03-12-2025, 01:05 AM
News Microsoft Patch Tuesday March 2025: 6 Zero-Days, 10 High-Risk Vulnerabilities
<p><img width="1920" height="1440" src="https://thecyberexpress.com/wp-content/uploads/Patch-Tuesday-March-2025.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Microsoft Patch Tuesday March 2025" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Patch-Tuesday-March-2025.webp 1920w, https://thecyberexpress.com/wp-content/u...0x225.webp 300w, https://thecyberexpress.com/wp-content/u...4x768.webp 1024w, https://thecyberexpress.com/wp-content/u...8x576.webp 768w, https://thecyberexpress.com/wp-content/u...x1152.webp 1536w, https://thecyberexpress.com/wp-content/u...ebp?crop=1 600w, https://thecyberexpress.com/wp-content/u...0x113.webp 150w, https://thecyberexpress.com/wp-content/u...0x563.webp 750w, https://thecyberexpress.com/wp-content/u...0x855.webp 1140w" sizes="(max-width: 1920px) 100vw, 1920px" title="Microsoft Patch Tuesday March 2025: 6 Zero-Days, 10 High-Risk Vulnerabilities 1"></p>Microsoft’s Patch Tuesday March 2025 update includes fixes for six actively exploited zero-days and an additional 10 vulnerabilities at higher risk of attack.
In all, the Patch Tuesday March 2025 <a href="https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar">update</a> fixes 57 Microsoft CVEs and republishes an additional 10 non-Microsoft CVEs, including nine Chrome vulnerabilities and one from Synaptics.
Here’s a breakdown of the higher-risk vulnerabilities included in the Microsoft report, plus additional updates from other vendors issuing patch Tuesday fixes.
<h2>Zero Days: Patch Tuesday March 2025</h2>
The six zero-day vulnerabilities range in severity from 4.6 to 7.8 (CVSS:3.1). They include:
<strong>CVE-2025-24983</strong> is a 7.0-severity Windows Win32 Kernel Subsystem Elevation of Privilege/Use After Free <a class="wpil_keyword_link" title="vulnerability" href="https://thecyberexpress.com/firewall-daily/vulnerabilities/" data-wpil-keyword-link="linked" data-wpil-monitor-id="21371">vulnerability</a>. The vulnerability, reported by Filip Jurčacko of ESET, requires an attacker to win a race condition in order to gain SYSTEM privileges.
<strong>CVE-2025-24984</strong> is a 4.6-rated Windows NTFS Information Disclosure/ Insertion of Sensitive Information into Log File vulnerability. Reported anonymously, the vulnerability requires physical access to the target computer to plug in a malicious USB drive to potentially read portions of heap memory.
<strong>CVE-2025-24985</strong> is a 7.8-severity Windows Fast FAT File System Driver Remote Code Execution (RCE) vulnerability. Reported anonymously, the vulnerability requires an attacker to trick a local user on a vulnerable system into mounting a specially crafted virtual hard disk (VHD) to trigger the vulnerability.
<strong>CVE-2025-24991</strong> is a 5.5-rated Windows NTFS Information Disclosure/Out-of-bounds Read vulnerability. Also requiring a local user on a vulnerable system to mount a specially crafted VHD, the vulnerability could potentially allow an attacker to read small portions of heap memory.
<strong>CVE-2025-24993</strong> is a 7.8-rated Windows NTFS RCE/Heap-based Buffer Overflow vulnerability. Reported anonymously, the vulnerability also requires a local user on a vulnerable system to mount a specially crafted VHD to execute code locally.
<strong>CVE-2025-26633</strong> is a 7.0-severity Microsoft Management Console <a class="wpil_keyword_link" title="Security" href="https://thecyberexpress.com/" data-wpil-keyword-link="linked" data-wpil-monitor-id="21372">Security</a> Feature Bypass/Improper Neutralization vulnerability. Reported by Aliakbar Zahravi of Trend Micro, the vulnerability requires that a user open a specially crafted file sent by email or via a compromised website.
CISA followed by <a href="https://www.cisa.gov/news-events/alerts/2025/03/11/cisa-adds-six-known-exploited-vulnerabilities-catalog">adding</a> the six Microsoft zero-days to its Known Exploited Vulnerabilities (KEV) catalog.
