Microsoft March 2025 Patch Tuesday

57/2025

High

March 12, 2025

1:29 pm

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed seven zero-day vulnerabilities.

Microsoft has fixed (57) vulnerabilities as they could allow the attacker to gain elevated privileges, perform denial of service attacks, obtain sensitive information, bypass security restrictions, or execute arbitrary code and gain access to the affected systems.

March’s Patch Tuesday was released to fix security flaws in several Microsoft products such as Windows Remote Desktop Services, Microsoft Streaming Service, Windows Hyper-V, Azure CLI, Windows NTLM, Windows USB Video Driver, Windows Telephony Server, Windows Common Log File System Driver, Windows Kernel-Mode Drivers, Microsoft Edge (Chromium-based), Microsoft Management Console, Microsoft Visual Studio, Windows Kernel Memory and Windows NTFS.

The actively exploited zero-day vulnerabilities in March’s Patch are:

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability “CVE-2025-24983” allows local attackers to gain SYSTEM privileges on the device after winning a race condition.
Windows NTFS Information Disclosure Vulnerability “CVE-2025-24984” allows the attacker to read portions of heap memory and steal information.
Windows Fast FAT File System Driver Remote Code Execution Vulnerability “CVE-2025-24985” allows an attacker to execute code by tricking a local user on a vulnerable system into mounting a specially crafted VHD.
Windows NTFS Information Disclosure Vulnerability “CVE-2025-24991” allows the attacker to read small portions of heap memory and steal information.
Windows NTFS Remote Code Execution Vulnerability “CVE-2025-24993” allows an attacker to execute code by tricking a local user on a vulnerable system into mounting a specially crafted VHD.
Microsoft Management Console Security Feature Bypass Vulnerability “CVE-2025-26633” allows malicious Microsoft Management Console (.msc) files to bypass Windows security features and execute code.
Microsoft Access Remote Code Execution Vulnerability “CVE-2025-26630” allows an attacker to execute code caused by a use-after-free memory bug in Microsoft Office Access.

Sample of the addressed vulnerabilities:

1. Windows Routing and Remote Access Service (RRAS) Vulnerability (CVE-2025-24051):

CVSS: 8.8
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Consequences: Gain Access

2. Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability (CVE-2025-24049):

CVSS: 8.4
Attack Vector: Local
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Consequences: Gain Privilege

Vulnerabilities

Microsoft MSRC

Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.

Microsoft MSRC

References

Microsoft MSRC

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.