102/68 Friday, March 14, 2025
Microsoft has released its March 2025 Patch Tuesday security update, addressing a total of 56 vulnerabilities across various products, including Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, Remote Desktop Services, DNS Server, and Hyper-V Server. Among these, six zero-day vulnerabilities have been actively exploited in attacks.
Details of the Exploited Zero-Day Vulnerabilities:
- CVE-2025-24983 (CVSS 7.0) – A Use-After-Free vulnerability in the Windows Win32 Kernel Subsystem that allows authenticated attackers to escalate privileges within the system.
- CVE-2025-24984 (CVSS 4.6) – An Information Disclosure vulnerability in NTFS that enables attackers with physical access to extract heap memory data using a malicious USB device.
- CVE-2025-24985 (CVSS 7.8) – An Integer Overflow vulnerability in the Windows Fast FAT File System Driver, allowing unauthorized code execution within the system.
- CVE-2025-24991 (CVSS 5.5) – An Out-of-Bounds Read vulnerability in NTFS that grants authorized attackers access to sensitive information.
- CVE-2025-24993 (CVSS 7.8) – A Heap-Based Buffer Overflow vulnerability in NTFS, which could enable unauthorized code execution within the system.
- CVE-2025-26633 (CVSS 7.0) – An Improper Neutralization vulnerability in Microsoft Management Console (MMC), allowing attackers to bypass security measures within the system.
CVE-2025-24983 was discovered by researchers at ESET and has been exploited in attacks since March 2023 through the PipeMagic Backdoor malware, primarily targeting unsupported Windows versions such as Server 2012 R2 and Windows 8.1. It also affects Windows 10 (Build 1809 and earlier) and Windows Server 2016.
Administrators are strongly advised to apply the latest security patches as soon as possible to mitigate the risk of exploitation from these vulnerabilities.
