March 2025 Patch Tuesday: Microsoft Addresses 7 Zero-Day Vulnerabilities and 57 Other Issues

ByCloudBrain Team
March 2025 Patch Tuesday: Microsoft Addresses 7 Zero-Day Vulnerabilities and 57 Other Issues

Microsoft’s March 2025 Patch Tuesday brought significant security updates addressing a total of 57 vulnerabilities, including six zero-day vulnerabilities that are actively being exploited. Among the vulnerabilities, six are marked as "Critical," all of which are classified as remote code execution flaws.

Here’s a breakdown of the types of vulnerabilities included in this update:

  • 23 Elevation of Privilege Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 23 Remote Code Execution Vulnerabilities
  • 4 Information Disclosure Vulnerabilities
  • 1 Denial of Service Vulnerability
  • 3 Spoofing Vulnerabilities

It’s worth noting that the numbers above do not include issues associated with Mariner or 10 vulnerabilities in Microsoft Edge that were addressed earlier this month.

For a look at the non-security updates released today, there are separate articles available discussing Windows 11 updates KB5053598 and KB5053602, as well as the Windows 10 update KB5053606.

Overview of Zero-Day Vulnerabilities

March’s Patch Tuesday also fixed a total of six zero-day vulnerabilities that were actively being exploited, along with one public disclosure, totaling seven zero-days this month. Microsoft labels a zero-day vulnerability as an issue that has either been disclosed publicly or is being exploited without a fix available.

Several of these zero-day vulnerabilities relate to Windows NTFS issues involving the mounting of Virtual Hard Disk (VHD) drives. The specific vulnerabilities being addressed include:

  1. CVE-2025-24983 – This vulnerability in the Windows Win32 Kernel Subsystem allows local attackers to escalate privileges to SYSTEM level after invoking a race condition. Details on its exploitation have not been disclosed yet, but it was discovered by Filip Jurčacko from ESET.

  2. CVE-2025-24984 – This is an information disclosure vulnerability in Windows NTFS. Attackers gaining physical access to a device could exploit it by inserting a malicious USB drive to read sections of heap memory and extract sensitive information. This flaw was reported anonymously.

  3. CVE-2025-24985 – Linked to the Windows Fast FAT Driver, this remote code execution vulnerability enables attackers to execute code by tricking a local user into mounting a specially crafted VHD. Instances of malicious VHD images have previously been reported in phishing campaigns and through counterfeit software sources.

  4. CVE-2025-24991 – Similar to the previous vulnerabilities, this allows attackers to read small portions of heap memory, where they can potentially access confidential data by tricking users into mounting malicious VHD files.

  5. CVE-2025-24993 – This vulnerability in the Windows NTFS can also lead to remote code execution through a heap-based buffer overflow. Local users can be duped into mounting a specially crafted VHD that triggers the vulnerability.

  6. CVE-2025-26633 – This vulnerability presents a security feature bypass in the Microsoft Management Console, which might enable specially crafted files to circumvent security protocols, potentially allowing code execution.

Additionally, there is a public zero-day vulnerability:

  • CVE-2025-26630 – Found in Microsoft Access, this flaw can also lead to remote code execution. Exploitation involves getting users to open a malicious Access file through phishing or social engineering tactics.

Updates from Other Software Vendors

In March 2025, several other companies have also released updates or advisories addressing various vulnerabilities.

List of Resolved Vulnerabilities

The March 2025 Patch Tuesday updates resolved multiple vulnerabilities across various Microsoft products. For users seeking detailed descriptions of each vulnerability and the systems affected, a complete report can be accessed through dedicated advisories.

This month’s patches showcase Microsoft’s ongoing commitment to improving security by addressing critical vulnerabilities that could leave systems open to attacks. Keeping software updated is essential for protecting devices against known security flaws and preventing potential exploits.

Also Read