In March 2025, Microsoft unveiled its monthly update, commonly known as Patch Tuesday, which rectifies numerous issues across its diverse platforms, including Windows, Office, Azure, and various other services. This month’s update addresses a total of 57 bugs, among which are seven critical patches for zero-day vulnerabilities, six of which have already seen active exploitation.

As reported by Bleeping Computer, the current updates tackle a mixture of vulnerabilities, including 23 related to privilege escalation, three pertaining to security feature bypasses, 23 involving remote code execution, four concerning information disclosure, one denial of service, and three associated with spoofing. Additionally, patches have been introduced for various vulnerabilities within the Mariner platform and Microsoft Edge.

Overview of March’s Patch Tuesday Fixes

This round of updates includes seven zero-day vulnerabilities that present potential risks before they are officially patched by Microsoft. Of these, six have been actively exploited while one has been exposed publicly, indicating that it is only a matter of time before this threat is also leveraged by malicious actors.

Among the six identified exploits, two (CVE-2025-24985 and CVE-2025-24993) are categorized as remote code execution vulnerabilities. These allow attackers to deceive users into loading a harmful VHD file, subsequently executing code remotely. One vulnerability affects the Windows Fast FAT System Driver, while the other pertains to Windows NTFS.

Furthermore, two other exploits are tied to information disclosure within Windows NTFS. Specifically, CVE-2025-24984 permits individuals with physical device access to read memory contents and extract data via a harmful USB drive, and CVE-2025-24991 exploits the mounting of a compromised VHD file.

Lastly, CVE-2025-24983 is linked to the Windows Win32 Kernel Subsystem, which lets local users escalate their privileges on the device. Another vulnerability, CVE-2025-26633, involves a bypass of security features within the Microsoft Management Console.