Skip to content

Microsoft Releases March 2025 Patch Tuesday Security Update: 57 Vulnerabilities Fixed, 6 Zero-Day Exploits Actively Used

As part of its March 2025 Patch Tuesday update, Microsoft has patched a total of 57 security vulnerabilities. Most notably, six of these are zero-day vulnerabilities, which are actively being exploited by cybercriminals. These updates affect the Windows operating system, Microsoft Office, Azure, and other critical components.

The released fixes address privilege escalation, remote code execution (RCE), security feature bypass, information disclosure, denial of service (DoS), and spoofing vulnerabilities. Notably, 23 remote code execution (RCE) vulnerabilities have been fixed, reducing the risk of remote attacks.

Actively Exploited Zero-Day Vulnerabilities

1. CVE-2025-24983 – Windows Win32 Kernel Subsystem Privilege Escalation Vulnerability

This vulnerability allows an attacker to gain the highest (SYSTEM) privileges on a Windows system. Discovered by Filip Jurčacko (ESET), the exploit, known as PipeMagic, has been observed targeting older Windows versions (Windows 8.1, Server 2012 R2) but also affects Windows 10 (build 1809) and Windows Server 2016.

2. CVE-2025-24984 – Windows NTFS Information Disclosure Vulnerability

This vulnerability enables an attacker with physical access to a system to use a malicious USB device to read sensitive data from system memory, posing a significant data theft risk.

3. CVE-2025-24985 – Windows Fast FAT File System Driver Remote Code Execution Vulnerability

Caused by integer overflow and buffer overflow flaws in Windows’ FAT file system driver, this vulnerability allows an attacker to execute code by loading a specially crafted file system.

4. CVE-2025-24991 – Windows NTFS Information Disclosure Vulnerability

Another NTFS-related vulnerability that could leak sensitive data stored in system memory.

5. CVE-2025-24993 – Windows NTFS Remote Code Execution Vulnerability

By loading a specially crafted virtual hard disk (VHD) file, an attacker could execute local code or gain unauthorized access to system memory.

6. CVE-2025-26633 – Microsoft Management Console Security Feature Bypass Vulnerability

This vulnerability allows attackers to gain unauthorized access to a system if a user opens a malicious file or link within the Microsoft Management Console (MMC).

Microsoft also patched several other high-risk vulnerabilities, including:

  • CVE-2025-24045 & CVE-2025-24035Windows Remote Desktop Services (RDS) vulnerabilities. These flaws could allow attackers to gain access via Remote Desktop Gateway and execute arbitrary code through use-after-free exploitation.
  • CVE-2025-24044Windows Win32 Kernel Subsystem Privilege Escalation Vulnerability. This allows local users to obtain administrator-level privileges.
  • CVE-2025-24064Windows Domain Name Service (DNS) Remote Code Execution Vulnerability.
  • CVE-2025-24084Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability.

System administrators and all Windows users are strongly advised to install these updates immediately, as the zero-day vulnerabilities are already being exploited in real-world attacks.

Additional Security Measures:

Enable automatic Windows updates – to ensure critical patches are installed promptly.
Use Windows Defender or other security tools – to protect against malware and cyber threats.
Limit administrator privileges – to reduce the risk of privilege escalation attacks.
Avoid opening suspicious files or clicking unknown links – to prevent phishing and malware infections.
Regularly back up your data – to ensure recovery in case of an attack.

Microsoft releases security updates every month, but March’s update is particularly critical due to the active exploitation of zero-day vulnerabilities. Make sure to update your systems as soon as possible!