Microsoft’s March Patch Tuesday has once again put system administrators in a tight spot, as they now have to address more than 50 new vulnerabilities, including a troubling seven zero-day exploits that are actively being exploited in the wild.
The zero-day vulnerabilities that are currently being exploited include:
– CVE-2025-26633: This vulnerability involves a security feature bypass in Microsoft Management Console and has a CVSS score of 7.0.
– CVE-2025-24993: A remote code execution (RCE) flaw in Windows NTFS with a CVSS score of 7.8.
– CVE-2025-24991: An information disclosure vulnerability in Windows NTFS with a CVSS score of 5.5.
– CVE-2025-24985: Another RCE vulnerability, this time in Windows Fast FAT File System Driver, with a CVSS score of 7.8.
– CVE-2025-24984: An information disclosure bug in Windows NTFS with a CVSS score of 4.6.
– CVE-2025-24983: An elevation of privilege vulnerability in Windows Win32 Kernel Subsystem with a CVSS score of 7.0.
In addition to these actively exploited vulnerabilities, Microsoft has also revealed details about a zero-day vulnerability, CVE-2025-26630, that has been publicly disclosed but not yet exploited. This vulnerability involves a remote code execution flaw in Microsoft Access with a CVSS score of 7.8, marking it as “important.”
Ivanti VP of security product management, Chris Goettl, noted that while the disclosure of CVE-2025-26630 could provide attackers with some information to craft an exploit, the lack of code samples will require them to put in more effort. This vulnerability falls under a slightly higher risk category, but not enough to be classified as critical.
This month’s Patch Tuesday also saw a total of 23 elevation of privilege vulnerabilities and 23 remote code execution vulnerabilities. All six vulnerabilities rated as “critical” were RCE flaws, including CVE-2025-24084, which impacts the Windows Subsystem for Linux (WSL2) kernel.
Rapid7 lead software engineer, Adam Barnett, highlighted the severity of some of these critical vulnerabilities, such as CVE-2025-24084 and CVE-2025-26645. The former could be exploited without any user interaction, while the latter affects the popular remote desktop client (RDP) and could enable threat actors to move laterally within a victim’s network.
Barnett also pointed out the risks associated with connecting to a potentially malicious RDP server, as attackers could exploit CVE-2025-26645 to achieve remote code execution on the client machine without much effort.
In conclusion, this month’s Patch Tuesday has once again highlighted the importance of promptly applying security updates to protect systems from the ever-evolving threat landscape. System administrators are urged to prioritize the patching of these critical vulnerabilities to safeguard their organizations against potential cyber attacks.