Search
Follow us On Linkedin

March 2025 Microsoft Patch Tuesday Fixes 6 Critical Zero-Days and 57 Security Issues

AnuPriya
By AnuPriya
Cyber Security NewsCybersecurityMicrosoftVulnerabilityZero-day

Microsoft’s March 2025 Patch Tuesday addressed 57 security vulnerabilities, including six zero-day exploits actively weaponized by attackers.

This critical update resolves risks across Windows components, Office suites, Azure services, and core subsystems, with 23 remote code execution (RCE) flaws and multiple privilege escalation vectors demanding immediate attention1.

Actively Exploited Zero-Day Vulnerabilities

The update patches six zero-days under active exploitation:

CVE IDVulnerability NameImpactExploit Details
CVE-2025-24983Windows Win32 Kernel Subsystem EoPSYSTEM-level privilege escalationRace condition exploit via use-after-free flaw in memory management1
CVE-2025-24984Windows NTFS Information DisclosureSensitive data extractionPhysical attackers use malicious USB drives to read heap memory1
CVE-2025-24985Windows Fast FAT Driver RCERemote code executionInteger overflow + heap buffer overflow via malicious VHD mounts1
CVE-2025-24991Windows NTFS Information DisclosurePartial memory accessSocially engineered VHD files leak heap data
CVE-2025-24993Windows NTFS RCERemote code executionHeap buffer overflow in NTFS through malicious VHD operations1
CVE-2025-26633Microsoft Management Console BypassSecurity controls circumventedMalicious files/links bypass MMC protections1

Key patterns: Three vulnerabilities (CVE-2025-24985, 24991, 24993) exploit VHD file handling, while two (CVE-2025-24984, 24991) target NTFS memory leaks1.

Vulnerability Breakdown

The 57 fixes address multiple risk categories:

Vulnerability TypeCountNotable Examples
Remote Code Execution (RCE)23Office, Remote Desktop Services, DNS Server, WSL2 Kernel
Elevation of Privilege (EoP)23Azure services, Windows Cross Device Service, Kernel Streaming Drivers
Information Disclosure4NTFS memory leaks, USB Video Driver data exposure
Security Feature Bypass3MapUrlToZone, MOTW, Management Console protections
Spoofing3NTLM hash disclosure, File Explorer UI manipulation
TagCVE IDCVE TitleSeverity
Microsoft OfficeCVE-2025-24057Microsoft Office Remote Code Execution VulnerabilityCritical
Remote Desktop ClientCVE-2025-26645Remote Desktop Client Remote Code Execution VulnerabilityCritical
Role: DNS ServerCVE-2025-24064Windows Domain Name Service Remote Code Execution VulnerabilityCritical
Windows Remote Desktop ServicesCVE-2025-24035Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
Windows Remote Desktop ServicesCVE-2025-24045Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
Windows Subsystem for LinuxCVE-2025-24084Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution VulnerabilityCritical
.NETCVE-2025-24043WinDbg Remote Code Execution VulnerabilityImportant
ASP.NET Core & Visual StudioCVE-2025-24070ASP.NET Core and Visual Studio Elevation of Privilege VulnerabilityImportant
Azure Agent InstallerCVE-2025-21199Azure Agent Installer for Backup and Site Recovery Elevation of Privilege VulnerabilityImportant
Azure ArcCVE-2025-26627Azure Arc Installer Elevation of Privilege VulnerabilityImportant
Azure CLICVE-2025-24049Azure Command Line Integration (CLI) Elevation of Privilege VulnerabilityImportant
Azure PromptFlowCVE-2025-24986Azure Promptflow Remote Code Execution VulnerabilityImportant
Kernel Streaming WOW Thunk Service DriverCVE-2025-24995Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Local Security Authority Server (lsasrv)CVE-2025-24072Microsoft Local Security Authority (LSA) Server Elevation of Privilege VulnerabilityImportant
Microsoft Management ConsoleCVE-2025-26633Microsoft Management Console Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2025-24083Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-26629Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-24080Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office AccessCVE-2025-26630Microsoft Access Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-24081Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-24082Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-24075Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-24077Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-24078Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-24079Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Streaming ServiceCVE-2025-24046Kernel Streaming Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Streaming ServiceCVE-2025-24067Kernel Streaming Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2025-25008Windows Server Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2024-9157Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading VulnerabilityImportant
Role: Windows Hyper-VCVE-2025-24048Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2025-24050Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2025-24998Visual Studio Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2025-25003Visual Studio Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2025-26631Visual Studio Code Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2025-24059Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Cross Device ServiceCVE-2025-24994Microsoft Windows Cross Device Service Elevation of Privilege VulnerabilityImportant
Windows Cross Device ServiceCVE-2025-24076Microsoft Windows Cross Device Service Elevation of Privilege VulnerabilityImportant
Windows exFAT File SystemCVE-2025-21180Windows exFAT File System Remote Code Execution VulnerabilityImportant
Windows Fast FAT DriverCVE-2025-24985Windows Fast FAT File System Driver Remote Code Execution VulnerabilityImportant
Windows File ExplorerCVE-2025-24071Microsoft Windows File Explorer Spoofing VulnerabilityImportant
Windows Kernel MemoryCVE-2025-24997DirectX Graphics Kernel File Denial of Service VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2025-24066Kernel Streaming Service Driver Elevation of Privilege VulnerabilityImportant
Windows MapUrlToZoneCVE-2025-21247MapUrlToZone Security Feature Bypass VulnerabilityImportant
Windows Mark of the Web (MOTW)CVE-2025-24061Windows Mark of the Web Security Feature Bypass VulnerabilityImportant
Windows NTFSCVE-2025-24993Windows NTFS Remote Code Execution VulnerabilityImportant
Windows NTFSCVE-2025-24984Windows NTFS Information Disclosure VulnerabilityImportant
Windows NTFSCVE-2025-24992Windows NTFS Information Disclosure VulnerabilityImportant
Windows NTFSCVE-2025-24991Windows NTFS Information Disclosure VulnerabilityImportant
Windows NTLMCVE-2025-24996NTLM Hash Disclosure Spoofing VulnerabilityImportant
Windows NTLMCVE-2025-24054NTLM Hash Disclosure Spoofing VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-24051Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Telephony ServerCVE-2025-24056Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows USB Video DriverCVE-2025-24988Windows USB Video Class System Driver Elevation of Privilege VulnerabilityImportant
Windows USB Video DriverCVE-2025-24987Windows USB Video Class System Driver Elevation of Privilege VulnerabilityImportant
Windows USB Video DriverCVE-2025-24055Windows USB Video Class System Driver Information Disclosure VulnerabilityImportant
Windows Win32 Kernel SubsystemCVE-2025-24044Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityImportant
Windows Win32 Kernel SubsystemCVE-2025-24983Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityImportant

