6 Zero-Day Vulnerabilities and 10 High-Risk Security Flaws

Published:

spot_img

Microsoft Patch Tuesday Update – March 2025: Critical Vulnerabilities and Fixes

Microsoft’s March 2025 Patch Tuesday: Urgent Fixes for Zero-Day Vulnerabilities

In a critical update released on March 2025, Microsoft has addressed six actively exploited zero-day vulnerabilities, alongside an additional ten high-risk flaws, as part of its monthly Patch Tuesday initiative. This comprehensive update resolves a total of 57 Microsoft Common Vulnerabilities and Exposures (CVEs) and republishes ten non-Microsoft CVEs, including nine related to Google Chrome and one from Synaptics.

Among the six zero-days, vulnerabilities vary in severity from 4.6 to a staggering 7.8 on the Common Vulnerability Scoring System (CVSS:3.1). Notably, CVE-2025-24985, a 7.8-rated Remote Code Execution (RCE) vulnerability in the Windows Fast FAT File System Driver, poses a significant risk, requiring an attacker to deceive a local user into mounting a malicious virtual hard disk (VHD). Another critical flaw, CVE-2025-24983, allows elevation of privilege within the Windows Win32 Kernel Subsystem, potentially granting attackers SYSTEM-level access.

The Cybersecurity and Infrastructure Security Agency (CISA) has promptly added these vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, underscoring the urgency for users to apply these patches immediately.

In addition to the zero-days, Microsoft has flagged ten other vulnerabilities as "more likely" to be exploited, with severity ratings ranging from 4.3 to 8.1. These include critical flaws in Windows Remote Desktop Services and various security feature bypass vulnerabilities.

As organizations and individuals rush to secure their systems, other vendors have also joined the Patch Tuesday fray, releasing their own updates to address vulnerabilities. Cybersecurity experts urge all users to prioritize these updates to safeguard against potential attacks in an increasingly perilous digital landscape.

spot_img

Related articles

Recent articles

Consolidation Strengthens Cybersecurity in the MENA Region Amid Rising Threats

Consolidation Strengthens cybersecurity in the MENA Region Amid Rising Threats Cybersecurity leaders are navigating an increasingly complex landscape, facing mounting pressure from regulatory bodies, evolving...

Windows Bind Link Attacks Strengthen Evasion Techniques Against EDR Tools

Windows Bind Link Attacks Strengthen Evasion Techniques Against EDR Tools Recent research from Bitdefender has unveiled critical vulnerabilities in Windows' bind link feature, demonstrating how...

Malicious AI Models Surge on Dark Web: WormGPT, FraudGPT, and the Rise of Unrestricted Cybercrime Tools

Malicious AI Models Surge on Dark Web: WormGPT, FraudGPT, and the Rise of Unrestricted Cybercrime Tools The emergence of malicious AI models on the dark...

Cabinet Approves ₹1.27 Lakh Crore Semicon 2.0 to Strengthen India’s Semiconductor Ecosystem

Cabinet Approves ₹1.27 Lakh Crore Semicon 2.0 to Strengthen India's Semiconductor Ecosystem The Union Cabinet of India, led by Prime Minister Narendra Modi, has officially...