Microsoft March 2025 Patch package fixes 57 flaws, six actively exploited and six critical
Take action: This month the highest priority is patching Windows. All six actively exploited flaws are in Windows components, so don't delay. After patching Windows, proceed to update your Microsoft Office. Just push update now, get a cup of coffee, read a book for an hour. It's worth it.
Learn More
Microsoft has released its March 2025 Patch Tuesday, addressing a total of 57 security vulnerabilities. This update fixes six actively exploited zero-day vulnerabilities, one publicly disclosed zero-day. The update also includes patches for six "Critical" remote code execution vulnerabilities.
The security update addresses vulnerabilities across several categories:
- 23 Elevation of Privilege Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 23 Remote Code Execution Vulnerabilities
- 4 Information Disclosure Vulnerabilities
- 1 Denial of Service Vulnerability
- 3 Spoofing Vulnerabilities
The following zero-day vulnerabilities are being actively exploited in the wild:
- CVE-2025-24983 (CVSS score 7.0) - Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. Allows local attackers to gain SYSTEM privileges by winning a race condition.
- CVE-2025-24984 (CVSS score 4.6) - Windows NTFS Information Disclosure Vulnerability. Exploitable by attackers with physical access using a malicious USB drive and allows reading portions of heap memory to steal information
- CVE-2025-24985 (CVSS score 7.8) - Windows Fast FAT File System Driver Remote Code Execution Vulnerability. Caused by an integer overflow in Windows Fast FAT Driver and exploitable by tricking users into mounting specially crafted VHD files.
- CVE-2025-24991 (CVSS score 5.5) - Windows NTFS Information Disclosure Vulnerability. Allows reading small portions of heap memory to steal information. Exploitable by tricking users into mounting malicious VHD files
- CVE-2025-24993 (CVSS score 7.8) - Windows NTFS Remote Code Execution Vulnerability. Caused by a heap-based buffer overflow bug in Windows NTFS. Exploitable by tricking users into mounting specially crafted VHD files
- CVE-2025-26633 (CVSS score 7.0) - Microsoft Management Console Security Feature Bypass Vulnerability. May involve a bug allowing malicious .msc files to bypass Windows security features. Exploitable through phishing or social engineering attacks
Publicly Disclosed Zero-Day, not reported as exploited
- CVE-2025-26630 (CVSS score 7.8) - Microsoft Access Remote Code Execution Vulnerability. Caused by a use-after-free memory bug in Microsoft Office Access. Exploitable by tricking users into opening specially crafted Access files. Cannot be exploited through the preview pane
Critical flaws
- CVE-2025-24057 (CVSS score 7.8) - Microsoft Office Remote Code Execution Vulnerability
- CVE-2025-26645 (CVSS score 8.8) - Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2025-24064 (CVSS score 8.1) - Windows Domain Name Service Remote Code Execution Vulnerability
- CVE-2025-24035 (CVSS score 8.1) - Windows Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2025-24045 (CVSS score 8.1) - Windows Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2025-24084 (CVSS score 8.4) - Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability
Users are strongly encouraged to apply these patches immediately given the active exploitation of multiple zero-day vulnerabilities, particularly those involving Windows NTFS and VHD file manipulation. Additional information about non-security updates released today can be found in the dedicated articles for Windows 11 KB5053598 & KB5053602 cumulative updates and the Windows 10 KB5053606 update.
Full list of vulnerabilities
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET | CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability | Important |
| ASP.NET Core & Visual Studio | CVE-2025-24070 | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability | Important |
| Azure Agent Installer | CVE-2025-21199 | Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability | Important |
| Azure Arc | CVE-2025-26627 | Azure Arc Installer Elevation of Privilege Vulnerability | Important |
| Azure CLI | CVE-2025-24049 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | Important |
| Azure PromptFlow | CVE-2025-24986 | Azure Promptflow Remote Code Execution Vulnerability | Important |
| Kernel Streaming WOW Thunk Service Driver | CVE-2025-24995 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Local Security Authority Server (lsasrv) | CVE-2025-24072 | Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability | Important |
| Microsoft Management Console | CVE-2025-26633 | Microsoft Management Console Security Feature Bypass Vulnerability | Important |
| Microsoft Office | CVE-2025-24083 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-26629 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-24080 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-24057 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Access | CVE-2025-26630 | Microsoft Access Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-24081 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-24082 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-24075 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-24077 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-24078 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-24079 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Streaming Service | CVE-2025-24046 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Service | CVE-2025-24067 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2025-25008 | Windows Server Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2024-9157 | Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability | Important |
| Remote Desktop Client | CVE-2025-26645 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| Role: DNS Server | CVE-2025-24064 | Windows Domain Name Service Remote Code Execution Vulnerability | Critical |
| Role: Windows Hyper-V | CVE-2025-24048 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-24050 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2025-24998 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2025-25003 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2025-26631 | Visual Studio Code Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2025-24059 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Cross Device Service | CVE-2025-24994 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability | Important |
| Windows Cross Device Service | CVE-2025-24076 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability | Important |
| Windows exFAT File System | CVE-2025-21180 | Windows exFAT File System Remote Code Execution Vulnerability | Important |
| Windows Fast FAT Driver | CVE-2025-24985 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability | Important |
| Windows File Explorer | CVE-2025-24071 | Microsoft Windows File Explorer Spoofing Vulnerability | Important |
| Windows Kernel Memory | CVE-2025-24997 | DirectX Graphics Kernel File Denial of Service Vulnerability | Important |
| Windows Kernel-Mode Drivers | CVE-2025-24066 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
| Windows MapUrlToZone | CVE-2025-21247 | MapUrlToZone Security Feature Bypass Vulnerability | Important |
| Windows Mark of the Web (MOTW) | CVE-2025-24061 | Windows Mark of the Web Security Feature Bypass Vulnerability | Important |
| Windows NTFS | CVE-2025-24993 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows NTFS | CVE-2025-24984 | Windows NTFS Information Disclosure Vulnerability | Important |
| Windows NTFS | CVE-2025-24992 | Windows NTFS Information Disclosure Vulnerability | Important |
| Windows NTFS | CVE-2025-24991 | Windows NTFS Information Disclosure Vulnerability | Important |
| Windows NTLM | CVE-2025-24996 | NTLM Hash Disclosure Spoofing Vulnerability | Important |
| Windows NTLM | CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability | Important |
| Windows Remote Desktop Services | CVE-2025-24035 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Services | CVE-2025-24045 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-24051 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Subsystem for Linux | CVE-2025-24084 | Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability | Critical |
| Windows Telephony Server | CVE-2025-24056 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows USB Video Driver | CVE-2025-24988 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Video Driver | CVE-2025-24987 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Video Driver | CVE-2025-24055 | Windows USB Video Class System Driver Information Disclosure Vulnerability | Important |
| Windows Win32 Kernel Subsystem | CVE-2025-24044 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
| Windows Win32 Kernel Subsystem | CVE-2025-24983 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
