Microsoft Patch Tuesday (March 2025) Addresses 67 Vulnerabilities, Including Seven Zero-Day Flaws
do son 
Microsoft’s Patch Tuesday for March 2025 has rolled out critical security updates addressing 67 vulnerabilities, including six classified as critical and 51 deemed important. Notably, this update resolves seven zero-day vulnerabilities, six of which are actively exploited in the wild.
Key Highlights of March 2025 Patch Tuesday
- Zero-Day Vulnerabilities: Microsoft patched seven zero-days, with four actively exploited.
- Microsoft Edge Fixes: 10 security issues in the Chromium-based Microsoft Edge were addressed.
- Wide Range of Affected Components: The patches target vulnerabilities in Microsoft Streaming Service, Windows Hyper-V, Microsoft Windows, DNS Server, Visual Studio, Windows Routing and Remote Access Service (RRAS), Windows NTLM, and Windows Common Log File System Driver.
- Types of Vulnerabilities: The update fixes flaws across various categories, including Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, and Remote Code Execution (RCE).
Critical Zero-Day Vulnerabilities Fixed
1. CVE-2025-24983: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
This use-after-free vulnerability in the Windows Win32 Kernel Subsystem enables an authenticated attacker to escalate privileges to SYSTEM level. Due to its critical impact, the Cybersecurity and Infrastructure Security Agency (CISA) has added it to its Known Exploited Vulnerabilities Catalog and advised immediate patching before April 1, 2025.
2. CVE-2025-24984: Windows NTFS Information Disclosure Vulnerability
This flaw in the NTFS file system could allow an attacker with physical access to a system to read portions of heap memory by inserting a malicious USB device.
3. CVE-2025-24985: Windows Fast FAT File System Driver Remote Code Execution (RCE) Vulnerability
An integer overflow in the Windows Fast FAT File System Driver could let an attacker execute remote code if a local user mounts a maliciously crafted Virtual Hard Disk (VHD). CISA recommends patching this vulnerability immediately.
4. CVE-2025-24991: Windows NTFS Information Disclosure Vulnerability
This flaw results from improper logging of sensitive data in Windows NTFS, which may allow local attackers to access portions of heap memory.
5. CVE-2025-24993: Windows NTFS Remote Code Execution Vulnerability
A heap-based buffer overflow in Windows NTFS could let an attacker execute code locally by enticing a user to mount a specially crafted VHD file. CISA warns that this flaw is being actively exploited.
6. CVE-2025-26630: Microsoft Access Remote Code Execution Vulnerability
A use-after-free flaw in Microsoft Access could allow an attacker to execute arbitrary code. The attacker needs to trick a victim into opening a malicious file to exploit this vulnerability.
7. CVE-2025-26633: Microsoft Management Console Security Feature Bypass Vulnerability
Improper neutralization in Microsoft Management Console (MMC) could allow an attacker to bypass security features.
Security Recommendations:
The March 2025 Patch Tuesday underscores the urgent need for organizations to apply security updates promptly. The actively exploited zero-days pose significant risks, particularly those affecting Windows NTFS, Fast FAT File System, and Win32 Kernel Subsystem.
- Prioritize patching zero-day vulnerabilities—CISA urges organizations to fix vulnerabilities in the Known Exploited Vulnerabilities Catalog before April 1, 2025.
- Ensure all Microsoft Edge updates are applied to mitigate risks from browser-based exploits.
- Review security controls to prevent unauthorized access to NTFS and FAT file systems, especially against USB-based attack vectors.
- Educate employees about phishing risks to reduce the chances of executing malicious Microsoft Access files.
