We would like to inform you that Microsoft has released theĀ March 2025 Patch TuesdayĀ addressing various Microsoft components and solutions. This Patch Tuesday includesĀ 57 vulnerabilities, among whichĀ six zero-day vulnerabilitiesĀ are actively exploited andĀ oneĀ that has been publicly disclosed.
The security update includes fixes for Windows, Microsoft Office, Azure, and other components.
The March patch update on theĀ linkĀ included fixes for:
- 23 Privilege Escalation Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 23 Remote Code Execution Vulnerabilities
- 4 Information Disclosure Vulnerabilities
- 1 Denial of Service Vulnerability
- 3 Spoofing Vulnerabilities
The March Patch Tuesday addressesĀ six actively exploited zero-daysĀ and one that has been publicly disclosed, totalingĀ seven zero-days.
TheĀ seven zero-day vulnerabilitiesĀ are referenced as follows:
- CVE-2025-24983Ā –Ā Privilege Escalation Vulnerability in the Windows Win32 Subsystem.
Exploiting this vulnerability could allow an authenticated local attacker to gain SYSTEM privileges. - CVE-2025-24984Ā –Ā Information Disclosure Vulnerability in Windows NTFS.
Exploiting this vulnerability could allow an unauthenticated attacker with physical access to potentially read portions of heap memory. - CVE-2025-24985Ā –Ā Remote Code Execution Vulnerability in the Windows Fast FAT File System Driver.
Exploiting this vulnerability could allow an unauthenticated local attacker, by tricking a local user on a vulnerable system into mounting a specially crafted VHD, to execute code locally. - CVE-2025-24991Ā –Ā Information Disclosure Vulnerability in Windows NTFS.
Exploiting this vulnerability could allow an attacker to read small portions of memory and steal information. - CVE-2025-24993Ā –Ā Remote Code Execution Vulnerability in Windows NTFS.
Exploiting this vulnerability could allow an attacker to execute remote code due to a heap-based buffer overflow bug in Windows NTFS, enabling the execution of code. - CVE-2025-26633Ā –Ā Security Feature Bypass Vulnerability in Microsoft Management Console.
Exploiting this vulnerability could allow an unauthenticated local attacker, by sending a specially crafted file to the user and convincing the user to open the file, to bypass a security feature locally. - CVE-2025-26630Ā –Ā Remote Code Execution Vulnerability in Microsoft Access (publicly disclosed).
To exploit this vulnerability, a user must be tricked into opening a specially crafted Access file. This can be achieved through phishing or social engineering attacks.
Note:Ā System administrators should apply these patches as soon as possible to protect their systems from potential attacks.