Critical Severity Flaws

These high-risk vulnerabilities enable full system compromise:

ComponentCVE IDVulnerability Title
Microsoft OfficeCVE-2025-24057Remote Code Execution via malicious documents
Remote Desktop ClientCVE-2025-26645RCE through specially crafted server responses
Windows DNS ServerCVE-2025-24064Remote exploitation of domain name service
Hyper-VCVE-2025-24048Privilege escalation in virtualization stack
WSL2 KernelCVE-2025-24084Kernel-level RCE in Linux compatibility layer

Update Recommendations

Deploy patches immediately through:

  • Windows Update: Settings > Update & Security > Windows Update
  • Microsoft Update Catalog: Manual download for offline systems
  • WSUS: Centralized enterprise deployment

Administrators should prioritize:

  1. Systems exposed to external networks
  2. Devices handling removable media
  3. Office suites and RDP clients
  4. Azure-connected infrastructure

The concentration of NTFS/VHD-related exploits (4 vulnerabilities) and Office suite weaknesses (8 RCE flaws) indicates attackers are targeting both enterprise infrastructure and end-user applications.

With six active exploit chains neutralized, this update represents a critical defensive maneuver against advanced persistent threats.

Also Read:

Hacktivist Group Claims Responsibility for Massive DDoS Attack on X
AnuPriya
AnuPriya

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here

About us

Exclusive Cyber Security News platform that provide in-depth analysis about Cyber Attacks, Malware infection, Data breaches, Vulnerabilities, New researches & other Cyber stories.
Contact Us: admin@cyberpress.org

Cyber Press

The latest

Windows NTFS Local Code Execution Vulnerability Exploited in the Wild – CISA

Cyber Security News
Microsoft’s March 2025 Patch Tuesday has addressed a critical...

CISA Adds Windows NTFS Vulnerability in its Known Exploit Vulnerability Catalog

Cyber Security News
Microsoft and cybersecurity agencies are urging immediate action to...

Fast FAT Vulnerability in Microsoft Windows Exploited in the Wild – CISA

Cyber Security News
A critical integer overflow vulnerability (CVE-2025-24985) in Microsoft’s Windows...

Subscribe

© Copyright 2024 - Cyber Press