Today, part of the March 2025 patch Tuesday, Microsoft released a bunch of security updates for its products and services, to resolve various vulnerabilities and bugs. March 2025 Patch Tuesday update, addressed 57 security vulnerabilities, including six critical vulnerabilities, and six actively exploited zero-day vulnerabilities. It also addresses a series of other bugs related to performance and usability. These updates are important and install as soon as possible to protect your device from potential attacks and exploits. Let’s look at the highlights of the Microsoft Patch Tuesday update in March 2025 for Windows 11 and Windows 10.
Contents
What is Patch Tuesday Update?
Microsoft Patch Tuesday Update, the colloquial term for Microsoft’s Update Tuesday falls on the second Tuesday of every month, and brings security updates to fix vulnerabilities or recent bugs.
A vulnerability is a weakness or flaw in a software or hardware component that an attacker could exploit to gain unauthorized access, execute malicious code, or cause damage or disruption. A bug is an error or defect in a software or hardware component that could cause it to malfunction or behave unexpectedly.
A security update is a software patch that fixes or mitigates one or more vulnerabilities or bugs.
A security update can have different ratings depending on the severity and impact of the vulnerability or bug it addresses. Microsoft uses four ratings: critical, important, moderate, and low.
- The critical update fixes a vulnerability that could allow an attacker to take complete control of a system without user interaction.
- An Important update fixes a vulnerability that could compromise data or functionality but requires user interaction or specific conditions.
- Moderate update fixes a vulnerability that is unlikely to be exploited, but could still have some impact.
- A Low update fixes a vulnerability that is very unlikely to be exploited and has minimal impact.
Microsoft Patch Tuesday update March 2025
The March 2025 Patch Tuesday includes 57 security updates, including Six critical Remote Code Execution vulnerabilities (As it allows privilege elevation, spoofing, or remote code execution) and six actively exploited zero-day vulnerabilities. The critical updates affect Windows, Internet Explorer, Edge, Office, SharePoint, Exchange, and Azure DevOps Server.
As per the release notes, the March 2025 Microsoft Patch Tuesday Update fixed 23 Elevation of Privilege security issues, 3 Security Feature Bypass Vulnerabilities, 23 Remote Code Execution bugs, 4 Information Disclosure vulnerabilities, 1 Denial of Service Vulnerabilities, and 3 spoofing vulnerabilities.
Also, Microsoft discloses six actively exploited zero-day vulnerabilities and fixes six “Critical” vulnerabilities, all remote code execution vulnerabilities.
Microsoft’s March 2025 Patch Tuesday, which includes security updates for a total of 57 flaws.
Six actively exploited zero-day vulnerabilities patched
CVE-2025-24983: Win32 Kernel Subsystem Privilege Escalation
The Win32 Kernel Subsystem is a core part of Windows that helps applications communicate with the system’s kernel. A flaw in this subsystem could allow an attacker to gain higher privileges on a computer. If an attacker already has access to the system, they could exploit this bug to gain SYSTEM-level control, which is the highest level of access in Windows.
CVE-2025-24984: NTFS Information Disclosure
NTFS is the main file system used by Windows to manage files and storage. This vulnerability could allow an attacker to read sensitive memory data. However, the attacker would need physical access to the computer and plug in a malicious USB drive to exploit this issue.
CVE-2025-24985: Fast FAT File System Driver Remote Code Execution
The Fast FAT file system is another way Windows handles files, especially on older storage devices. A flaw in its driver could allow an attacker to run malicious code on the system. To trigger this, an attacker would need to trick a user into opening a specially crafted virtual hard disk (VHD) file.
CVE-2025-24991: NTFS Information Disclosure
Another NTFS-related issue, this vulnerability involves sensitive information being written into log files. If an attacker already has access to the system, they could exploit this to read portions of system memory that might contain confidential data.
CVE-2025-24993: NTFS Remote Code Execution
A heap-based buffer overflow vulnerability in NTFS could allow an attacker to run code on a Windows system. Like the Fast FAT issue, an attacker could trick a user into mounting a specially crafted VHD file, which would trigger the exploit.
CVE-2025-26630: Microsoft Access Remote Code Execution
Microsoft Access is a database program used for managing data. A flaw in how it handles memory could allow an attacker to run unauthorized code on a system. However, the attacker would need to trick the user into opening a malicious file for the attack to work.
Six Critical Severity Vulnerability Patched
Microsoft’s March Patch Tuesday also resolved several critical vulnerabilities across various Windows components.
CVE-2025-24035 & CVE-2025-24045: Remote Desktop Services (RDS) Remote Code Execution
Remote Desktop Services (RDS) lets users access their Windows computers remotely over a network. A flaw in how RDS handles sensitive data in memory could allow an attacker to run malicious code on a system without permission. However, for this attack to work, the hacker must successfully exploit a race condition, which is when two processes try to access the same resource at the same time in an unexpected way.