<h2>Other High-Risk Microsoft Vulnerabilities</h2>
In addition to the six zero-days under active attack, Microsoft reported that an additional 10 vulnerabilities are “more likely” to be exploited. These vulnerabilities range in severity from 4.3 to 8.1 and include:
<ul>
<li><strong>CVE-2025-21180</strong>, a Windows exFAT File System Remote Code Execution vulnerability</li>
<li><strong>CVE-2025-21247</strong>, a MapUrlToZone Security Feature Bypass vulnerability</li>
<li><strong>CVE-2025-24035</strong>, a Windows Remote Desktop Services Remote Code Execution vulnerability</li>
<li><strong>CVE-2025-24044</strong>, a Windows Win32 Kernel Subsystem Elevation of Privilege vulnerability</li>
<li><strong>CVE-2025-24045</strong>, a Windows Remote Desktop Services Remote Code Execution vulnerability</li>
<li><strong>CVE-2025-24061</strong>, a Windows Mark of the Web Security Feature Bypass vulnerability</li>
<li><strong>CVE-2025-24066</strong>, a Windows Kernel Streaming Service Driver Elevation of Privilege vulnerability</li>
<li><strong>CVE-2025-24067</strong>, a Windows Kernel Streaming Service Driver Elevation of Privilege vulnerability</li>
<li><strong>CVE-2025-24992</strong>, a Windows NTFS Information Disclosure vulnerability</li>
<li><strong>CVE-2025-24995</strong>, a Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability</li>
</ul>
<h3>Other Vendors with Patch Tuesday Updates</h3>
Other vendors releasing updates on March 2025 Patch Tuesday include:
<ul>
<li>Adobe (<a href="https://helpx.adobe.com/security/products/acrobat/apsb25-14.html">Acrobat and Reader</a> and <a href="https://helpx.adobe.com/security/products/indesign/apsb25-19.html">InDesign</a>)</li>
<li><a href="https://support.apple.com/en-us/122281">Apple</a></li>
<li><a href="https://www.fortiguard.com/psirt">Fortinet</a></li>
<li><a href="https://www.ivanti.com/blog/march-security-update">Ivanti</a></li>
<li><a href="https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2025.html">SAP</a></li>
</ul>
https://thecyberexpress.com/patch-tuesda...zero-days/
<p><img width="1920" height="1440" src="https://thecyberexpress.com/wp-content/uploads/Patch-Tuesday-March-2025.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Microsoft Patch Tuesday March 2025" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Patch-Tuesday-March-2025.webp 1920w, https://thecyberexpress.com/wp-content/u...0x225.webp 300w, https://thecyberexpress.com/wp-content/u...4x768.webp 1024w, https://thecyberexpress.com/wp-content/u...8x576.webp 768w, https://thecyberexpress.com/wp-content/u...x1152.webp 1536w, https://thecyberexpress.com/wp-content/u...ebp?crop=1 600w, https://thecyberexpress.com/wp-content/u...0x113.webp 150w, https://thecyberexpress.com/wp-content/u...0x563.webp 750w, https://thecyberexpress.com/wp-content/u...0x855.webp 1140w" sizes="(max-width: 1920px) 100vw, 1920px" title="Microsoft Patch Tuesday March 2025: 6 Zero-Days, 10 High-Risk Vulnerabilities 1"></p>Microsoft’s Patch Tuesday March 2025 update includes fixes for six actively exploited zero-days and an additional 10 vulnerabilities at higher risk of attack.
In all, the Patch Tuesday March 2025 <a href="https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar">update</a> fixes 57 Microsoft CVEs and republishes an additional 10 non-Microsoft CVEs, including nine Chrome vulnerabilities and one from Synaptics.
Here’s a breakdown of the higher-risk vulnerabilities included in the Microsoft report, plus additional updates from other vendors issuing patch Tuesday fixes.
<h2>Zero Days: Patch Tuesday March 2025</h2>
The six zero-day vulnerabilities range in severity from 4.6 to 7.8 (CVSS:3.1). They include:
<strong>CVE-2025-24983</strong> is a 7.0-severity Windows Win32 Kernel Subsystem Elevation of Privilege/Use After Free <a class="wpil_keyword_link" title="vulnerability" href="https://thecyberexpress.com/firewall-daily/vulnerabilities/" data-wpil-keyword-link="linked" data-wpil-monitor-id="21371">vulnerability</a>. The vulnerability, reported by Filip Jurčacko of ESET, requires an attacker to win a race condition in order to gain SYSTEM privileges.
