57 Security Issues Fixed in Microsoft’s March 2025 Patch Tuesday Update
Microsoft fixed 57 vulnerabilities in its March 2025 Patch Tuesday updates, including six "Critical" remote code execution vulnerabilities and six actively exploited zero-day vulnerabilities.
Today is the second Tuesday of March 2025, and Microsoft has released its latest security updates for all supported products including Windows 11 and Windows 10. Microsoft fixed 57 vulnerabilities across various Microsoft products including six actively exploited zero-day vulnerabilities. Today’s patch update also fixed six critical remote code execution vulnerabilities. The latest patch addresses several vulnerabilities in Microsoft products, including Windows, Office, Windows Hyper-V, Windows Routing and Remote Access Service (RRAS), Azure, and .NET Framework.
Quick Links
- 1 Microsoft March 2025 Patch Tuesday update
- 1.1 Six zero-day vulnerabilities patched
- 1.2 CVE-2025-24983 (Win32 Kernel Subsystem Privilege Escalation):
- 1.3 CVE-2025-24984 (NTFS Information Disclosure):
- 1.4 CVE-2025-24985 (Fast FAT File System Driver RCE):
- 1.5 CVE-2025-24991 (NTFS Information Disclosure):
- 1.6 CVE-2025-24993 (NTFS Remote Code Execution):
- 1.7 CVE-2025-26630 (Microsoft Access Remote Code Execution):
- 1.8 Three Critical Severity Vulnerabilities patched
- 1.9 CVE-2025-24035 & CVE-2025-24045 (Windows Remote Desktop Services RCE):
- 1.10 CVE-2025-24057 (Microsoft Office RCE):
- 1.11 CVE-2025-24064 (Windows DNS Server RCE):
- 1.12 CVE-2025-24084 (Windows Subsystem for Linux 2 RCE):
- 1.13 CVE-2025-26645 (Remote Desktop Client RCE):
- 1.14 Windows security updates
- 2 Download the Windows Cumulative update
Microsoft March 2025 Patch Tuesday update
This month’s Patch Tuesday fixes 57 Vulnerabilities, including six “Critical” remote code execution vulnerabilities and six actively exploited zero-day vulnerabilities.
Beyond the critical zero-days, Microsoft’s updates also address numerous “Important” vulnerabilities. These include remote code execution flaws in .NET, Visual Studio, Office, and Windows Telephony Service. Elevation of privilege issues in Azure, Kernel Streaming, Microsoft AutoUpdate, and Windows Storage. Denial of service vulnerabilities in Active Directory, Internet Connection Sharing, and Windows Kerberos. Security feature bypasses in Surface and Windows Kernel, spoofing vulnerabilities in Outlook and NTLM and an information disclosure vulnerability in Excel.
The number of bugs in each vulnerability category is listed below:
- 23 Elevation of Privilege Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 23 Remote Code Execution Vulnerabilities
- 4 Information Disclosure Vulnerabilities
- 1 Denial of Service Vulnerabilities
- 3 Spoofing Vulnerabilities
Microsoft patched 57 CVEs in its March 2025 Patch Tuesday Release, including six actively exploited zero-day vulnerability with six critical and remaining ones rated as important and moderate.
Six zero-day vulnerabilities patched
Microsoft patched six zero-day vulnerabilities this month, affecting core Windows components, including the Win32 Kernel Subsystem, NTFS, and the Fast FAT File System Driver. These vulnerabilities could lead to privilege escalation, remote code execution, and information disclosure.
CVE-2025-24983 (Win32 Kernel Subsystem Privilege Escalation):
A use-after-free vulnerability in the Windows Win32 Kernel Subsystem allows attackers to elevate privileges to SYSTEM. Exploiting this flaw requires local access, but once successful, it grants full control over the affected machine.
CVE-2025-24984 (NTFS Information Disclosure):
- An attacker with physical access can exploit this NTFS flaw by inserting a malicious USB drive, potentially reading sensitive heap memory data. While it does not allow remote exploitation, it poses a risk for data leaks.
CVE-2025-24985 (Fast FAT File System Driver RCE):
- An integer overflow vulnerability in the Windows Fast FAT File System Driver could allow remote code execution. Attackers may trick users into mounting a specially crafted VHD file, leading to arbitrary code execution.
CVE-2025-24991 (NTFS Information Disclosure):
- Sensitive data may be exposed if NTFS log files contain unintended information. This vulnerability allows authorized attackers to read portions of heap memory locally.
CVE-2025-24993 (NTFS Remote Code Execution):
- A heap-based buffer overflow in NTFS may let an attacker execute arbitrary code. Like the Fast FAT vulnerability, exploitation requires tricking a user into mounting a specially crafted VHD.
