March 2025 Patch Tuesday Updates Fix 6 Zero-Day Flaws

Microsoft’s March 2025 Patch Tuesday updates fix 67 vulnerabilities, including six zero-day flaws.

Published: Mar 12, 2025

Windows 11 2022 Update

SHARE ARTICLE

Key Takeaways:

  • Microsoft’s March 2025 Patch Tuesday updates address 67 vulnerabilities.
  • Microsoft has fixed six zero-day flaws affecting Windows, Office, Azure, .NET, Visual Studio, and other key services.
  • Windows 11 users get improvements in File Explorer, Narrator, and Windows Spotlight.

Microsoft has rolled out the March 2025 Patch Tuesday updates for Windows 11 and Windows 10, addressing critical security threats. This month’s release patches six zero-day vulnerabilities impacting key services, including Windows, Office, Azure, .NET, Visual Studio, Remote Desktop Services, DNS Server, and Hyper-V Server.

This update introduces new features and improvements for Windows 11 users on versions 24H2, 23H2, and 22H2. It includes minor enhancements to File Explorer, Narrator, and Windows Spotlight for a smoother user experience.

67 vulnerabilities fixed in the March 2025 Patch Tuesday updates

As pointed out by Zero Day Initiative, the March 2025 Patch Tuesday Updates fix a total of 67 vulnerabilities, with six of them rated Critical, and 50 are rated Important in severity. Here are the most critical vulnerabilities fixed with this month’s Patch Tuesday updates:

  • CVE-2025-24993: This is a heap-based buffer overflow vulnerability that affects the New Technology File System (NTFS) file system in Windows 11, Windows 10, Windows Server 2008 and later. This security flaw allows hackers to perform remote code execution on the target system.
  • CVE-2025-24991: This is an information disclosure vulnerability in NTFS with a CVSS score of 5.5. This bug allows hackers to perform an out-of-bounds read to access data on the target system. It requires attackers to trick the user into mounting a malicious virtual hard disk to trigger the vulnerability.
  • CVE-2025-24983: This is a Windows Win32 Kernel Subsystem privilege escalation vulnerability with a CVSS score of 7.0. An attacker could exploit it to elevate privileges to the system level and execute malicious code on an affected machine.
  • CVE-2025-24984: This 4.6-rated vulnerability requires hackers to physically plug in a malicious USB drive to a target computer.
  • CVE-2025-24985: This is a zero-day flaw in the Windows Fast FAT File System Driver with a CVSS score of 7.8. It requires cybercriminals to convince a local user to mount a specially crafted VHD. This bug could potentially be chained together with a privilege escalation flaw to gain complete control over the system.
  • CVE-2025-26633: This is an actively exploited security feature bypass vulnerability in the Microsoft Management Console (MMC) that targets both Windows desktop and server systems.
  • CVS-2025-24064: This is a remote code execution flaw in the Windows Domain Name Service that could be exploited by sending a “perfectly timed” dynamic DNS update message.

You can find the full list of CVEs included in this month’s Patch Tuesday below:

