Skip to main content

Microsoft Releases March 2025 Security Updates

Scheduled updates for Microsoft products, including security updates for 57 vulnerabilities, of which six are reported as exploited

Threat ID:
CC-4629
Threat Severity:
Medium
Published:
12 March 2025 3:00 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products, including security updates for 57 vulnerabilities, of which six are reported as exploited

Affected platforms

The following platforms are known to be affected:

Windows Server

Microsoft Windows

Microsoft Office

Microsoft Visual Studio

The following platforms are also known to be affected:

  • Windows exFAT File System
  • Azure Agent Installer
  • Windows MapUrlToZone
  • Windows Remote Desktop Services.NET
  • Windows Win32 Kernel Subsystem
  • Windows Remote Desktop Services
  • Microsoft Streaming Service
  • Role: Windows Hyper-V
  • Azure CLI
  • Windows Routing and Remote Access Service (RRAS)
  • Windows USB Video Driver
  • Windows Telephony Server
  • Windows Common Log File System Driver
  • Windows Mark of the Web (MOTW)
  • Role: DNS Server
  • Windows Kernel-Mode Drivers
  • ASP.NET Core & Visual Studio
  • Windows File Explorer
  • Microsoft Local Security Authority Server (lsasrv)
  • Windows Cross Device Service
  • Microsoft Office Word
  • Microsoft Office Excel
  • Windows Subsystem for Linux
  • Windows NTFS
  • Windows Fast FAT Driver
  • Azure PromptFlow
  • Kernel Streaming WOW Thunk Service Driver
  • Windows NTLM
  • Windows Kernel Memory
  • Azure Arc
  • Microsoft Office Access
  • Microsoft Management Console
  • Microsoft Edge (Chromium-based)
  • Remote Desktop Client

Threat details

Exploitation of vulnerabilities in the wild

Microsoft has stated that exploitation of the following vulnerabilities has been observed. 

  • CVE-2025-24983 - Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
  • CVE-2025-24984 - Windows NTFS Information Disclosure Vulnerability
  • CVE-2025-24985 - Windows Fast FAT File System Driver Remote Code Execution Vulnerability
  • CVE-2025-24991 - Windows NTFS Information Disclosure Vulnerability
  • CVE-2025-24993 - Windows NTFS Remote Code Execution Vulnerability
  • CVE-2025-26633 - Microsoft Management Console Security Feature Bypass Vulnerability

NHS England's National CSOC considers further exploitation as highly likely.

Introduction

Microsoft has released security updates to address 57 vulnerabilities in Microsoft products. Five vulnerabilities are highlighted below, of which two are exploited and three are considered critical.

Vulnerability details

  • CVE-2025-24983 - Windows Win32 Kernel Subsystem Privilege Escalation Vulnerability

CVE-2025-24983 is a 'use-after-free' vulnerability in Windows and Windows Server with a CVSSv3 score of 7.0. Successful exploitation could allow an attacker to escalate privileges and gain SYSTEM privileges. Microsoft reports that this vulnerability is under exploitation.

  • CVE-2025-24993 - Windows NTFS Remote Code Execution Vulnerability

CVE-2025-24993 is a 'heap-based buffer overflow' vulnerability in Windows and Windows Server with a CVSSv3 score of 7.8. Successful exploitation could allow an unauthorised attacker to execute code locally. Microsoft reports that this vulnerability is under exploitation.

  • CVE-2025-24057 - Microsoft Office Remote Code Execution Vulnerability

CVE-2025-24057 is a critical 'heap-based buffer overflow' vulnerability in Microsoft Office, Microsoft 365 Apps, and Office Online Server with a CVSSv3 score of 7.8. The Preview Pane is considered as an attack vector. Successful exploitation could allow an unauthorised attacker to execute arbitrary code (ACE).

  • CVE-2025-26645 - Remote Desktop Client Remote Code Execution Vulnerability

CVE-2025-26645 is a critical 'relative path traversal' vulnerability in Remote Desktop Client, Windows App Client for Windows Desktop, Windows and Windows Server with a CVSSv3 score of 8.8 . Successful exploitation could allow an unauthorised attacker to execute code over a network.

  • CVE-2025-24084 - Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability 

CVE-2025-24084 is a critical 'untrusted pointer dereference' vulnerability in Windows and Windows Server with a CVSSv3 score of 8.4 . Successful exploitation could allow an unauthorised attacker to achieve ACE.

Remediation advice

Affected organisations are encouraged to review Microsoft's March 2025 Security Updates and apply the relevant updates as soon as practicable.

Last edited: 12 March 2025 3:00 pm