Microsoft has released its March 2025 Patch Tuesday update, addressing 57 bugs across its systems, including Windows, Office, Azure, and others. This latest update is particularly significant as it fixes seven zero-day vulnerabilities, six of which are actively being exploited by attackers.
Among the vulnerabilities is CVE-2025-24985, which involves remote code execution. Attackers can exploit it by tricking users to mount malicious virtual hard disk (VHD) files. Both this vulnerability and CVE-2025-24993 pertain to the Windows Fast FAT System Driver and Windows NTFS vulnerabilities, which could result in unauthorized access to users’ systems.
Meanwhile, two additional vulnerabilities, CVE-2025-24984 and CVE-2025-24991, also found within Windows NTFS, allow information disclosure. CVE-2025-24984 can enable attackers who physically access the device to insert malicious USB drives and read memory content, putting sensitive data at risk. CVE-2025-24991 exploits the mounting of malicious VHD files to perform similar acts of data theft.
Further complicate matters, CVE-2025-24983, related to the Windows Win32 Kernel Subsystem, allows local attackers to gain system privileges, significantly increasing the potential impact of successful breaches.
Another noteworthy vulnerability is CVE-2025-26633, which relates to the Microsoft Management Console. This vulnerability can be exploited to bypass security features, allowing attackers to execute additional unauthorized actions discreetly.
Notably, most of these zero-day vulnerabilities were anonymously reported. Specifically, ESET was responsible for identifying CVE-2025-24983, and Trend Micro uncovered CVE-2025-26633. These partnerships are instrumental, as timely reporting can lead to quicker patches and protection for users.
Unpatched.ai flagged the additional remote code execution vulnerability, CVE-2025-26630, found within Microsoft Office Access. Attackers employing phishing tactics can exploit it once users open malicious files.
Beyond these vulnerabilities, Microsoft also patched six other severe vulnerabilities affecting Microsoft Office, Remote Desktop Client, Windows Domain Name System (DNS), Windows Remote Desktop Services, and the Linux Subsystem for Windows Kernel. Each of these could contribute to the ease of unauthorized access and data breaches if left unpatched.
Microsoft issues its Patch Tuesday updates monthly on the second Tuesday at 10 AM Pacific Time. These updates typically involve the automatic downloading and installation of patches, yet Microsoft emphasizes the importance of user vigilance.
Users should manually check for updates to confirm they have the latest patches installed on their devices. To do so, navigate to the Start button, select 'Settings', click on 'Windows Update', and choose 'Check for updates'. It's best practice, considering the vulnerabilities being actively exploited, to apply these updates as swiftly as possible.
With threats from cybersecurity poised to increase, the urgency for users to secure their devices against potential attacks has never been greater. Microsoft’s regular updates and transparency about vulnerabilities offer users clarity on what steps they need to take to protect themselves.