Summary:
As part of the March Microsoft Patch Tuesday, Microsoft addressed 57 flaws, including 7 zero-days, 6 of which are being actively exploited in attacks in the wild. Of the 57 flaws, there were 23 elevation of privilege vulnerabilities, 3 security feature bypass vulnerabilities, 23 remote code execution vulnerabilities, 4 information disclosure vulnerabilities, 1 denial of service vulnerabilities, and 3 spoofing vulnerabilities. 6 flaws have been rated critical in severity, all of which can lead to remote code execution.

In addition to Microsoft, several other vendors have released updates in March 2025:

• Broadcom fixed three zero-day flaws in VMware ESXi that were exploited in attacks.
• Cisco fixes WebEx flaw that could expose credentials, as well as critical vulnerabilities in Cisco Small Business routers.
• An unpatched Edimax IC-7100 IP camera flaw is being exploited by botnet malware to infect devices.
• Google fixed an exploited zero-day flaw in an Android's Linux kernel driver that was used to unlock devices.
• Ivanti released security updates for Secure Access Client (SAC) and Neurons for MDM.
• Fortinet released security updates for numerous products, including FortiManager, FortiOS, FortiAnalyzer, and FortiSandbox.
• Paragon disclosed a flaw in its BioNTdrv.sys driver that was exploited by ransomware gangs in BYOVD attacks.
• SAP releases security updates for multiple products.

Security Officer Comments:
The five actively exploited zero-days are listed below:

• CVE-2025-24983 (Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability): Allows local attackers to gain SYSTEM privileges via a race condition; exploitation details are not disclosed yet, but discovered by ESET.
• CVE-2025-24984 (Windows NTFS Information Disclosure Vulnerability): Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack; an attacker needs physical access to the target computer to plug in a malicious USB drive; disclosed anonymously.
• CVE-2025-24985 (Windows Fast FAT File System Driver Remote Code Execution Vulnerability): Remote code execution caused by an integer overflow or wraparound in Windows Fast FAT Driver; exploitation details are not disclosed yet but malicious VHD images have been previously exploited in phishing attacks through pirated software sites; disclosed anonymously.
• CVE-2025-24991 (Windows NTFS Information Disclosure Vulnerability): Allows attackers to read small portions of heap memory and steal information by tricking users into mounting a malicious VHD file; disclosed anonymously.
• CVE-2025-24993 (Windows NTFS Remote Code Execution Vulnerability): Heap-based buffer overflow vulnerability that allows attackers to execute code by tricking users into mounting a malicious VHD file; disclosed anonymously.
• CVE-2025-26633 (Microsoft Management Console Security Feature Bypass Vulnerability): Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally; exploitation of the vulnerability requires that a user open a specially crafted file; discovered by Trend Micro.

Although not much details regarding the exploitation of these flaws have been disclosed, successful exploitation could enable actors to elevate privileges, execute arbitrary code remotely, and steal sensitive information from targeted systems, which could open the door for additional attacks.

Suggested Corrections:
Organizations should review the list of vulnerabilities resolved and apply the relevant patches as needed. To access the full list of vulnerabilities addressed, please use the link down below:

https://www.bleepingcomputer.com/mi...ports/Microsoft-Patch-Tuesday-March-2025.html

Link(s):
https://www.bleepingcomputer.com/ne...025-patch-tuesday-fixes-7-zero-days-57-flaws/