ProductImpactMax SeverityArticleDownloadDetails
Windows Server 2016 (Server Core installation)Elevation of PrivilegeImportant5052006Security UpdateCVE-2025-26634
Windows Server 2016Elevation of PrivilegeImportant5052006Security UpdateCVE-2025-26634
Windows 10 Version 1607 for x64-based SystemsElevation of PrivilegeImportant5052006Security UpdateCVE-2025-26634
Windows 10 Version 1607 for 32-bit SystemsElevation of PrivilegeImportant5052006Security UpdateCVE-2025-26634
Windows 10 for x64-based SystemsElevation of PrivilegeImportant5052040Security UpdateCVE-2025-26634
Windows 10 for 32-bit SystemsElevation of PrivilegeImportant5052040Security UpdateCVE-2025-26634
Windows Server 2025Elevation of PrivilegeImportant5051987Security UpdateCVE-2025-26634
Windows 11 Version 24H2 for x64-based SystemsElevation of PrivilegeImportant5051987Security UpdateCVE-2025-26634
Windows 11 Version 24H2 for ARM64-based SystemsElevation of PrivilegeImportant5051987Security UpdateCVE-2025-26634
Windows Server 2022, 23H2 Edition (Server Core installation)Elevation of PrivilegeImportant5051980Security UpdateCVE-2025-26634
Windows 11 Version 23H2 for x64-based SystemsElevation of PrivilegeImportant5051989Security UpdateCVE-2025-26634
Windows 11 Version 23H2 for ARM64-based SystemsElevation of PrivilegeImportant5051989Security UpdateCVE-2025-26634
Windows Server 2025 (Server Core installation)Elevation of PrivilegeImportant5051987Security UpdateCVE-2025-26634
Windows 10 Version 22H2 for 32-bit SystemsElevation of PrivilegeImportant5051974Security UpdateCVE-2025-26634
Windows 10 Version 22H2 for ARM64-based SystemsElevation of PrivilegeImportant5051974Security UpdateCVE-2025-26634
Windows 10 Version 22H2 for x64-based SystemsElevation of PrivilegeImportant5051974Security UpdateCVE-2025-26634
Windows 11 Version 22H2 for x64-based SystemsElevation of PrivilegeImportant5051989Security UpdateCVE-2025-26634
Windows 11 Version 22H2 for ARM64-based SystemsElevation of PrivilegeImportant5051989Security UpdateCVE-2025-26634
Windows 10 Version 21H2 for x64-based SystemsElevation of PrivilegeImportant5051974Security UpdateCVE-2025-26634
Windows 10 Version 21H2 for ARM64-based SystemsElevation of PrivilegeImportant5051974Security UpdateCVE-2025-26634
Windows 10 Version 21H2 for 32-bit SystemsElevation of PrivilegeImportant5051974Security UpdateCVE-2025-26634
Windows Server 2022 (Server Core installation)Elevation of PrivilegeImportant5051979Security UpdateCVE-2025-26634
Windows Server 2022Elevation of PrivilegeImportant5051979Security UpdateCVE-2025-26634
Windows Server 2019 (Server Core installation)Elevation of PrivilegeImportant5052000Security UpdateCVE-2025-26634
Windows Server 2019Elevation of PrivilegeImportant5052000Security UpdateCVE-2025-26634
Windows 10 Version 1809 for x64-based SystemsElevation of PrivilegeImportant5052000Security UpdateCVE-2025-26634
Windows 10 Version 1809 for 32-bit SystemsElevation of PrivilegeImportant5052000Security UpdateCVE-2025-26634
Windows Server 2019 (Server Core installation)Remote Code ExecutionCritical5053596Security UpdateCVE-2025-26645
Windows Server 2019Remote Code ExecutionCritical5053596Security UpdateCVE-2025-26645
Windows 10 Version 1809 for x64-based SystemsRemote Code ExecutionCritical5053596Security UpdateCVE-2025-26645
Windows 10 Version 1809 for 32-bit SystemsRemote Code ExecutionCritical5053596Security UpdateCVE-2025-26645
Windows App Client for Windows DesktopRemote Code ExecutionCriticalRelease NotesSecurity UpdateCVE-2025-26645
Windows Server 2012 R2 (Server Core installation)Security Feature BypassImportant5053887Monthly RollupCVE-2025-26633
Windows Server 2012 R2Security Feature BypassImportant5053887Monthly RollupCVE-2025-26633
Windows Server 2012 (Server Core installation)Security Feature BypassImportant5053886Monthly RollupCVE-2025-26633
Windows Server 2012Security Feature BypassImportant5053886Monthly RollupCVE-2025-26633
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Information DisclosureImportant5053620Monthly RollupCVE-2025-24992
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Information DisclosureImportant5053627Security OnlyCVE-2025-24992
Windows Server 2008 R2 for x64-based Systems Service Pack 1Information DisclosureImportant5053620Monthly RollupCVE-2025-24992
Windows Server 2008 R2 for x64-based Systems Service Pack 1Information DisclosureImportant5053627Security OnlyCVE-2025-24992
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Information DisclosureImportant5053888Monthly RollupCVE-2025-24992
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Information DisclosureImportant5053995Security OnlyCVE-2025-24992
Windows Server 2008 for x64-based Systems Service Pack 2Information DisclosureImportant5053888Monthly RollupCVE-2025-24992
Windows Server 2008 for x64-based Systems Service Pack 2Information DisclosureImportant5053995Security OnlyCVE-2025-24992
