6 Zero-Day Vulnerabilities and 10 High-Risk Security Flaws

Published:

spot_img

Microsoft Patch Tuesday Update – March 2025: Critical Vulnerabilities and Fixes

Microsoft’s March 2025 Patch Tuesday: Urgent Fixes for Zero-Day Vulnerabilities

In a critical update released on March 2025, Microsoft has addressed six actively exploited zero-day vulnerabilities, alongside an additional ten high-risk flaws, as part of its monthly Patch Tuesday initiative. This comprehensive update resolves a total of 57 Microsoft Common Vulnerabilities and Exposures (CVEs) and republishes ten non-Microsoft CVEs, including nine related to Google Chrome and one from Synaptics.

Among the six zero-days, vulnerabilities vary in severity from 4.6 to a staggering 7.8 on the Common Vulnerability Scoring System (CVSS:3.1). Notably, CVE-2025-24985, a 7.8-rated Remote Code Execution (RCE) vulnerability in the Windows Fast FAT File System Driver, poses a significant risk, requiring an attacker to deceive a local user into mounting a malicious virtual hard disk (VHD). Another critical flaw, CVE-2025-24983, allows elevation of privilege within the Windows Win32 Kernel Subsystem, potentially granting attackers SYSTEM-level access.

The Cybersecurity and Infrastructure Security Agency (CISA) has promptly added these vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, underscoring the urgency for users to apply these patches immediately.

In addition to the zero-days, Microsoft has flagged ten other vulnerabilities as "more likely" to be exploited, with severity ratings ranging from 4.3 to 8.1. These include critical flaws in Windows Remote Desktop Services and various security feature bypass vulnerabilities.

As organizations and individuals rush to secure their systems, other vendors have also joined the Patch Tuesday fray, releasing their own updates to address vulnerabilities. Cybersecurity experts urge all users to prioritize these updates to safeguard against potential attacks in an increasingly perilous digital landscape.

spot_img

Related articles

Recent articles

Malicious AI Models Surge on Dark Web: WormGPT, FraudGPT, and the Rise of Unrestricted Cybercrime Tools

Malicious AI Models Surge on Dark Web: WormGPT, FraudGPT, and the Rise of Unrestricted Cybercrime Tools The emergence of malicious AI models on the dark...

Cabinet Approves ₹1.27 Lakh Crore Semicon 2.0 to Strengthen India’s Semiconductor Ecosystem

Cabinet Approves ₹1.27 Lakh Crore Semicon 2.0 to Strengthen India's Semiconductor Ecosystem The Union Cabinet of India, led by Prime Minister Narendra Modi, has officially...

TuxBot v3 Evolution Reveals LLM-Assisted IoT Botnet Development with Enhanced Capabilities

TuxBot v3 Evolution Reveals LLM-Assisted IoT Botnet Development with Enhanced Capabilities Recent cybersecurity research has unveiled a new Internet-of-Things (IoT) botnet framework known as TuxBot...

Hackers Expose 19,000 Files, Including Nuclear Blueprints, from India’s Largest Plant on Dark Web

Hackers Expose 19,000 Files, Including Nuclear Blueprints, from India's Largest Plant on Dark Web A significant cybersecurity breach has emerged involving the Kudankulam Nuclear Power...