{"id":381,"date":"2025-03-12T19:02:32","date_gmt":"2025-03-12T19:02:32","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4297176"},"modified":"2025-03-12T19:02:32","modified_gmt":"2025-03-12T19:02:32","slug":"patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days","status":"publish","type":"post","link":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/","title":{"rendered":"Patch Tuesday: Microsoft Fixes 57 Security Flaws \u2013 Including Active Zero-Days"},"content":{"rendered":"<figure id=\"attachment_4297177\" aria-describedby=\"caption-attachment-4297177\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-4297177\" src=\"https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250312-news-microsoft-patch-tuesday-march-2025.jpg\" alt=\"Photo of SF Bently.\" width=\"1400\" height=\"900\" srcset=\"https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250312-news-microsoft-patch-tuesday-march-2025.jpg 1400w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250312-news-microsoft-patch-tuesday-march-2025-300x193.jpg 300w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250312-news-microsoft-patch-tuesday-march-2025-1024x658.jpg 1024w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250312-news-microsoft-patch-tuesday-march-2025-768x494.jpg 768w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250312-news-microsoft-patch-tuesday-march-2025-50x32.jpg 50w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250312-news-microsoft-patch-tuesday-march-2025-770x495.jpg 770w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250312-news-microsoft-patch-tuesday-march-2025-370x238.jpg 370w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250312-news-microsoft-patch-tuesday-march-2025-270x174.jpg 270w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250312-news-microsoft-patch-tuesday-march-2025-740x476.jpg 740w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250312-news-microsoft-patch-tuesday-march-2025-540x347.jpg 540w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250312-news-microsoft-patch-tuesday-march-2025-1110x714.jpg 1110w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250312-news-microsoft-patch-tuesday-march-2025-810x521.jpg 810w\" sizes=\"auto, (max-width: 1400px) 100vw, 1400px\"><figcaption id=\"caption-attachment-4297177\" class=\"wp-caption-text\">Image: Microsoft News<\/figcaption><\/figure>\n<p>Microsoft just dropped its March 2025 Patch Tuesday update, which includes 57 fixes though closer to 70 with third-party vulnerabilities included. The update addresses some critical security issues that require immediate attention, including the following six zero-day vulnerabilities that hackers are actively exploiting.<\/p>\n<ul>\n<li><strong>CVE-2025-26633:<\/strong> A security hole in Microsoft Management Console that lets hackers bypass normal protections. They typically trick you into opening a specially designed file or website through email or messaging apps. Rated Important, with a danger score of 7.8 out of 10. \u201cIn an email or instant message attack scenario, the attacker could send the targeted user a specially crafted file that is designed to exploit the vulnerability,\u201d explains Microsoft. \u201cIn any case an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker\u2019s site or send a malicious attachment.\u201d<\/li>\n<\/ul>\n<ul>\n<li><strong>CVE-2025-24993:<\/strong> A memory bug in Windows that allows hackers to run whatever code they want on your computer. Even though Microsoft calls this \u201cremote,\u201d someone or something needs to be physically at your computer to exploit it. Danger score: 7.8. \u201cAn attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability,\u201d explains Microsoft.<\/li>\n<\/ul>\n<ul>\n<li><strong>CVE-2025-24991:<\/strong> A Windows flaw that lets attackers peek at small bits of your computer\u2019s memory. They\u2019d need to trick you into opening a special kind of disk image file. Moderate danger at 5.5.<\/li>\n<\/ul>\n<ul>\n<li><strong>CVE-2025-24985:<\/strong> A math error in Windows\u2019 file system that lets attackers run malicious code on your computer. They\u2019d need you to open a harmful disk image file first. Danger score: 7.8.<\/li>\n<\/ul>\n<ul>\n<li><strong>CVE-2025-24984:<\/strong> A Windows bug that accidentally writes sensitive information to log files. Hackers would need physical access to your computer to plug in a malicious USB drive. Lower risk at 4.6.<\/li>\n<\/ul>\n<ul>\n<li><strong>CVE-2025-24983:<\/strong> A Windows flaw that lets someone with access to your computer gain full system control by exploiting a timing vulnerability. Danger score: 7.0.<\/li>\n<\/ul>\n<p>There\u2019s a seventh vulnerability \u2013 a remote code execution bug in Windows Access \u2013 that\u2019s been made public but doesn\u2019t seem to be actively exploited yet.<\/p>\n<p>True to form, Microsoft kept with tradition and didn\u2019t share any digital fingerprints that could help security teams spot if they\u2019ve been hit.<\/p>\n<aside class=\"pinbox right\">\n<h3 class=\"heading\">Must-read security coverage<\/h3>\n<\/aside>\n<h2>Additional security vulnerabilities including in Remote Desktop Client<\/h2>\n<p>Microsoft also highlighted several nasty bugs that could allow attackers to run malicious code over networks. The scariest part is that they can do this without needing user interaction.<\/p>\n<p>One standout is CVE-2025-26645, a path traversal vulnerability in Remote Desktop Client. This one is a doozy because if you connect to a compromised Remote Desktop Server using a vulnerable client, the attacker could immediately execute code on your computer. Disaster.<\/p>\n<p>Microsoft strongly advised Windows administrators to prioritize patching critical remote code execution vulnerabilities affecting Windows Subsystem for Linux, Windows DNS Server, Remote Desktop Service, and Microsoft Office.<\/p>\n<p><strong><a href=\"https:\/\/www.techrepublic.com\/resource-library\/it-policy\/patch-management-policy\/\">Download our customizable patch management policy<\/a>, written by Scott Matteson for TechRepublic Premium, which provides guidelines for the appropriate application of patches in an organization.<\/strong><\/p>\n<p><em>This article was written by TechnologyAdvice contributing writer Allison Francis.