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Information DisclosureImportant5053888Monthly RollupCVE-2025-24992
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Information DisclosureImportant5053995Security OnlyCVE-2025-24992
Windows Server 2016 (Server Core installation)Elevation of PrivilegeImportant5053594Security UpdateCVE-2025-24983
Windows Server 2016Elevation of PrivilegeImportant5053594Security UpdateCVE-2025-24983
Windows 10 Version 1607 for x64-based SystemsElevation of PrivilegeImportant5053594Security UpdateCVE-2025-24983
Windows 10 Version 1607 for 32-bit SystemsElevation of PrivilegeImportant5053594Security UpdateCVE-2025-24983
Windows 10 for x64-based SystemsElevation of PrivilegeImportant5053618Security UpdateCVE-2025-24983
Windows 10 for 32-bit SystemsElevation of PrivilegeImportant5053618Security UpdateCVE-2025-24983
Windows Server 2025Remote Code ExecutionCritical5053598Security UpdateCVE-2025-24084
Windows Server 2025Remote Code ExecutionCritical5053636SecurityHotpatchUpdateCVE-2025-24084
Windows 11 Version 24H2 for x64-based SystemsRemote Code ExecutionCritical5053598Security UpdateCVE-2025-24084
Windows 11 Version 24H2 for x64-based SystemsRemote Code ExecutionCritical5053636SecurityHotpatchUpdateCVE-2025-24084
Windows 11 Version 24H2 for ARM64-based SystemsRemote Code ExecutionCritical5053598Security UpdateCVE-2025-24084
Windows 11 Version 24H2 for ARM64-based SystemsRemote Code ExecutionCritical5053636SecurityHotpatchUpdateCVE-2025-24084
Windows Server 2022, 23H2 Edition (Server Core installation)Remote Code ExecutionCritical5053599Security UpdateCVE-2025-24084
Windows Server 2022SpoofingImportant5053603Security UpdateCVE-2025-24071
Windows Server 2022SpoofingImportant5053638SecurityHotpatchUpdateCVE-2025-24071
Windows 11 Version 23H2 for ARM64-based SystemsInformation DisclosureImportant5053602Security UpdateCVE-2025-24055
Windows Server 2025 (Server Core installation)Information DisclosureImportant5053598Security UpdateCVE-2025-24055
Windows Server 2025 (Server Core installation)Information DisclosureImportant5053636SecurityHotpatchUpdateCVE-2025-24055
Windows 10 Version 22H2 for 32-bit SystemsInformation DisclosureImportant5053606Security UpdateCVE-2025-24055
Windows 10 Version 22H2 for ARM64-based SystemsInformation DisclosureImportant5053606Security UpdateCVE-2025-24055
Windows 10 Version 22H2 for x64-based SystemsInformation DisclosureImportant5053606Security UpdateCVE-2025-24055
Windows 11 Version 22H2 for x64-based SystemsInformation DisclosureImportant5053602Security UpdateCVE-2025-24055
Windows 11 Version 22H2 for ARM64-based SystemsInformation DisclosureImportant5053602Security UpdateCVE-2025-24055
Windows 10 Version 21H2 for x64-based SystemsInformation DisclosureImportant5053606Security UpdateCVE-2025-24055
Windows 10 Version 21H2 for ARM64-based SystemsInformation DisclosureImportant5053606Security UpdateCVE-2025-24055
Windows 10 Version 21H2 for 32-bit SystemsInformation DisclosureImportant5053606Security UpdateCVE-2025-24055
Windows Server 2022 (Server Core installation)Information DisclosureImportant5053603Security UpdateCVE-2025-24055
Windows Server 2022 (Server Core installation)Information DisclosureImportant5053638SecurityHotpatchUpdateCVE-2025-24055
Microsoft Office LTSC for Mac 2024Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2025-24083
Microsoft Office LTSC 2024 for 64-bit editionsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2025-24083
Microsoft Office LTSC 2024 for 32-bit editionsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2025-24083
Microsoft Office LTSC 2021 for 32-bit editionsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2025-24083
Microsoft Office LTSC 2021 for 64-bit editionsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2025-24083
Microsoft Office LTSC for Mac 2021Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2025-24083
Windows Server 2008 for 32-bit Systems Service Pack 2Remote Code ExecutionCritical5053888Monthly RollupCVE-2025-26645
Windows Server 2008 for 32-bit Systems Service Pack 2Remote Code ExecutionCritical5053995Security OnlyCVE-2025-26645
Windows 11 Version 23H2 for x64-based SystemsRemote Code ExecutionCritical5053602Security UpdateCVE-2025-26645
Remote Desktop client for Windows DesktopRemote Code ExecutionCriticalRelease NotesSecurity UpdateCVE-2025-26645
Visual Studio CodeElevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2025-26631
Microsoft Access 2016 (64-bit edition)Remote Code ExecutionImportant5002697Security UpdateCVE-2025-26630
Microsoft Access 2016 (32-bit edition)Remote Code ExecutionImportant5002697Security UpdateCVE-2025-26630
Microsoft 365 Apps for Enterprise for 64-bit SystemsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2025-26630
Microsoft 365 Apps for Enterprise for 32-bit SystemsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2025-26630