<strong>CVE-2025-24984</strong> is a 4.6-rated Windows NTFS Information Disclosure/ Insertion of Sensitive Information into Log File vulnerability. Reported anonymously, the vulnerability requires physical access to the target computer to plug in a malicious USB drive to potentially read portions of heap memory.
<strong>CVE-2025-24985</strong> is a 7.8-severity Windows Fast FAT File System Driver Remote Code Execution (RCE) vulnerability. Reported anonymously, the vulnerability requires an attacker to trick a local user on a vulnerable system into mounting a specially crafted virtual hard disk (VHD) to trigger the vulnerability.
<strong>CVE-2025-24991</strong> is a 5.5-rated Windows NTFS Information Disclosure/Out-of-bounds Read vulnerability. Also requiring a local user on a vulnerable system to mount a specially crafted VHD, the vulnerability could potentially allow an attacker to read small portions of heap memory.
<strong>CVE-2025-24993</strong> is a 7.8-rated Windows NTFS RCE/Heap-based Buffer Overflow vulnerability. Reported anonymously, the vulnerability also requires a local user on a vulnerable system to mount a specially crafted VHD to execute code locally.
<strong>CVE-2025-26633</strong> is a 7.0-severity Microsoft Management Console <a class="wpil_keyword_link" title="Security" href="https://thecyberexpress.com/" data-wpil-keyword-link="linked" data-wpil-monitor-id="21372">Security</a> Feature Bypass/Improper Neutralization vulnerability. Reported by Aliakbar Zahravi of Trend Micro, the vulnerability requires that a user open a specially crafted file sent by email or via a compromised website.
CISA followed by <a href="https://www.cisa.gov/news-events/alerts/2025/03/11/cisa-adds-six-known-exploited-vulnerabilities-catalog">adding</a> the six Microsoft zero-days to its Known Exploited Vulnerabilities (KEV) catalog.
<h2>Other High-Risk Microsoft Vulnerabilities</h2>
In addition to the six zero-days under active attack, Microsoft reported that an additional 10 vulnerabilities are “more likely” to be exploited. These vulnerabilities range in severity from 4.3 to 8.1 and include:
<ul>
<li><strong>CVE-2025-21180</strong>, a Windows exFAT File System Remote Code Execution vulnerability</li>
<li><strong>CVE-2025-21247</strong>, a MapUrlToZone Security Feature Bypass vulnerability</li>
<li><strong>CVE-2025-24035</strong>, a Windows Remote Desktop Services Remote Code Execution vulnerability</li>
<li><strong>CVE-2025-24044</strong>, a Windows Win32 Kernel Subsystem Elevation of Privilege vulnerability</li>
<li><strong>CVE-2025-24045</strong>, a Windows Remote Desktop Services Remote Code Execution vulnerability</li>
<li><strong>CVE-2025-24061</strong>, a Windows Mark of the Web Security Feature Bypass vulnerability</li>
<li><strong>CVE-2025-24066</strong>, a Windows Kernel Streaming Service Driver Elevation of Privilege vulnerability</li>
<li><strong>CVE-2025-24067</strong>, a Windows Kernel Streaming Service Driver Elevation of Privilege vulnerability</li>
<li><strong>CVE-2025-24992</strong>, a Windows NTFS Information Disclosure vulnerability</li>
<li><strong>CVE-2025-24995</strong>, a Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability</li>
</ul>
<h3>Other Vendors with Patch Tuesday Updates</h3>
Other vendors releasing updates on March 2025 Patch Tuesday include:
<ul>
<li>Adobe (<a href="https://helpx.adobe.com/security/products/acrobat/apsb25-14.html">Acrobat and Reader</a> and <a href="https://helpx.adobe.com/security/products/indesign/apsb25-19.html">InDesign</a>)</li>
<li><a href="https://support.apple.com/en-us/122281">Apple</a></li>
<li><a href="https://www.fortiguard.com/psirt">Fortinet</a></li>
<li><a href="https://www.ivanti.com/blog/march-security-update">Ivanti</a></li>
<li><a href="https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2025.html">SAP</a></li>
</ul>
https://thecyberexpress.com/patch-tuesda...zero-days/