Security News Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws

Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,680
Content source
https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2025-patch-tuesday-fixes-7-zero-days-57-flaws/
Today is Microsoft's March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities.

This Patch Tuesday also fixes three "Critical" vulnerabilities, all remote code execution vulnerabilities.

The number of bugs in each vulnerability category is listed below:
  • 23 Elevation of Privilege Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 23 Remote Code Execution Vulnerabilities
  • 4 Information Disclosure Vulnerabilities
  • 1 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities
The above numbers do not include Mariner flaws and 10 Microsoft Edge vulnerabilities fixed earlier this month.
Click to expand...
www.bleepingcomputer.com

Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws

Today is Microsoft's March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Applause
Reactions: Zero Knowledge, Viking, brambedkar59 and 5 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,680
ZDI: The March 2025 Security Update Review
We’ve reached the third Patch Tuesday of 2025, and, as expected, Microsoft and Adobe have released their latest security offerings. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release.
Click to expand...
Adobe Patches for March 2025

For March, Adobe released seven bulletins addressing 37 CVEs in Adobe Acrobat Reader, Substance 3D Sampler, Illustrator, Substance 3D Painter, InDesign, Substance 3D Modeler, and Substance 3D Designer. Six of these bugs were reported through the ZDI program. The patch for Reader contains fixes for multiple Critical-rated code execution bugs. This should be the top priority for deployment. The fix for Illustrator also corrects some Critical-rated code execution bugs. That also holds true for the InDesign patch. For all of the products, an attacker would need to convince a user to open a specially crafted file.

The remaining patches all touch the Substance family of products. The fix for Substance 3D Sampler addressed seven bugs with some of those being Critical. The patch for Substance 3D Painter corrects two code execution bugs. The update for Substance 3D Modeler also has two CVEs, but only one is for a code execution bug. Finally, the patch for Substance 3D Designer addresses two Critical-rated code execution vulnerabilities.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.
Click to expand...
Microsoft Patches for March 2025

This month, Microsoft released 56 new CVEs in Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, Remote Desktop Services, DNS Server, and Hyper-V Server. One of the actively exploited bugs was submitted through the Trend ZDI program. With the addition of the third-party CVEs, the entire release tops out at 67 CVEs.

Of the patches released today, six are rated Critical, and 50 are rated Important in severity. This is nearly identical to the release last month in volume, but the number of actively exploited bugs is extraordinary.

One of these bugs is listed as publicly known, and six(!) others are listed as under active attack at the time of release.
Click to expand...
Looking Ahead

The next Patch Tuesday of 2025 will be on April 11, and I’ll return with my analysis and thoughts about the release. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!
Click to expand...
www.zerodayinitiative.com

Zero Day Initiative — The March 2025 Security Update Review

We’ve reached the third Patch Tuesday of 2025, and, as expected, Microsoft and Adobe have released their latest security offerings. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering th
www.zerodayinitiative.com www.zerodayinitiative.com
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: Berny, Zero Knowledge, Viking and 8 others

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
Replies
2
Views
357
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
Replies
2
Views
1,590
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
Security News Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days
Replies
2
Views
3,304
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top