Yesterday was Microsoft’s Patch Tuesday for March, which brought security updates that addressed 58 new vulnerabilities. According to the company, six of the vulnerabilities in Windows are already being exploited and attacked in the wild. Another vulnerability in Office was already publicly known as well.
Microsoft offers sparse details on the vulnerabilities in their Security Update Guide. Fortunately, Dustin Childs dives into the patch with lots more details on the Trend Micro ZDI blog, always with an eye for admins who manage corporate networks.
The next scheduled Patch Tuesday will be on April 8, 2025.
Windows security flaws addressed
A large number of the patched vulnerabilities — 37 of them this time — are spread across various Windows versions, including Windows Server, 10, and 11, for which Microsoft still offers security updates. (Remember, official support for Windows 10 is ending later this year!)
With Windows 7 and 8.1 no longer receiving security updates, they’re growing increasingly more vulnerable to security threats. If your hardware allows for it, you should switch to Windows 10 (22H2) or Windows 11 (24H2) to continue receiving security updates.
Windows under attack
According to Microsoft, there are already attacks on six of the Windows security vulnerabilities addressed in the patch. However, Microsoft doesn’t classify any of them as critical. It’s generally not known how widespread the attacks on these vulnerabilities currently are. Microsoft doesn’t provide any information on that.
According to Dustin Childs, the vulnerability CVE-2025-26633 in the Microsoft Management Console (MMC) is being used by the ATP group EncryptHub (aka Larva-208) for targeted attacks. The perpetrators have already successfully attacked more than 600 organizations. The flaw is in the handling of MSC files, which attackers can use to bypass security mechanisms and execute code with user rights.
If you mount a specially crafted virtual hard drive (VHD) file, there’s also an exploit for vulnerabilities CVE-2025-24993 and CVE-2025-24985. While one RCE (Remote Code Execution) vulnerability affects the NTFS file system, the other is in the driver for the FAT file system. In combination with an EoP (Elevation of Privilege) vulnerability, an attacker could take over the entire system.
If a logged-in user can be tricked into executing a specially crafted program that exploits CVE-2025-24983 in the Win32 kernel subsystem, code with system privileges can be executed. In combination with an RCE exploit, this could lead to a system takeover.
Critical Windows vulnerabilities
Microsoft classifies five RCE vulnerabilities in Windows as critical, which have not yet been attacked. Two vulnerabilities in the Remote Desktop Services — CVE-2025-24035 and CVE-2025-24045 — appear to be particularly problematic. An attacker would only need to connect to a vulnerable RDS gateway in order to inject and execute code.
Microsoft Office security flaws addressed
Microsoft has fixed 11 vulnerabilities in its Office products and services, all of which are RCE vulnerabilities. The vulnerability CVE-2025-26630 in Access stands out as it was already publicly known in advance (zero-day vulnerability). However, the only vulnerability identified as critical is CVE-2025-24057, which can probably affect all Office apps. There are three RCE vulnerabilities each in Word and Excel.
Microsoft Edge security flaws addressed
The latest security update for Microsoft’s Edge browser is version 134.0.3124.51 from March 6, based on Chromium 134.0.6998.45. It fixes an Edge-specific security vulnerability (CVE-2025-26643). Google later released a new security update for Chrome (version 134.0.6998.89) on March 10, which fixed a zero-day vulnerability.
This article originally appeared on our sister publication PC-WELT and was translated and localized from German.
