One unmentionable fact is that some patches/updates can be so disruptive and/or buggy that users will face challenges installing them all!
This week’s Patch Tuesday (March 2025) from Microsoft has unveiled 56 CVEs in Windows and its components; Office and its components, Azure, .NET and Visual Studio, Remote Desktop Services, DNS Server, and Hyper-V Server. Six actively exploited Zero Day vulnerabilities were also listed.
This alarming number of patches has had America’s Cyber Defense Agency (CISA) warning affected federal agencies to apply patches by 1 April or make sure the systems are turned off until updated.
According to Satnam Narang, Senior Staff Research Engineer, Tenable, certain CVEs exploited in the wild or worth special mention are:
- CVE-2025-26633, which is a security-feature bypass in the Microsoft Management Console that could be exploited in the wild as a zero day vulnerability, similar to another one, CVE-2024-43572 patched in October 2024
- CVE-2025-24985, the first Windows Fast FAT File System Driver flaw revealed in three years, and also the first to be exploited in the wild as a zero day. It was reported by an anonymous contributor, so specific details around it are scarce
- CVE-2025-24984, CVE-2025-24991, which are information disclosure bugs, and CVE-2025-2499, a remote code execution flaw that is rated the most severe of the trio. All three had been were exploited in the wild as zero days.
- CVE-2025-24983, an elevation-of-privilege zero day exploit involving a Win32 Kernel Subsystem privilege escalation flaw.
The last CVE in this list, CVE-2025-24983, can be used to elevate privileges on previously compromised machines and allow attackers to run malicious code with highest privileges. According to threat researcher Filip Jurčacko, ESET, the team that discovered and reported the exploit, the exploit targets only older versions of Windows OS: Windows 8.1 and Server 2012 R2, which are still used by millions: “Security support for these products ended more than a year ago, and mainstream support ended years ago. However, the vulnerability also affects newer Windows OS versions, such as those before Windows 10 build 1809, including the still-supported Windows Server 2016,” Jurčacko noted, advising the public to update to newer, supported operating systems.