Microsoft Office 2019 for 64-bit editionsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2025-26630
Microsoft Office 2019 for 32-bit editionsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2025-26630
Azure ARCElevation of PrivilegeImportantWhat’s newSecurity UpdateCVE-2025-26627
Azure CLIElevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2025-24049
Microsoft Excel 2016 (64-bit edition)Remote Code ExecutionImportant5002696Security UpdateCVE-2025-24075
Microsoft Excel 2016 (32-bit edition)Remote Code ExecutionImportant5002696Security UpdateCVE-2025-24075
Office Online ServerRemote Code ExecutionImportant5002690Security UpdateCVE-2025-24075
Azure Agent for BackupElevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2025-21199
Azure Agent for Site RecoveryElevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2025-21199
Windows Server 2012 R2 (Server Core installation)Security Feature BypassImportant5053593IE CumulativeCVE-2025-21247
Windows Server 2012 R2Security Feature BypassImportant5053593IE CumulativeCVE-2025-21247
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Security Feature BypassImportant5053593IE CumulativeCVE-2025-21247
Windows Server 2008 R2 for x64-based Systems Service Pack 1Security Feature BypassImportant5053593IE CumulativeCVE-2025-21247
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Security Feature BypassImportant5053593IE CumulativeCVE-2025-21247
Windows Server 2008 for 32-bit Systems Service Pack 2Security Feature BypassImportant5053593IE CumulativeCVE-2025-21247
Microsoft Visual Studio 2022 version 17.13Elevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2025-25003
Microsoft Visual Studio 2022 version 17.12Elevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2025-25003
Microsoft Visual Studio 2022 version 17.10Elevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2025-25003
Microsoft Visual Studio 2022 version 17.8Elevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2025-25003
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10)Elevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2025-25003
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8)Elevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2025-24998
Azure promptflow-toolsRemote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2025-24986
Azure promptflow-coreRemote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2025-24986
Microsoft Office 2016 (64-bit edition)Remote Code ExecutionImportant5002693Security UpdateCVE-2025-24083
Microsoft Office 2016 (32-bit edition)Remote Code ExecutionImportant5002693Security UpdateCVE-2025-24083
Microsoft Excel 2016 (64-bit edition)Remote Code ExecutionImportant5002694Security UpdateCVE-2025-24081
Microsoft Excel 2016 (32-bit edition)Remote Code ExecutionImportant5002694Security UpdateCVE-2025-24081
Microsoft Word 2016 (64-bit edition)Remote Code ExecutionImportant5002662Security UpdateCVE-2025-24079
Microsoft Word 2016 (32-bit edition)Remote Code ExecutionImportant5002662Security UpdateCVE-2025-24079
ASP.NET Core 9.0Elevation of PrivilegeImportant5054230Security UpdateCVE-2025-24070
ASP.NET Core 8.0Elevation of PrivilegeImportant5054229Security UpdateCVE-2025-24070
WinDbgRemote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2025-24043

Quality and experience updates

Microsoft released the KB5053598 and KB5053602 updates for users running Windows 11 version 24H2 as well as Windows 11 versions 23H2 and 22H2, respectively. This release brings a couple of new capabilities for all supported versions of the operating system, including a new multi-app camera feature.

There is also a new home page with cards that allow users to view device information and accessibility features available on managed PCs. Commercial customers can also access a card showing details of all Microsoft account types in use, but this feature is exclusive to Windows 11 version 22H2 Enterprise and Education editions.

Additionally, Microsoft released the KB5053606 patch for Windows 10 version 22H2. This update brings security fixes and improvements for Windows 10 devices. However, users who have certain Citrix components installed might be unable to install the January 2025 Windows security update on their machines.

Windows Update testing and best practices

Microsoft advises organizations to conduct comprehensive testing before deploying monthly patches in production environments. This is crucial as it helps to ensure that the updates do not cause any unexpected issues or disruptions to the systems. However, IT administrators should not delay deployment to the extent that it exposes the organization to increased risk.

A recommended best practice is to back up systems before applying updates to minimize unexpected post-update issues. This approach helps enterprise customers to ensure minimal downtime and disruption to critical operations.

There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.

SHARE ARTICLE