Microsoft has released its March 2025 Patch Tuesday security updates, addressing 57 vulnerabilities across its product lineup, including six zero-day flaws that were actively exploited in the wild.
The update covers security issues affecting Windows, Microsoft Office, Azure, and other components.
Microsoft fixes 6 zero-day vulnerabilities
Among the most critical fixes in this month’s update are six vulnerabilities that attackers had been actively exploiting before patches became available:
CVE-2025-24983 (Windows Win32 Kernel Subsystem – Elevation of Privilege)
A use-after-free flaw in the Windows Win32 Kernel Subsystem, allowing attackers to elevate privileges to SYSTEM. Exploitation requires low privileges but involves a high-complexity attack, likely leveraging a race condition.
CVE-2025-24993 (Windows NTFS – Remote Code Execution)
A heap-based buffer overflow in Windows NTFS enables local attackers to execute arbitrary code. Exploitation requires a user to interact with a specially crafted VHD file. Attackers could gain control over an affected system if they trick users into mounting malicious virtual hard disks.
CVE-2025-24985 (Windows Fast FAT File System Driver – Remote Code Execution)
An integer overflow in the Fast FAT driver allows an attacker to execute arbitrary code locally. Similar to CVE-2025-24993, this attack relies on tricking a user into interacting with a malicious file.
CVE-2025-24991 (Windows NTFS – Information Disclosure)
An out-of-bounds read in NTFS could expose sensitive information from heap memory. Attackers must convince a user to mount a malicious VHD file to exploit this issue.
CVE-2025-24984 (Windows NTFS – Information Disclosure via Log Files)
This flaw allows attackers with physical access to extract sensitive data from NTFS log files. Exploitation is only possible if the attacker can insert a USB drive or another storage device into a compromised machine.
CVE-2025-26633 (Microsoft Management Console – Security Feature Bypass)
Attackers can bypass security protections in the Microsoft Management Console, potentially leading to privilege escalation or execution of malicious code. The attack requires convincing a user to open a specially crafted file via email or instant messaging.
This month’s update also includes patches for vulnerabilities in Windows Remote Desktop Services (CVE-2025-24035, CVE-2025-24045) and Windows Hyper-V (CVE-2025-24048, CVE-2025-24050). Some of these are rated “Exploitation More Likely,” signaling a higher risk of attacks in the near future.
Update Windows now
The March 2025 updates are available via Windows Update, Microsoft Update, and WSUS (Windows Server Update Services). The security updates can also be manually downloaded from this portal. Users are strongly encouraged to apply these patches as soon as possible to protect their systems from active exploitation.
The simplest way to apply the update on Windows is through Settings → Windows Update, and clicking ‘Check for Updates.’ The process will start automatically, while a system reboot will be required for the application of the patches.
Before applying the latest security updates, it’s essential to take note of an issue affecting devices running specific versions of Citrix Session Recording Agent (SRA). Systems with Citrix SRA 2411 may fail to install security updates, displaying an error message before rolling back to a previous state. Citrix has provided a workaround while Microsoft works on a resolution.
It is also mentioned that Roblox players on ARM-based Windows devices are unable to download and play Roblox from the Microsoft Store. Until a fix is available, users can download the game directly from the game's official website. For more information, check Microsoft's release announcement.
NIST Selects HQC as a Backup Post-Quantum Encryption Algorithm
Leave a Reply