CVE-2025-26630 (Microsoft Access Remote Code Execution):
- A use-after-free flaw in Microsoft Access allows attackers to execute code locally. Exploitation requires convincing a user to open a malicious file, potentially compromising system integrity.
- All six vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities Catalog, with a patch deadline of April 1, 2025.
Three Critical Severity Vulnerabilities patched
Microsoft also addressed six critical vulnerabilities this month, , affecting Windows Remote Desktop Services, Microsoft Office, DNS, and WSL2. These vulnerabilities could allow remote code execution (RCE), putting systems at risk of full compromise.
CVE-2025-24035 & CVE-2025-24045 (Windows Remote Desktop Services RCE):
- A race condition in Windows Remote Desktop Services (RDS) could allow an attacker to execute code remotely. Exploiting this flaw requires manipulating sensitive data stored in improperly locked memory.
CVE-2025-24057 (Microsoft Office RCE):
- A heap-based buffer overflow in Microsoft Office may allow an attacker to execute arbitrary code remotely. Exploitation likely involves tricking a user into opening a malicious Office file.
CVE-2025-24064 (Windows DNS Server RCE):
- A use-after-free vulnerability in the Windows DNS Server could enable remote code execution. Attackers must win a race condition to exploit this flaw, potentially gaining control over affected systems.
CVE-2025-24084 (Windows Subsystem for Linux 2 RCE):
- An untrusted pointer dereference in WSL2 could allow local attackers to execute arbitrary code. While this vulnerability does not allow remote exploitation, it poses a risk to systems running WSL2.
CVE-2025-26645 (Remote Desktop Client RCE):
- A relative path traversal flaw in the Remote Desktop Client allows remote attackers to execute code over a network. This vulnerability could be exploited by tricking a user into connecting to a malicious RDP server.
Windows security updates
In addition to Microsoft security updates, this March 2025 Patch Tuesday update also brought Windows 11 and Windows 10 cumulative updates. That includes KB5053606 for Windows 10 and KB5053598 for Windows 11 version 24H2. So if you are running any of these Windows versions, make sure you update them as you install the new patches.
Windows 7 and Windows 8.1 reached the End of support from Microsoft, which means the company no longer provides frequent updates or security patches for these operating systems. For more information please visit the Microsoft lifecycle page at https://learn.microsoft.com/en-us/lifecycle/end-of-support/end-of-support-2023
Microsoft’s March 2025 Update, KB5053598 for Windows 11 version 24H2 advance Build 26100.3476, rollout changes including a new option to display battery percentage in the Taskbar, improved file sharing from the Jump List, and refinements to Windows Spotlight and File Explorer. It introduces advanced camera settings, upgrades to Windows Narrator’s scan mode, and new Game Pass sharing options.
The KB5053606 cumulative update for Windows 10 22H2 is not a big update and doesn’t offer new features, but it fixes issues, dwm.exe stop responding, OpenSSH not start, and more. Upon installation, Windows 10 22H2 is updated to build 19045.5608. You can refer to this article for more details on what’s new on Windows 10 KB5051974.
Download the Windows Cumulative update
All these Security updates automatically download and get installed on your device via Windows update. If your device has not received it yet, open Settings, Update & Security, and check for updates. Once done, restart your Device to apply the updates.
- Windows 11 KB5053598 (Version 24H2) offline installer Direct Download Link 64-bit.
- Windows 11 KB5053602 (Version 23H2/22H2) offline installer Direct Download Link 64-bit.
- Windows 10 KB5053606 (For versions 22H2) Direct Download Links: 64-bit and 32-bit (x86).
- Windows 10 KB5053596 (version 1809) 64-bit | Download and 32-bit | Download
The above link directly opens the Microsoft Update Catalog, which is the library of Windows Update offline installers. You need to click on the ‘Download’ button next to the version of the OS installed on your machine and run the .msu files to begin the installation of the update.
If you are looking for Windows 10 22H2 Update ISO image, click here Or check How to Upgrade to Windows 10 version 22H2 Using the media creation tool.
If you face any difficulty while installing these updates, check the Windows 10 Update troubleshooting guide to fix the Windows 10 Cumulative update stuck downloading, failed to install with different errors, etc.
What time do Patch Tuesday patches come out?
- Microsoft schedules the release of security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST.
Is Patch Tuesday weekly or monthly?
- Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on April 08, 2025.
Why did the second Tuesday of every month called Patch Tuesday?
- The second Tuesday of the month is referred to as “Patch Tuesday” because Microsoft attempts to combine the largest updates into this maintenance window.
What is the latest update for Windows 11 March 2025?
- The latest KB5053598 for Windows 11 version 24H2 and KB5053606 for Windows 10 version 22H2.
What is the zero-day patch?
- The term “Zero-Day” is used when security teams are unaware of their software vulnerability, and they’ve had “0” days to work on a security patch or an update to fix the issue.
