Microsoft Patches 6 Actively Exploited Zero-Days, 57 Total Security Flaws

Written by USA Cyber | Mar 13, 2025 1:00:00 PM

In its March 2025 Patch Tuesday release, Microsoft addressed 57 security vulnerabilities, including six zero-day flaws actively exploited in the wild. This update underscores Microsoft's ongoing commitment to fortifying its software ecosystem against emerging threats. Notably, this release follows February's Patch Tuesday, which addressed 67 vulnerabilities, including four zero-day exploits, highlighting a consistent trend in addressing critical security issues.

These are high priority patches you should apply immediately. Learn what is impacted and how you can take quick action to protect yourself and your business.

Breakdown of March 2025 Vulnerabilities:

Critical: 6
Important: 50
Low: 1

Actively Exploited Zero-Day Vulnerabilities:

These are the six important zero-day vulnerabilities addressed in this update:

Vulnerability	Impacted Software	Description
CVE-2025-24983	Multiple versions of Windows 10, 11 & Windows Server	A use-after-free vulnerability in the Windows Win32 Kernel Subsystem, allowing local privilege escalation.
CVE-2025-24984	Multiple versions of Windows 10, 11 & Windows Server	An information disclosure flaw in Windows NTFS, enabling attackers with physical access to read portions of heap memory via a malicious USB device.
CVE-2025-24985	Multiple versions of Windows 10, 11 & Windows Server	An integer overflow in the Windows Fast FAT File System Driver, permitting local code execution.
CVE-2025-24991	Multiple versions of Windows 10, 11 & Windows Server	An out-of-bounds read in Windows NTFS, leading to local information disclosure.
CVE-2025-24993	Multiple versions of Windows 10, 11 & Windows Server	A heap-based buffer overflow in Windows NTFS, allowing local code execution.
CVE-2025-26633	Multiple versions of Windows 10, 11 & Windows Server	A security feature bypass in Microsoft Management Console (MMC), enabling attackers to evade file reputation protections and execute code in the context of the current user.

Microsoft has officially acknowledged the vulnerabilities and urges immediate patching for affected systems. For detailed information, and official documentation, see Microsoft's March 2025 Security Update Release Notes.

What This Means, and What to Do Next

These vulnerabilities are widespread and impact nearly every type of windows software. The six zero-day vulnerabilities are especially dangerous, and it is important that all impacted organizations and users take immediate action to protect their systems from exploitation.

Fortunately, applying the required patches is a relatively straightforward process. Your first step is to contact your IT and Cybersecurity lead, and ensure the proper steps are being taken.

No Cybersecurity Team? Here are the Immediate Steps to Take

Apply Microsoft’s Security Patches Now
- Download updates via Windows Update in Windows or Windows Update Online
Verify and Monitor for Exploitation Signs
- Use Microsoft Defender Threat Intelligence to check for indicators of compromise.
- Check Windows Event Logs for abnormal activity related to affected services.
Ensure you're following Cybersecurity best practices
- Require multi-factor authentication (MFA) for all privileged accounts.
- Deploy advanced threat detection tools to monitor for unusual activity.
- Conduct an Internal Security Audit by auditing system logs for unauthorized access attempts.
- Work with a professional Cybersecurity team to ensure your business is fully protected.

Microsoft’s Official Patch Resources

Learn More About Expert Cybersecurity Services From USA Cyber

View full post