Microsoft’s March Security Update: Addressing 57 Vulnerabilities, Including Six Actively Exploited Zero-Days

By /

Listen to this Post

In its regular security patch updates, Microsoft has tackled 57 vulnerabilities across its software products, including six zero-day flaws that have been actively exploited in the wild. These vulnerabilities, which affect various components of Windows, have the potential to cause significant harm if not patched quickly. This update underscores the growing sophistication of cyberattacks and highlights the importance of staying vigilant against evolving threats.

Key Vulnerabilities and Their Impact

On Tuesday, Microsoft released security updates addressing 57 security flaws, with six of them marked as “critical.” These flaws span a range of vulnerabilities, from remote code execution to privilege escalation. Among these, six vulnerabilities have been actively exploited in the wild, posing a heightened risk to users and organizations.

  • Remote Code Execution Vulnerabilities: 23 of the vulnerabilities are classified as remote code execution (RCE), which allows attackers to execute arbitrary code on affected systems, often with elevated privileges. Such flaws can lead to devastating compromises, especially when attackers can exploit them remotely.

  • Privilege Escalation Vulnerabilities: 22 vulnerabilities involve privilege escalation, enabling an attacker to gain higher access rights on a system, potentially leading to the compromise of sensitive data or the full takeover of a machine.

  • Severity Ratings: Of the 57 flaws addressed, six were rated as Critical, 50 as Important, and one as Low in severity. These ratings reflect the level of potential damage and exploitability associated with each vulnerability.

Actively Exploited Zero-Days

Microsoft’s updates also specifically address six zero-day vulnerabilities that are being actively exploited. Zero-day vulnerabilities are flaws that attackers use before the vendor releases a patch, making them particularly dangerous. Below are the key zero-day vulnerabilities:

  • CVE-2025-24983: A use-after-free vulnerability in the Windows Win32 Kernel Subsystem (CVSS score: 7.0) allows attackers to elevate their privileges locally, potentially taking full control of a system.
  • CVE-2025-24984: An information disclosure vulnerability in Windows NTFS (CVSS score: 4.6) that could allow an attacker with physical access to read portions of sensitive memory, especially with a malicious USB drive.
  • CVE-2025-24985: An integer overflow vulnerability in the Windows Fast FAT File System Driver (CVSS score: 7.8), enabling an attacker to execute arbitrary code locally.
  • CVE-2025-24991: An out-of-bounds read vulnerability in Windows NTFS (CVSS score: 5.5), allowing an attacker to disclose information locally.
  • CVE-2025-24993: A heap-based buffer overflow vulnerability in Windows NTFS (CVSS score: 7.8), allowing an attacker to execute malicious code locally.
  • CVE-2025-26633: An improper neutralization vulnerability in Microsoft Management Console (CVSS score: 7.0), which allows attackers to bypass security protections and execute arbitrary code locally.

Among these, CVE-2025-24983 stands out as it was discovered by ESET, which tracked its exploitation using a backdoor called PipeMagic, a trojan targeting specific regions like Asia and Saudi Arabia. The trojan, distributed as a fake ChatGPT app in late 2024, highlights the growing trend of exploiting zero-day vulnerabilities to deliver malware under the guise of legitimate software.

The Exploitation Chain and Emerging Threats

Some vulnerabilities have been identified as part of a chain that attackers can leverage to gain remote code execution and information disclosure. For instance, CVE-2025-24985 and CVE-2025-24993, which affect the core Windows file system components, allow attackers to execute malicious code by creating specially crafted VHD (Virtual Hard Disk) files. These files, typically associated with virtual machines, can be used to smuggle malware into systems via phishing campaigns.

Such attacks can bypass traditional security measures and anti-virus systems, as simply opening or mounting a VHD file could be enough to execute the malicious code embedded within it.

Microsoft’s update also reflects a wider trend in the growing exploitation of vulnerabilities in critical infrastructure, highlighted by the inclusion of these flaws in the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog, which mandates federal agencies to apply these fixes by April 1, 2025.

Other Vendor Patches

Microsoft isn’t alone in pushing out security patches. Other major vendors such as Adobe, Google, Apple, Cisco, and VMware have also issued critical updates for vulnerabilities across their platforms. These updates underscore the ongoing need for regular patching, as cybersecurity threats grow in complexity and scope.

What Undercode Says:

The recent vulnerabilities highlighted by Microsoft show the increasing sophistication of cyber threats, with attackers leveraging zero-day vulnerabilities to target high-value systems and data. The focus on local privilege escalation and code execution vulnerabilities points to the growing risk of ransomware and other forms of malware that can bypass traditional defenses.

  • Critical vulnerabilities are becoming more frequent: The six active zero-days point to a trend where vulnerabilities in critical software components are being discovered and exploited more quickly than ever before.

  • Growing use of social engineering: The use of VHD files in phishing campaigns and the deployment of fake applications like the PipeMagic trojan show that social engineering tactics continue to play a key role in cyberattacks. This emphasizes the importance of security awareness and vigilance, especially when handling email attachments and files from untrusted sources.

  • Risk of chained exploits: The potential for attackers to chain multiple vulnerabilities together for more devastating attacks is a serious concern. Attackers can combine seemingly unrelated flaws to achieve remote code execution or information disclosure, highlighting the need for comprehensive patch management.

  • The importance of timely patching: Given that many of the vulnerabilities patched in this update had already been exploited in the wild, it’s critical that businesses and individuals apply these patches without delay. Delays in patching expose systems to unnecessary risks, especially when flaws are known to be actively exploited.

As cyber threats evolve, security professionals must stay on top of vendor updates, conduct regular vulnerability assessments, and ensure that their systems are resilient against sophisticated exploits.

Fact Checker Results:

  1. Microsoft addressed 57 vulnerabilities, including six zero-day flaws.
  2. Six vulnerabilities, including CVE-2025-24983, have been actively exploited in the wild.
  3. Patch management remains critical in mitigating these newly discovered vulnerabilities, with several related to file system and local privilege escalation exploits.

References:

Reported By: https://thehackernews.com/2025/03/urgent-microsoft-patches-57-security.html
Extra Source Hub:
https://www.instagram.com
Wikipedia
Undercode AI

Image Source:

Pexels
Undercode AI DI v2

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Explore More: