Urgent Alert: Microsoft Patches 7 Zero-Day Exploits and 57 Critical Flaws in March 2025 Update

# Microsoft’s March 2025 Patch Tuesday Addresses 57 Vulnerabilities Including Six Zero-Days

Microsoft has released its March 2025 Patch Tuesday security updates, addressing 57 vulnerabilities, with particular concern for six actively exploited zero-day flaws. The update also fixes six “Critical” remote code execution vulnerabilities that pose significant security risks.

## Vulnerability Breakdown

The security update addresses:
– 23 Elevation of Privilege Vulnerabilities
– 23 Remote Code Execution Vulnerabilities
– 4 Information Disclosure Vulnerabilities
– 3 Security Feature Bypass Vulnerabilities
– 3 Spoofing Vulnerabilities
– 1 Denial of Service Vulnerability

These figures exclude Mariner flaws and 10 Microsoft Edge vulnerabilities that were patched earlier this month.

## Critical Zero-Day Vulnerabilities

Six actively exploited zero-day vulnerabilities have been patched:

1. **CVE-2025-24983**: Windows Win32 Kernel Subsystem vulnerability allowing local attackers to gain SYSTEM privileges through a race condition, discovered by Filip Jurčacko with ESET.

2. **CVE-2025-24984**: Windows NTFS Information Disclosure Vulnerability exploitable via physical access with a malicious USB drive, enabling attackers to read heap memory.

3. **CVE-2025-24985**: Windows Fast FAT File System Driver Remote Code Execution Vulnerability caused by an integer overflow, exploitable when users mount specially crafted VHD files.

4. **CVE-2025-24991**: Windows NTFS Information Disclosure Vulnerability allowing attackers to read heap memory when users mount malicious VHD files.

5. **CVE-2025-24993**: Windows NTFS Remote Code Execution Vulnerability involving a heap-based buffer overflow, triggered by mounting specially crafted VHD files.

6. **CVE-2025-26633**: Microsoft Management Console Security Feature Bypass Vulnerability potentially allowing malicious .msc files to bypass security features, discovered by Aliakbar Zahravi from Trend Micro.

Additionally, one publicly disclosed zero-day was patched:

7. **CVE-2025-26630**: Microsoft Access Remote Code Execution Vulnerability caused by a use-after-free memory bug, exploitable when users open specially crafted Access files.

## Other Vendor Updates

Several other technology companies released security updates in March 2025:
– Broadcom fixed three zero-day flaws in VMware ESXi
– Cisco addressed WebEx credential exposure and router vulnerabilities
– Google patched an exploited Android zero-day
– Fortinet released updates for multiple products
– SAP, Ivanti, and Paragon also issued security updates

Users are advised to apply these patches promptly to protect against these actively exploited vulnerabilities.

Keywords: Microsoft Patch Tuesday, zero-day vulnerabilities, Windows security updates, CVE-2025-24983, NTFS vulnerabilities, remote code execution

Share This Article

Urgent Alert: Microsoft Patches 7 Zero-Day Exploits and 57 Critical Flaws in March 2025 Update

Related Articles

Urgent Alert: Booking.com Phishing Scam Uses “ClickFix” Trick to Deploy Dangerous Malware Against Hospitality Workers

Urgent Alert: Critical FreeType Vulnerability Actively Exploited in the Wild – What You Need to Know

Alert: Medusa Ransomware Strikes Over 300 U.S. Critical Infrastructure Organizations

Quick Links

Company

Get In Touch