Microsoft Patch Tuesday security updates for March 2025 address 56 security vulnerabilities in its products, including six actively exploited zero-days.——————————————————————————————————————————————————–[Microsoft Patch Tuesday security updates for March 2025](https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar) addressed 56 vulnerabilities in Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, Remote Desktop Services, DNS Server, and Hyper-V Server.This Patch Tuesday stands out for the number of actively exploited zero-day vulnerabilities addressed by the IT giant, which totals six.Six vulnerabilities are rated Critical, and 50 are rated Important in severity.*’Of the patches released today, six are rated Critical, and 50 are rated Important in severity. This is nearly identical to the release last month in volume, but the number of actively exploited bugs is extraordinary.’ [reported](https://www.zerodayinitiative.com/blog/2025/3/11/the-march-2025-security-update-review) ZDI. ‘One of these bugs is listed as publicly known, and six(!) others are listed as under active attack at the time of release’*The six vulnerabilities that have been actively exploited in the wild are:* ****[CVE-2025-24983](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983)** (CVSS 7.0):** A use-after-free vulnerability in the Windows Win32 Kernel Subsystem that enables authorized attackers to escalate privileges locally.* ****[CVE-2025-24984](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984)** (CVSS 4.6):** An NTFS information disclosure flaw that lets attackers with physical access and a malicious USB device read portions of heap memory.* ****[CVE-2025-24985](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24985)** (CVSS 7.8):** An integer overflow in the Windows Fast FAT File System Driver allowing unauthorized local code execution.* ****[CVE-2025-24991](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24991)** (CVSS 5.5):** An out-of-bounds read vulnerability in NTFS that permits authorized attackers to access sensitive information.* ****[CVE-2025-24993](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24993)** (CVSS 7.8):** A heap-based buffer overflow in NTFS that allows unauthorized local code execution.* ****[CVE-2025-26633](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26633)** (CVSS 7.0):** An improper neutralization flaw in Microsoft Management Console that lets unauthorized attackers bypass security features locally.ESET researchers, who discovered the vulnerability CVE-2025-24983, reported that the zero-day has been exploited since March 2023. The flaw enables attackers with low privileges to escalate to SYSTEM privileges but requires winning a race condition. The exploit, linked to the [PipeMagic backdoor](https://www.kaspersky.com/about/press-releases/kaspersky-uncovers-pipemagic-backdoor-attacks-businesses-through-fake-chatgpt-application), has targeted unsupported Windows versions like Server 2012 R2 and 8.1 but also affects Windows 10 (build 1809 and earlier) and Server 2016.> [#ESETresearch](https://twitter.com/hashtag/ESETresearch?src=hash&ref_src=twsrc%5Etfw) has discovered a zero day exploit abusing [#CVE](https://twitter.com/hashtag/CVE?src=hash&ref_src=twsrc%5Etfw)-2025-24983 vulnerability in Windows Kernel to elevate privileges ([#LPE](https://twitter.com/hashtag/LPE?src=hash&ref_src=twsrc%5Etfw)). First seen in the wild in March 2023, the exploit was deployed through [#PipeMagic](https://twitter.com/hashtag/PipeMagic?src=hash&ref_src=twsrc%5Etfw) backdoor on the compromised machines. 1/4 [pic.twitter.com/qCOgYiltfs](https://t.co/qCOgYiltfs)> — ESET Research (@ESETresearch) [March 11, 2025](https://twitter.com/ESETresearch/status/1899508656258875756?ref_src=twsrc%5Etfw)The full list of vulnerabilities addressed by Microsoft Patch Tuesday security updates for March 2025 is available [here](https://www.zerodayinitiative.com/blog/2025/3/11/the-march-2025-security-update-review).Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [**Mastodon**](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, Microsoft Patch Tuesday)**
Related Tags:
CVE-2025-26633
CVE-2025-24984
CVE-2025-24985
CVE-2025-24991
CVE-2025-24993
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 335 – Electrical Equipment
Appliance
Component Manufacturing
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
Associated Indicators: