Service Notices

All Notices > Security Notices > Microsoft Releases March 2025 Security Updates

Microsoft Releases March 2025 Security Updates

Mar 13, 2025 GMT+08:00

I. Overview

Huawei Cloud noticed that Microsoft has released its March 2025 Security Updates. A total of 56 security vulnerabilities have been disclosed, among which 6 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and security feature bypass. The affected applications include Microsoft Windows, Microsoft Office, Microsoft Visual Studio and Microsoft Azure.

For details, visit the Microsoft official website:

https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar

The following vulnerabilities require close scrutiny as their details have been disclosed or they have already been exploited by attackers:

Microsoft Management Console Security Feature Bypass Vulnerability (CVE-2025-26633): a 0-day vulnerability, which allows a remote attacker to exploit it by tricking a user into opening a maliciously crafted file. This enables unauthorized access to bypass local security features. This vulnerability has been exploited in the wild, and the risk is high.

Windows NTFS Remote Code Execution Vulnerability (CVE-2025-24993): a 0-day vulnerability, which allows attackers to remotely execute code on a local system by tricking victims into installing a malicious VHD. Successful exploitation enables attackers to run arbitrary code on the compromised system. This vulnerability has been exploited in the wild, and the risk is high.

Windows NTFS Information Disclosure Vulnerability (CVE-2025-24991): a 0-day vulnerability, which allows attackers to trick victims into installing a maliciously crafted VHD. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. This vulnerability has been exploited in the wild, and the risk is high.

Windows Fast FAT File System Driver Remote Code Execution Vulnerability (CVE-2025-24985): a 0-day vulnerability. An attacker can exploit this vulnerability by convincing a user to install a malicious VHD. If successful, the attacker gains the ability to run arbitrary code on the targeted system. This vulnerability has been exploited in the wild, and the risk is high.

Windows NTFS Information Disclosure Vulnerability (CVE-2025-24984): a 0-day vulnerability, which allows attackers with physical access to log files to extract sensitive data from them. This vulnerability has been exploited in the wild, and the risk is high.

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability (CVE-2025-24983): a 0-day vulnerability. Attackers who win competition conditions can exploit this vulnerability to gain SYSTEM privileges. This vulnerability has been exploited in the wild, and the risk is high.

Microsoft Access Remote Code Execution Vulnerability (CVE-2025-26630): An attacker can exploit this vulnerability by tricking a user into opening a malicious file downloaded from a compromised website. This can lead to arbitrary code execution on the targeted system. The vulnerability has been disclosed, and the risk is high.

10 vulnerabilities (such as CVE-2025-24035, CVE-2025-24045, and CVE-2025-24995) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Microsoft Office, Visual Studio, Microsoft Azure, and other products.

IV. Vulnerability Details

CVE ID

Vulnerability

Severity

Description

CVE-2025-26645

Remote Desktop Client Remote Code Execution Vulnerability

Important

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

CVE-2025-24084

Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability

Important

An attacker could exploit a vulnerability in Windows Subsystem for Linux by sending a malicious email to the victim, allowing them to run arbitrary code remotely on the victim's system.

CVE-2025-24064

Windows Domain Name Service Remote Code Execution Vulnerability

Important

Use after free in DNS Server allows an unauthorized attacker to execute code over a network. Successful exploitation of this vulnerability requires the attacker to win a race condition.

CVE-2025-24035

CVE-2025-24045

Windows Remote Desktop Services Remote Code Execution Vulnerability

Important

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

CVE-2025-24057

Microsoft Office Remote Code Execution Vulnerability

Important

An attacker can trigger a heap-based buffer overflow by tricking a user into opening a maliciously crafted file. This could allow the attacker to run arbitrary code on the affected system.

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.