We would like to inform you that Microsoft has released the March 2025 Patch Tuesday addressing various Microsoft components and solutions. This Patch Tuesday includes 57 vulnerabilities, among which six zero-day vulnerabilities are actively exploited and one that has been publicly disclosed.

The security update includes fixes for Windows, Microsoft Office, Azure, and other components.

The March patch update on the link included fixes for:

  • 23 Privilege Escalation Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 23 Remote Code Execution Vulnerabilities
  • 4 Information Disclosure Vulnerabilities
  • 1 Denial of Service Vulnerability
  • 3 Spoofing Vulnerabilities

The March Patch Tuesday addresses six actively exploited zero-days and one that has been publicly disclosed, totaling seven zero-days.

The seven zero-day vulnerabilities are referenced as follows:

  • CVE-2025-24983 – Privilege Escalation Vulnerability in the Windows Win32 Subsystem.
    Exploiting this vulnerability could allow an authenticated local attacker to gain SYSTEM privileges.
  • CVE-2025-24984 – Information Disclosure Vulnerability in Windows NTFS.
    Exploiting this vulnerability could allow an unauthenticated attacker with physical access to potentially read portions of heap memory.
  • CVE-2025-24985 – Remote Code Execution Vulnerability in the Windows Fast FAT File System Driver.
    Exploiting this vulnerability could allow an unauthenticated local attacker, by tricking a local user on a vulnerable system into mounting a specially crafted VHD, to execute code locally.
  • CVE-2025-24991 – Information Disclosure Vulnerability in Windows NTFS.
    Exploiting this vulnerability could allow an attacker to read small portions of memory and steal information.
  • CVE-2025-24993 – Remote Code Execution Vulnerability in Windows NTFS.
    Exploiting this vulnerability could allow an attacker to execute remote code due to a heap-based buffer overflow bug in Windows NTFS, enabling the execution of code.
  • CVE-2025-26633 – Security Feature Bypass Vulnerability in Microsoft Management Console.
    Exploiting this vulnerability could allow an unauthenticated local attacker, by sending a specially crafted file to the user and convincing the user to open the file, to bypass a security feature locally.
  • CVE-2025-26630 – Remote Code Execution Vulnerability in Microsoft Access (publicly disclosed).
    To exploit this vulnerability, a user must be tricked into opening a specially crafted Access file. This can be achieved through phishing or social engineering attacks.

Note: System administrators should apply these patches as soon as possible to protect their systems from potential attacks.

Article précédent
Article suivant

Leave a Reply

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *

    Popular Articles

    TIC

    Explore Now

    Most Recent Posts

    • All Post
    • Azure Cloud
    • cloud
    • Cloud Azure
    • Entertinment
    • Microsoft
    • Non classé
    • Uncategorized
    • Visiting card
    • Websites

    Welcom In your TIC

    Facebook-f X-twitter Instagram

    Address

    • THEITCOMMUNITY
    • 00212000000
    • contact@theitcommunity.com

    Company

    About Us

    Agency

    Services

    Network

    Team

    Information

    Products

    Pricing

    Disclaimer

    Privacy Statement

    Terms of Service

    ThankYou