Microsoft Patch Tuesday updates for March 2025 Fixes 63 Vulnerabilities

Today Microsoft addresses 57 security bugs in its March 2025 Patch Tuesday update. Six of these vulnerabilities fixed today were classified as Critical as they enable attackers to achieve remote code execution, privilege elevation, or spoofing, and others are rated Important in severity. Microsoft also addressed seven zero-day flaws, with six of those being exploited in the wild. This edition includes updates for vulnerabilities in Win32 Kernel Subsystem, NTFS, and the Fast FAT File System Driver, Windows Remote Desktop Services, Microsoft Office, DNS, and WSL2, and more.

Why Patch Tuesday Matters

Patch Tuesday is Microsoft’s monthly release of security updates designed to fix vulnerabilities in its software, including Windows operating systems, Office applications, server products like Exchange and SQL Server, and other components. These vulnerabilities can be exploited by malicious actors to gain unauthorized access to systems, steal data, disrupt operations, or spread malware. Applying these updates promptly is essential to mitigate these risks.

Patch Tuesday updates are cumulative updates that usually only include minor patches and security fixes. 

Patch Tuesday update March 2025

Microsoft’s March 2025 Patch Tuesday comes with fixes for 57 flaws, among these are three Six vulnerabilities and six zero-days affecting Win32 Kernel Subsystem, NTFS, and the Fast FAT File System Driver..

Six actively exploited zero-days was disclosed

• CVE-2025-24983 (Win32 Kernel Subsystem Privilege Escalation): A use-after-free vulnerability in the Windows Win32 Kernel Subsystem allows local attackers to escalate privileges to SYSTEM level, granting full control over the affected machine once exploited.
• CVE-2025-24984 (NTFS Information Disclosure): Affects NTFS and requires physical access to exploit. Attackers can extract sensitive heap memory data by inserting a malicious USB drive. While it does not allow remote exploitation, it increases data leak risks.
• CVE-2025-24985 (Fast FAT File System Driver RCE): An integer overflow vulnerability in the Windows Fast FAT File System Driver allows remote code execution. Attackers can exploit this flaw by tricking users into mounting a specially crafted VHD file, leading to arbitrary code execution.
• CVE-2025-24991 (NTFS Information Disclosure): Sensitive data may be unintentionally stored in NTFS log files, allowing an authorized attacker to read portions of heap memory locally, posing a risk of data exposure.
• CVE-2025-24993 (NTFS Remote Code Execution): A heap-based buffer overflow in NTFS allows remote code execution if a user mounts a malicious VHD file. This vulnerability has a similar exploitation method as the Fast FAT flaw.
• CVE-2025-26630 (Microsoft Access Remote Code Execution): A use-after-free vulnerability in Microsoft Access allows an attacker to execute arbitrary code locally by tricking a user into opening a malicious file, potentially compromising system integrity.

Six critical vulnerabilities fixed

Microsoft also patched six critical vulnerabilities this month, affecting Windows Remote Desktop Services, Microsoft Office, DNS, and WSL2. These vulnerabilities could allow remote code execution (RCE), putting systems at risk of full compromise.

• CVE-2025-24035 & CVE-2025-24045 (Windows Remote Desktop Services RCE): A race condition in Windows Remote Desktop Services (RDS) allows remote code execution by manipulating sensitive data stored in improperly locked memory. Successful exploitation could enable an attacker to gain control over the affected system.
• CVE-2025-24057 (Microsoft Office RCE): A heap-based buffer overflow in Microsoft Office may allow an attacker to execute arbitrary code remotely. Exploitation likely involves tricking a user into opening a malicious Office file, making it a serious threat for phishing-based attacks.
• CVE-2025-24064 (Windows DNS Server RCE): A use-after-free vulnerability in the Windows DNS Server could lead to remote code execution. Attackers must win a race condition to exploit this flaw, potentially gaining control over DNS infrastructure, which could disrupt network operations or enable further attacks.
• CVE-2025-24084 (Windows Subsystem for Linux 2 RCE): An untrusted pointer dereference in WSL2 could allow local attackers to execute arbitrary code. While this vulnerability does not enable remote exploitation, it poses a security risk for systems running WSL2, especially in multi-user environments.
• CVE-2025-26645 (Remote Desktop Client RCE): A relative path traversal vulnerability in the Remote Desktop Client allows remote attackers to execute arbitrary code over a network. Exploitation may involve tricking a user into connecting to a malicious RDP server, potentially compromising system security.