CVE-2025-24057: Microsoft Office Remote Code Execution
A heap-based buffer overflow in Microsoft Office could let an attacker execute malicious code remotely. This means a hacker could take advantage of a flaw in how Office processes memory to run unauthorized programs on a user’s computer.
CVE-2025-24064: Windows DNS Server Remote Code Execution
Windows Domain Name Service (DNS) is responsible for translating domain names (like google.com) into IP addresses so computers can connect to websites. A flaw in the Windows DNS Server could let an attacker run code over a network. Like the RDS vulnerability, this one also requires exploiting a race condition to succeed.
CVE-2025-24084: Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution
Windows Subsystem for Linux (WSL2) allows users to run Linux on Windows. A flaw in how WSL2 handles memory could allow an attacker to execute code on a local system. This means a hacker could potentially gain control over a Windows device running WSL2.
CVE-2025-26645: Remote Desktop Client Remote Code Execution
A path traversal flaw in the Remote Desktop Client could let an attacker run malicious code over a network. Path traversal is a technique used to trick a system into accessing files or directories it shouldn’t, which could lead to unauthorized access or execution of harmful programs.
Update for Windows client versions
March 2025 (Patch Tuesday) Windows security updates are the following:
- KB5053598 (OS Build 26100.3476) for the latest Windows 11 version 24H2
- KB5053602 (22621.5039 and 22631.5039) for the latest Windows 11 version 23H2/22H2
- KB5053606 (OS Build 19045.5608) for the latest Windows 10 version 22H2/21H2
- KB5053596 (OS Build 17763.7009) for the latest Windows 10 version 1809
All these updates only include minor patches and security fixes, rather than any new features.
Note: Windows 11 was released with several new features and improvements as a free upgrade for eligible Windows 10 devices. Here is how to upgrade to Windows 11 for free.
Windows 11 KB5053598, KB5053602 and Windows 10 KB5053606 address security issues for your Windows operating system, including new option to display battery percentage and an updated battery icon in the Taskbar, new “Advanced camera options” page features: “multi-app camera,” which allows multiple applications to use the camera simultaneously, and “basic camera,” which enables a simplified camera mode for troubleshooting.
It also add support Paraguay’s Daylight Saving Time (DST), addresses issues with Open Secure Shell (OpenSSH), Desktop Window Manager (dwm.exe), Input Method Editor (IME), Several audio bugs uch as volume jumping to 100% after waking from sleep, mute and unmute sounds playing repeatedly and more.
Download the Microsoft Security Update
To download and install the updates, users can use Windows Update, Microsoft Update Catalog, or other tools such as Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).
Usually, security updates are automatically downloaded and installed via Windows update. Or you can force Windows update from settings, Windows update, and check for updates to download and install the latest patch updates immediately.
Microsoft has published download links for Windows update offline installers if you prefer manual installation over Windows Update.
- Windows 11 KB5053598 (Version 24H2) offline installer Direct Download Link 64-bit.
- Windows 11 KB5053602 (Version 23H2/22H2) offline installer Direct Download Link 64-bit.
- Windows 10 KB5053606 (For versions 22H2 and 21H1) Direct Download Links: 64-bit and 32-bit (x86).
Windows 10 KB5053596 (for version 1809) Offline Download links
If you are looking for Windows 10 version 22H2 ISO image, click here.
Or Check How to Upgrade to Windows 11 version 24H2 Using the media creation tool.
If you face any difficulty while installing these updates, check the Windows 11 Update troubleshooting guide to fix the Windows 11 update KB5053598 stuck downloading, failed to install with different errors, etc.
FAQ on Patch Tuesday update
What is Patch Tuesday?
- Patch Tuesday is the colloquial term for Microsoft’s Update Tuesday which falls on the second Tuesday of every month.
When is Patch Tuesday?
- Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on April 08, 2025.
What is patching and why is it important?
- Patches are nothing but pieces of software code that are written to fix a bug in a software application that might lead to a vulnerability.
What kind of patch updates are released during Patch Tuesday?
- Predominantly security patch updates of varying severity like Critical, Important, Moderate and low are labelled and released.
What are CVE IDs?
- CVE ID – Common Vulnerabilities and Exposures ID is a format in which each vulnerability is disclosed and catalogued in the National Vulnerability Database (NVD).
Also Read
- Complete Review of Microsoft Windows 10 Operating system
- Solved: Microsoft Edge not working after the Windows 10 update
- can’t connect securely to this page ie11 or Edge Windows 10
- Windows 10 Stuck Preparing Automatic Repair? Here is how to fix
- Everything About IP (Internet Protocol) Address – Purpose to Benefits explained
