Microsoft Security Update Summary (March 11, 2025)

Posted on 2025-03-12 by guenni

Update[German]Microsoft released security updates for Windows clients and servers, Office and other products on March 11, 2025. The security updates eliminate 56 vulnerabilities (CVEs), seven of which were classified as 0-day. Six vulnerabilities are already under attack. Below is a compact overview of the updates that were released on Patchday.

Advertising

Notes on the updates

A list of the updates can be found on this Microsoft page. Details on the update packages for Windows, Office etc. are available in separate blog posts.

Windows 10/11, Windows Server

All Windows 10/11 updates (as well as the updates of the server counterparts) are cumulative. The monthly patchday update contains all security fixes for these Windows versions – as well as all non-security fixes up to the patchday. In addition to the security patches for the vulnerabilities, the updates also contain fixes to correct errors or new features.

Windows Server 2012 R2

An ESU license is required for Windows Server 2012 /R2 to receive further security updates (Windows Server 2012/R2 gets Extended Security Updates (ESU) until October 2026).

Fixed vulnerabilities

Tenable has published this blog post with an overview of the vulnerabilities that have been fixed. Here are some of the critical vulnerabilities that have been fixed:

  • CVE-2025-26633: Microsoft Management Console Security Feature Bypass Vulnerability, CVEv3 Score 7.0, important; An attacker could exploit this vulnerability by tricking a potential target with standard user or administrator privileges into opening a malicious file. According to Microsoft, CVE-2025-26633 has been exploited as a zero-day in the wild.
  • CVE-2025-24985: Windows Fast FAT File System Driver Remote Code Execution vulnerability, CVEv3 Score 7.8, important; A local attacker could exploit this vulnerability by tricking a potential target into mounting a specially crafted virtual hard disk (VHD). Successful exploitation would allow the attacker to execute arbitrary code. According to Microsoft, CVE-2025-24985 has been exploited in the wild as a zero-day.
  • CVE-2025-24044 and CVE-2025-24983: Windows Win32 Kernel Subsystem Elevation of Privilege vulnerabilities, CVEv3 score 7.0 – 7.8, important; A local, authenticated attacker would need to win a race condition to exploit CVE-2025-24983. Successful exploitation of either vulnerability would allow the attacker to gain SYSTEM privileges. According to Microsoft, CVE-2025-24983 has been exploited in the wild as a zero-day. While CVE-2025-24044 was not exploited, Microsoft classified this vulnerability as "Exploitation More Likely" according to Microsoft's Exploitability Index.
  • CVE-2025-24993: Windows NTFS Remote Code Execution vulnerability, CVEv3 Score 7.8, important; According to Microsoft, a heap-based buffer overflow can be exploited to execute arbitrary code on an affected system. To exploit this vulnerability, an attacker must trick a local user into mounting a manipulated VHD. According to Microsoft, this vulnerability has already been exploited as a zero-day.
  • CVE-2025-24984, CVE-2025-24991, CVE-2025-24992: Windows NTFS Information Disclosure vulnerability, CVEv3 Score 4.6 – 5.5, important; All three vulnerabilities can be exploited through physical attacks, for example, by an attacker using a malicious USB drive or tricking a local user into mounting a tampered VHD.
  • CVE-2025-26630: Microsoft Access Remote Code Execution vulnerability, CVEv3 Score 7.8, important; An attacker could exploit this vulnerability by using social engineering to trick a potential target into downloading a malicious file and executing it on their system. Successful exploitation would allow the attacker to execute arbitrary code. CVE-2025-26630 is considered a zero-day vulnerability as it was publicly disclosed before a patch was available.
  • CVE-2025-24035, CVE-2025-24045: Windows Remote Desktop Services Remote Code Execution important, CVEv3 Score 7.0-7.8, important; To exploit these vulnerabilities, an attacker must be able to gain a race condition. Despite this requirement, Microsoft classified both vulnerabilities as "Exploitation More Likely".

A list of all discovered CVEs can be found on this Microsoft site, excerpts are available at Tenable.

Advertising

Similar articles:
Microsoft Security Update Summary (March 11, 2025)
Patchday: Windows 10/11 Updates (March 11, 2025)
Patchday: Windows Server-Updates (March 11, 2025)
Patchday: Microsoft Office Updates (March 11, 2025)

Advertising
This entry was posted in Office, Security, Software, Update, Windows and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).