Full Report
More than three-quarters of the vulnerabilities covered in the vendor’s monthly Patch Tuesday update are high-severity flaws. The post Microsoft patches 57 vulnerabilities, including 6 zero-days appeared first on CyberScoop.
Analysis Summary
# Vulnerability: Microsoft March 2025 Patch Tuesday - Six Actively Exploited Zero-Days
## CVE Details
- CVE ID: CVE-2025-24985, CVE-2025-24984, CVE-2025-24993, CVE-2025-24991, CVE-2025-26633, CVE-2025-24983 (Six zero-days total, four of which are high-severity)
- CVSS Score: Varies, but four zero-days are high-severity (one mentioned: CVE-2025-24984 is 4.6, which is Medium/Low, implying other zero-days are higher).
- CWE: Integer Overflow, Heap-based Buffer Overflow, Out-of-Bound Read, Use-after-free (specific to listed CVEs).
## Affected Systems
- Products: Microsoft Windows components (File System Driver, NTFS, Win32 Kernel Subsystem), Microsoft Management Console (MMC).
- Versions: Not specified specifically in the summary, but relates to "foundational systems and core products" including Windows.
- Configurations: Impacting fundamental drivers and kernels critical to Windows operations.
## Vulnerability Description
Microsoft patched 57 vulnerabilities in total, including six zero-days. Four of the zero-days affect core Windows file system components:
1. **CVE-2025-24985:** Integer overflow and heap-based buffer overflow in the Windows Fast FAT File System Driver.
2. **CVE-2025-24984:** Remote Code Execution (RCE) vulnerability in Windows NTFS.
3. **CVE-2025-24993:** Heap-based buffer overflow flaw in Windows NTFS.
4. **CVE-2025-24991:** Out-of-bound read defect in Windows NTFS.
5. **CVE-2025-26633:** Improper neutralization flaw in Microsoft Management Console (MMC).
6. **CVE-2025-24983:** Use-after-free vulnerability in Windows Win32 Kernel Subsystem.
These flaws, particularly those in kernel drivers, allow attackers to bypass application-level security and gain kernel-level or direct memory access.
## Exploitation
- Status: **Actively exploited in the wild** (All six zero-days are known to be exploited). Four of the six have been added to the CISA Known Exploited Vulnerabilities (KEV) catalog.
- Complexity: Based on the nature of kernel access, complexity is likely **Medium to High** for successful remote exploitation, though the description notes that threat groups are likely privately sharing a PoC (Proof of Concept) for CVE-2025-24984.
- Attack Vector: Likely **Network** or **Local** depending on the specific component, given kernel access is a concern.
## Impact
- Confidentiality: High (Gaining kernel access typically allows for data exfiltration).
- Integrity: High (Kernel-level access implies the ability to modify system state).
- Availability: High (System stability can be compromised via kernel flaws).
## Remediation
### Patches
- Patches are available as part of Microsoft's **March 2025 Security Update (Patch Tuesday)**.
- Specific patched versions depend on the underlying Windows product and KB release associated with these CVEs.
### Workarounds
- No specific workarounds are detailed in this summary, but given the severity and kernel impact of four zero-days, immediate patching is strongly advised over relying on workarounds.
## Detection
- Detection focuses on monitoring systems for signs of successful exploitation targeting these core components.
- Indicators of compromise would include unauthorized memory allocation/access or code execution within low-level system processes (like file system drivers).
## References
- Vendor Advisories: [msrc-microsoft-com/update-guide/releaseNote/2025-Mar](https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar)
- CISA KEV Catalog: [cisa-gov/news-events/alerts/2025/03/11/cisa-adds-six-known-exploited-vulnerabilities-catalog](https://www.cisa.gov/news-events/alerts/2025/03/11/cisa-adds-six-known-exploited-vulnerabilities-catalog)
- Specific CVE Links: [msrc-microsoft-com/update-guide/en-US/vulnerability/CVE-2025-24985](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24985) (and similar links for the other five CVEs).