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Image: Microsoft News Microsoft just dropped its March 2025 Patch Tuesday update, which includes 57 fixes though closer to 70 with third-party vulnerabilities included. The update addresses some critical security issues that require immediate attention, including the following six zero-day vulnerabilities that hackers are actively exploiting. CVE-2025-26633: A security hole in Microsoft Management Console that [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":382,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-381","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Patch Tuesday: Microsoft Fixes 57 Security Flaws \u2013 Including Active Zero-Days - TecnoArtesanos Tech Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Patch Tuesday: Microsoft Fixes 57 Security Flaws \u2013 Including Active Zero-Days - TecnoArtesanos Tech Blog\" \/>\n<meta property=\"og:description\" content=\"Image: Microsoft News Microsoft just dropped its March 2025 Patch Tuesday update, which includes 57 fixes though closer to 70 with third-party vulnerabilities included. The update addresses some critical security issues that require immediate attention, including the following six zero-day vulnerabilities that hackers are actively exploiting. CVE-2025-26633: A security hole in Microsoft Management Console that [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/\" \/>\n<meta property=\"og:site_name\" content=\"TecnoArtesanos Tech Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-12T19:02:32+00:00\" \/>\n<meta name=\"author\" content=\"Sergio Morales\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sergio Morales\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/\",\"url\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/\",\"name\":\"Patch Tuesday: Microsoft Fixes 57 Security Flaws \u2013 Including Active Zero-Days - TecnoArtesanos Tech Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.tecnoartesanos.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days.jpg\",\"datePublished\":\"2025-03-12T19:02:32+00:00\",\"author\":{\"@id\":\"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/ec88bc1410fd158963717c4216f04807\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/#primaryimage\",\"url\":\"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days.jpg\",\"contentUrl\":\"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days.jpg\",\"width\":1400,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.tecnoartesanos.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Patch Tuesday: Microsoft Fixes 57 Security Flaws \u2013 Including Active Zero-Days\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/#website\",\"url\":\"https:\/\/blog.tecnoartesanos.com\/\",\"name\":\"TecnoArtesanos Tech Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.tecnoartesanos.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/ec88bc1410fd158963717c4216f04807\",\"name\":\"Sergio Morales\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3d45178fc8fbbe32d39278bc504fa9093f947f406ff4f1ddcfa27505ab772184?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3d45178fc8fbbe32d39278bc504fa9093f947f406ff4f1ddcfa27505ab772184?s=96&d=mm&r=g\",\"caption\":\"Sergio Morales\"},\"sameAs\":[\"https:\/\/sergiomorales.space\"],\"url\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/author\/sergiomorales\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Patch Tuesday: Microsoft Fixes 57 Security Flaws \u2013 Including Active Zero-Days - TecnoArtesanos Tech Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/","og_locale":"en_US","og_type":"article","og_title":"Patch Tuesday: Microsoft Fixes 57 Security Flaws \u2013 Including Active Zero-Days - TecnoArtesanos Tech Blog","og_description":"Image: Microsoft News Microsoft just dropped its March 2025 Patch Tuesday update, which includes 57 fixes though closer to 70 with third-party vulnerabilities included. The update addresses some critical security issues that require immediate attention, including the following six zero-day vulnerabilities that hackers are actively exploiting. CVE-2025-26633: A security hole in Microsoft Management Console that [&hellip;]","og_url":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/","og_site_name":"TecnoArtesanos Tech Blog","article_published_time":"2025-03-12T19:02:32+00:00","author":"Sergio Morales","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sergio Morales","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/","url":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/","name":"Patch Tuesday: Microsoft Fixes 57 Security Flaws \u2013 Including Active Zero-Days - TecnoArtesanos Tech Blog","isPartOf":{"@id":"https:\/\/blog.tecnoartesanos.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/#primaryimage"},"image":{"@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days.jpg","datePublished":"2025-03-12T19:02:32+00:00","author":{"@id":"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/ec88bc1410fd158963717c4216f04807"},"breadcrumb":{"@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/#primaryimage","url":"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days.jpg","contentUrl":"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days.jpg","width":1400,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/12\/patch-tuesday-microsoft-fixes-57-security-flaws-including-active-zero-days\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.tecnoartesanos.com\/"},{"@type":"ListItem","position":2,"name":"Patch Tuesday: Microsoft Fixes 57 Security Flaws \u2013 Including Active Zero-Days"}]},{"@type":"WebSite","@id":"https:\/\/blog.tecnoartesanos.com\/#website","url":"https:\/\/blog.tecnoartesanos.com\/","name":"TecnoArtesanos Tech Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.tecnoartesanos.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/ec88bc1410fd158963717c4216f04807","name":"Sergio Morales","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3d45178fc8fbbe32d39278bc504fa9093f947f406ff4f1ddcfa27505ab772184?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3d45178fc8fbbe32d39278bc504fa9093f947f406ff4f1ddcfa27505ab772184?s=96&d=mm&r=g","caption":"Sergio Morales"},"sameAs":["https:\/\/sergiomorales.space"],"url":"https:\/\/blog.tecnoartesanos.com\/index.php\/author\/sergiomorales\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/posts\/381","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/comments?post=381"}],"version-history":[{"count":0,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/posts\/381\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/media\/382"}],"wp:attachment":[{"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/media?parent=381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/categories?post=381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/tags?post=381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}