Summary

March 2025 Patch Tuesday

Microsoft’s March 2025 Patch Tuesday update addresses 67 vulnerabilities, including seven zero-day flaws, six of which are actively exploited. The update encompasses various components such as Windows NTFS, Fast FAT File System Driver, Microsoft Management Console, and Microsoft Access.

OEM	Microsoft
Severity	Critical
Date of Announcement	2025-03-11
No. of Vulnerabilities Patched	67
Actively Exploited	Yes
Exploited in Wild	Yes
Advisory Version	1.0

Overview

• 57 Microsoft CVEs addressed
• 10 non-Microsoft CVEs included

The highlighted vulnerabilities include 6 zero-day flaws which are actively exploited, 1 of the Zero-day vulnerability has been publicly disclosed.

Of the 56 flaws, six are rated Critical, 50 are rated Important, and one is rated Low in severity. Twenty-three of the addressed vulnerabilities are remote code execution bugs and 22 relate to privilege escalation.

The updates are in addition to 17 vulnerabilities Microsoft addressed in its Chromium-based Edge browser since the release of last month’s Patch Tuesday update, one of which is a spoofing flaw specific to the browser (CVE-2025-26643, CVSS score: 5.4).

Vulnerability Name	CVE ID	Product Affected	Severity	CVSS Score
Microsoft Access Remote Code Execution Vulnerability	CVE-2025-26630	Windows	High	7.8
Windows Fast FAT File System Driver Remote Code Execution (RCE) Vulnerability	CVE-2025-24985	Windows	High	7.8
Windows NTFS Remote Code Execution Vulnerability	CVE-2025-24993	Windows	High	7.8
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability	CVE-2025-24983	Windows	High	7.0
Microsoft Management Console Security Feature Bypass Vulnerability	CVE-2025-26633	Windows	High	7.0
Windows NTFS Information Disclosure Vulnerability	CVE-2025-24991	Windows	Medium	5.5
Windows NTFS Information Disclosure Vulnerability	CVE-2025-24984	Windows	Medium	4.6

Technical Summary

The March 2025 update addresses critical vulnerabilities across various Microsoft components, including Windows NTFS, Fast FAT File System Driver, Microsoft Management Console, and Microsoft Access.

These vulnerabilities could lead to elevation of privilege, information disclosure, remote code execution, and security feature bypass.

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025-26630	Microsoft Office 2019. Microsoft 365 Apps for Enterprise. Microsoft Office LTSC 2021&2024 Microsoft Access 2016	A use-after-free flaw in Microsoft Access allowing attackers to execute arbitrary code by tricking victims into opening a malicious file.	Remote Code Execution
CVE-2025-24985	Windows server2019,2022 and Windows 10 & 11	An integer overflow in the Fast FAT File System Driver allowing attackers to execute remote code by tricking users into mounting a malicious VHD.	Remote Code Execution
CVE-2025-24993	Windows server2019,2022 and Windows 10 & 11	A heap-based buffer overflow in NTFS enabling attackers to execute code locally by enticing users to mount a specially crafted VHD file.	Remote Code Execution
CVE-2025-24983	Windows 10, Windows Server 2016,2012,2008.	A use-after-free vulnerability allowing authenticated attackers to escalate privileges to SYSTEM level.	Elevation of Privilege
CVE-2025-26633	Windows server2019,2022,2025 and Windows 10 & 11	Improper neutralization in Microsoft Management Console allowing attackers to bypass security features.	Security Feature Bypass
CVE-2025-24991	Windows server2019,2022 and Windows 10 & 11	Improper logging in NTFS that may allow local attackers to access portions of heap memory.	Information Disclosure
CVE-2025-24984	Windows Server 2019,2022, Windows 10 & 11	This flaw enabling attackers with physical access to read portions of heap memory by inserting a malicious USB device.	Information Disclosure

Source:  Microsoft     

In addition to the actively exploited vulnerabilities, several other critical flaws were also addressed:

• CVE-2025-24045 and CVE-2025-24035 These are two critical vulnerabilities in Windows Remote Desktop Services (RDS). An attacker could exploit these vulnerabilities by connecting to a system with the Remote Desktop Gateway role, triggering a race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.
• CVE-2025-24044 – Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerabilities A local, authenticated attacker would need to win a race condition in order to exploit this vulnerability. Successful exploitation of vulnerability would allow the attacker to gain SYSTEM privileges.
• CVE-2025-24064 – Windows Domain Name Service Remote Code Execution Vulnerability
• CVE-2025-24084 – Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability

Remediation:

• Apply Patches Promptly: Install the March 2025 security updates immediately to mitigate risks.

General Recommendations:

• Prioritize Zero-Day Fixes: Focus on patching actively exploited vulnerabilities, especially those affecting Windows NTFS, Fast FAT File System Driver, and Win32 Kernel Subsystem.
• Update Microsoft Edge: Ensure the latest version is installed to prevent browser-based exploits.
• Secure File System Access: Implement security controls to prevent unauthorized access to NTFS and FAT file systems, particularly against USB-based attack vectors.
• Educate Employees: Train users in phishing risks to reduce the chances of executing malicious Microsoft Access files.
• Monitor for Exploitation: Continuously monitor systems for any signs of exploitation or suspicious activity.

Conclusion:

The March 2025 Patch Tuesday highlights the critical need for timely application of security updates. The actively exploited zero-day vulnerabilities pose significant risks, and immediate action is essential to protect systems from potential attacks. Organizations should remain vigilant and ensure that all security patches are applied without delay.

References:

• https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar 
• https://cybersecuritynews.com/microsoft-march-2025-patch-tuesday/