Windows security updates

In addition to the security fixes, Microsoft has also published updates for the Windows Update service to improve its reliability and performance.

• KB5053598 for Windows 11 version 24H2 (OS build 26100.3476)
• KB5053602 for Windows 11 version 23H2 (OS build 22631.5039)
• KB5053606 for windows 10 version 22H2 (OS build 19045.5608)
• KB5053596 for Windows 10 version 1809 (OS Build 17763.7009)
• KB5053594 for Windows 10 version 1607 (OS Build 14393.7876)

The KB5053598 Update for Windows 11 version 24H2 advance Build 26100.3476, brings notable improvements, new features, and fixes aimed at enhancing user experience and system stability.

Users can now share files directly from taskbar jumplists, making file-sharing faster. Windows Spotlight and lock screen wallpapers provide more details when hovered over or liked. Game Pass referral cards in Settings let users invite friends to try PC Game Pass for free.

Narrator scan mode gains better navigation shortcuts, while File Explorer now allows users to snooze or disable the “Start backup” reminder. The Camera app (24H2) introduces a multi-app camera feature, enabling multiple applications to access the camera stream at the same time.

Enterprise and Education users on 22H2 will see a redesigned Settings home page with new device and accessibility feature cards. These updates refine user experience, accessibility, and personalization in Windows 11.

The Windows 10 KB5053606 update improves system stability and fixes key issues. It adds support for Paraguay’s Daylight Saving Time (DST) and updates COSA profiles for better network compatibility.

Key fixes include resolving OpenSSH startup failures and improving Desktop Window Manager (dwm.exe) stability. Chinese IME users benefit from fixes preventing system freezes and improved screen reader compatibility.

Microsoft reminds users that Windows 10 support ends on October 14, 2025, and encourages upgrading to Windows 11 for continued updates and security.

Windows 7 and Windows 8.1 reached the End of support from Microsoft, which means the company no longer provides frequent updates or security patches for these operating systems. For more information please visit the Microsoft lifecycle page at https://learn.microsoft.com/en-us/lifecycle/end-of-support/end-of-support-2023

How to Obtain and Install the Updates

The primary method for obtaining and installing these updates is through Windows Update:

1. Windows Update: Go to Settings > Update & Security > Windows Update (or equivalent in older Windows versions) and check for updates.
2. WSUS/SCCM: Organizations using Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM) can deploy updates through their centralized management systems.
3. Microsoft Update Catalog: For specific updates or offline installations, you can download them directly from the Microsoft Update Catalog website.

Windows update offline installers:

• Windows 11 KB5053598 (Version 24H2) offline installer Direct Download Link 64-bit.
• Windows 11 KB5053602 (Version 23H2/22H2) offline installer Direct Download Link 64-bit.
• Windows 10 KB5053606 (For versions 22H2 and 21H1) Direct Download Links: 64-bit and 32-bit (x86).

Windows 10 KB5053596 (for version 1809) Offline Download links

• KB5053596 64-bit | Download (692.6 MB)
• KB5053596 32-bit | Download (374.9 MB)

Important note:

• Focus on installing critical updates first, as they address the most severe vulnerabilities.
• Enable automatic updates to ensure that security patches are installed promptly.
• Before deploying updates to production systems, it’s recommended to test them in a non-production environment to identify any potential compatibility issues.
• Regularly check the Microsoft Security Update Guide for detailed information about released updates.

What time do Patch Tuesday patches come out?

• Microsoft schedules the release of security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST.

Is Patch Tuesday weekly or monthly?

• Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on April 08, 2025.

Why did the second Tuesday of every month called Patch Tuesday?

• The second Tuesday of the month is referred to as “Patch Tuesday” because Microsoft attempts to combine the largest updates into this maintenance window.

What is the latest update for Windows 11 March 2025?

• The latest Windows 11 KB5053598 for version 24H2 and KB5053606 for Windows 10 version 22H/21H2.

What is the zero-day patch?

• The term “Zero-Day” is used when security teams are unaware of their software vulnerability, and they’ve had “0” days to work on a security patch or an update to fix the issue.