Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws

On this notable March 2025 Patch Tuesday, Microsoft has rolled out security updates addressing a total of 57 vulnerabilities. Among these, six are classified as critical and pertain to remote code execution, underscoring the urgency for users to apply these updates promptly.

The vulnerabilities are categorized as follows:

• 23 Elevation of Privilege Vulnerabilities
• 3 Security Feature Bypass Vulnerabilities
• 23 Remote Code Execution Vulnerabilities
• 4 Information Disclosure Vulnerabilities
• 1 Denial of Service Vulnerability
• 3 Spoofing Vulnerabilities

It is important to note that these figures do not encompass Mariner flaws or the 10 Microsoft Edge vulnerabilities that were addressed earlier this month.

For those interested in non-security updates, detailed articles are available on the Windows 11 KB5053598 & KB5053602 cumulative updates, as well as the Windows 10 KB5053606 update.

Six Actively Exploited Zero-Days

This month’s updates specifically address six actively exploited zero-day vulnerabilities, in addition to one that has been publicly disclosed. Microsoft defines a zero-day flaw as one that is either publicly known or actively exploited without an official fix available.

Several of these zero-day vulnerabilities are tied to Windows NTFS bugs that involve the mounting of VHD drives. The vulnerabilities include:

CVE-2025-24983 – Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

This vulnerability allows local attackers to gain SYSTEM privileges on the device through a race condition. Details on the exploitation method remain undisclosed, but further insights may emerge from ESET, the firm that discovered the flaw.

CVE-2025-24984 – Windows NTFS Information Disclosure Vulnerability

Exploitable by attackers with physical access to the device, this flaw permits the reading of heap memory portions via a malicious USB drive. This vulnerability was disclosed anonymously.

CVE-2025-24985 – Windows Fast FAT File System Driver Remote Code Execution Vulnerability

Caused by an integer overflow in the Windows Fast FAT Driver, this vulnerability allows an attacker to execute code by tricking a local user into mounting a specially crafted VHD. Similar malicious VHD images have previously circulated in phishing attacks.

CVE-2025-24991 – Windows NTFS Information Disclosure Vulnerability

This flaw enables attackers to read small portions of heap memory and extract information by deceiving a user into mounting a malicious VHD file. It was also disclosed anonymously.

CVE-2025-24993 – Windows NTFS Remote Code Execution Vulnerability

Characterized by a heap-based buffer overflow, this vulnerability allows code execution when a local user mounts a specially crafted VHD. The disclosure was anonymous.

CVE-2025-26633 – Microsoft Management Console Security Feature Bypass Vulnerability

While details are sparse, this flaw may enable malicious .msc files to bypass Windows security features. Attackers would need to entice users into taking action, such as clicking a link or opening a malicious attachment. This vulnerability was discovered by Trend Micro.

The publicly disclosed zero-day is:

CVE-2025-26630 – Microsoft Access Remote Code Execution Vulnerability

This flaw arises from a use-after-free memory issue in Microsoft Office Access, requiring users to be tricked into opening a specially crafted Access file, typically through phishing or social engineering. Notably, it cannot be exploited via the preview pane.

Recent Updates from Other Companies

In addition to Microsoft, other vendors have also released updates or advisories throughout March 2025.

The March 2025 Patch Tuesday Security Updates

Below is a comprehensive list of resolved vulnerabilities from the March 2025 Patch Tuesday updates. For a detailed description of each vulnerability and the systems affected, the full report is available for review.