Microsoft has released its monthly security update, Patch Tuesday, for March 2025, addressing several vulnerabilities across its product line. This month’s release includes fixes for 57 vulnerabilities, including six zero-day exploits that were being actively exploited in the wild.
The update addresses vulnerabilities in various components, including the Windows operating system, Microsoft Office, Exchange Server, and the .NET Framework. The update addresses several remote code execution (RCE) vulnerabilities, which, if exploited, could allow attackers to gain control of targeted systems without any user interaction.
The six zero-day vulnerabilities that have been addressed include:
CVE-2025-24983: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Discovered by Filip Jurčacko of ESET, this vulnerability allows local attackers to gain SYSTEM privileges on the system after winning a race condition.
CVE-2025-24984: Windows NTFS Information Disclosure Vulnerability
This vulnerability requires physical access to the target system to plug in a malicious USB drive. By exploiting this flaw, attackers can steal information by reading portions of heap memory.
CVE-2025-24985: Windows Fast FAT File System Driver Remote Code Execution Vulnerability
The vulnerability was reported anonymously and is the result of an integer overflow or wraparound in Windows Fast FAT Driver. It requires an attacker to trick a local user on a vulnerable system into mounting a specially crafted virtual hard disk (VHD) to trigger the vulnerability and upon successful exploitation allows attackers to execute remote code.
CVE-2025-24991: Windows NTFS Information Disclosure Vulnerability
This vulnerability also requires a local user on a vulnerable system to mount a specially crafted VHD. Upon successful exploitation, the vulnerability could potentially allow an attacker to read small portions of heap memory.
CVE-2025-24993: Windows NTFS Remote Code Execution Vulnerability
A heap-based buffer overflow bug in Windows NTFS causes this vulnerability. The vulnerability was reported anonymously and requires a local user on a vulnerable system to mount a specially crafted VHD to execute code locally.
CVE-2025-26633: Microsoft Management Console Security Feature Bypass Vulnerability
The vulnerability was reported by Aliakbar Zahravi of Trend Micro. Based on user interaction, the vulnerability requires a user to open a specially crafted file sent by email or via a compromised website.
These vulnerabilities were added to its Known Exploited Vulnerabilities (KEV) catalog by CISA.
Organizations are advised to prioritize the deployment of these patches, especially those addressing the zero-day exploits. Failure to apply these updates promptly could leave systems vulnerable to attack and the active exploitation of these vulnerabilities would put both individual users and enterprise networks on risk.
Microsoft has released detailed information about the vulnerabilities addressed in this month’s update, including affected products and severity ratings. Administrators are advised to review these details and prioritize the deployment of patches based on their organization’s risk assessment. Users are also advised to enable automatic updates to ensure their systems are protected against the latest threats.
