Microsoft Security Bulletin Coverage for March 2025
Overview
Microsoft’s March 2025 Patch Tuesday has 56 vulnerabilities, of which 23 are Remote Code Execution. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2025 and has produced coverage for 10 of the reported vulnerabilities.
Vulnerabilities with Detections
CVE | CVE Title | Signature |
CVE-2025-24035 | Windows Remote Desktop Services Remote Code Execution Vulnerability | IPS 20817 Windows Remote Desktop Services RCE (CVE-2025-24035) |
CVE-2025-24045 | Windows Remote Desktop Services Remote Code Execution Vulnerability | IPS 20818 Windows Remote Desktop Services RCE (CVE-2025-24045) |
CVE-2025-24061 | Windows Mark of the Web Security Feature Bypass Vulnerability | IPS 20819 Windows Mark of the Web Security Feature Bypass (CVE-2025-24061) |
CVE-2025-24066 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ASPY 7055 Exploit-exe exe.MP_432 |
CVE-2025-24067 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ASPY 7056 Exploit-exe exe.MP_433 |
CVE-2025-24983 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | ASPY 626 Exploit-exe exe.MP_433 GAV: CVE-2025-24983 |
CVE-2025-24984 | Windows NTFS Information Disclosure Vulnerability | ASPY 627 Exploit-exe exe.MP_434 |
CVE-2025-24985 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability | ASPY 628 Exploit-exe exe.MP_435 |
CVE-2025-24991 | Windows NTFS Information Disclosure Vulnerability | ASPY 629 Exploit-exe exe.MP_436 |
CVE-2025-24993 | Windows NTFS Remote Code Execution Vulnerability | ASPY 630 Exploit-exe exe.MP_437 |
Release Breakdown
The vulnerabilities can be classified into the following categories:
For March, there are 6 critical and 50 important vulnerabilities.
Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.
Release Detailed Breakdown
Denial of Service Vulnerability
CVE | CVE Title |
CVE-2025-24997 | DirectX Graphics Kernel File Denial of Service Vulnerability |
Elevation of Privilege Vulnerabilities
CVE | CVE Title |
CVE-2025-21199 | Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability |
CVE-2025-24044 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
CVE-2025-24046 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
CVE-2025-24048 | Windows Hyper-V Elevation of Privilege Vulnerability |
CVE-2025-24049 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability |
CVE-2025-24050 | Windows Hyper-V Elevation of Privilege Vulnerability |
CVE-2025-24059 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2025-24066 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
CVE-2025-24067 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
CVE-2025-24070 | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability |
CVE-2025-24072 | Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability |
CVE-2025-24076 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability |
CVE-2025-24983 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
CVE-2025-24987 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
CVE-2025-24988 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
CVE-2025-24994 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability |
CVE-2025-24995 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
CVE-2025-24998 | Visual Studio Installer Elevation of Privilege Vulnerability |
CVE-2025-25003 | Visual Studio Elevation of Privilege Vulnerability |
CVE-2025-25008 | Windows Server Elevation of Privilege Vulnerability |
CVE-2025-26627 | Azure Arc Installer Elevation of Privilege Vulnerability |
CVE-2025-26631 | Visual Studio Code Elevation of Privilege Vulnerability |
Information Disclosure Vulnerabilities
CVE | CVE Title |
CVE-2025-24055 | Windows USB Video Class System Driver Information Disclosure Vulnerability |
CVE-2025-24984 | Windows NTFS Information Disclosure Vulnerability |
CVE-2025-24991 | Windows NTFS Information Disclosure Vulnerability |
CVE-2025-24992 | Windows NTFS Information Disclosure Vulnerability |
Remote Code Execution Vulnerabilities
CVE | CVE Title |
CVE-2025-21180 | Windows exFAT File System Remote Code Execution Vulnerability |
CVE-2025-24035 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability |
CVE-2025-24045 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
CVE-2025-24051 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2025-24056 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2025-24057 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2025-24064 | Windows Domain Name Service Remote Code Execution Vulnerability |
CVE-2025-24075 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2025-24077 | Microsoft Word Remote Code Execution Vulnerability |
CVE-2025-24078 | Microsoft Word Remote Code Execution Vulnerability |
CVE-2025-24079 | Microsoft Word Remote Code Execution Vulnerability |
CVE-2025-24080 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2025-24081 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2025-24082 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2025-24083 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2025-24084 | Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability |
CVE-2025-24985 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability |
CVE-2025-24986 | Azure Promptflow Remote Code Execution Vulnerability |
CVE-2025-24993 | Windows NTFS Remote Code Execution Vulnerability |
CVE-2025-26629 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2025-26630 | Microsoft Access Remote Code Execution Vulnerability |
CVE-2025-26645 | Remote Desktop Client Remote Code Execution Vulnerability |
Security Feature Bypass Vulnerabilities
CVE | CVE Title |
CVE-2025-21247 | MapUrlToZone Security Feature Bypass Vulnerability |
CVE-2025-24061 | Windows Mark of the Web Security Feature Bypass Vulnerability |
CVE-2025-26633 | Microsoft Management Console Security Feature Bypass Vulnerability |
Spoofing Vulnerabilities
CVE | CVE Title |
CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability |
CVE-2025-24071 | Microsoft Windows File Explorer Spoofing Vulnerability |
CVE-2025-24996 | NTLM Hash Disclosure Spoofing Vulnerability |
Share This Article
An Article By
An Article By
Security News
Security News
