Microsoft Patch Tuesday: March 2025

Description

CVE

Disclosed

Exploited

Exploitability (old versions)

current version

Severity

CVSS Base (AVG)

CVSS Temporal (AVG)

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

CVE-2025-24070

No

No

-

-

Important

7.0

6.1

Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability

CVE-2025-21199

No

No

-

-

Important

6.7

5.8

Azure Arc Installer Elevation of Privilege Vulnerability

CVE-2025-26627

No

No

-

-

Important

7.0

6.1

Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability

CVE-2025-24049

No

No

-

-

Important

8.4

7.3

Azure Promptflow Remote Code Execution Vulnerability

CVE-2025-24986

No

No

-

-

Important

6.5

5.7

DirectX Graphics Kernel File Denial of Service Vulnerability

CVE-2025-24997

No

No

-

-

Important

4.4

3.9

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

CVE-2025-24046

No

No

-

-

Important

7.8

6.8

CVE-2025-24066

No

No

-

-

Important

7.8

6.8

CVE-2025-24067

No

No

-

-

Important

7.8

6.8

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

CVE-2025-24995

No

No

-

-

Important

7.8

6.8

MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21247

No

No

-

-

Important

4.3

3.9

Microsoft Access Remote Code Execution Vulnerability

CVE-2025-26630

Yes

No

-

-

Important

7.8

6.8

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2025-26643

No

No

Less Likely

Less Likely

Low

5.4

4.7

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-24081

No

No

-

-

Important

7.8

6.8

CVE-2025-24082

No

No

-

-

Important

7.8

6.8

CVE-2025-24075

No

No

-

-

Important

7.8

6.8

Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability

CVE-2025-24072

No

No

-

-

Important

7.8

6.8

Microsoft Management Console Security Feature Bypass Vulnerability

CVE-2025-26633

No

Yes

-

-

Important

7.0

6.5

Microsoft Office Remote Code Execution Vulnerability

CVE-2025-24057

No

No

-

-

Critical

7.8

6.8

CVE-2025-24080

No

No

-

-

Important

7.8

6.8

CVE-2025-24083

No

No

-

-

Important

7.8

6.8

CVE-2025-26629

No

No

-

-

Important

7.8

6.8

Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability

CVE-2025-24076

No

No

-

-

Important

7.3

6.4

CVE-2025-24994

No

No

-

-

Important

7.3

6.4

Microsoft Windows File Explorer Spoofing Vulnerability

CVE-2025-24071

No

No

-

-

Important

7.5

6.5

Microsoft Word Remote Code Execution Vulnerability

CVE-2025-24077

No

No

-

-

Important

7.8

6.8

CVE-2025-24078

No

No

-

-

Important

7.0

6.1

CVE-2025-24079

No

No

-

-

Important

7.8

6.8

NTLM Hash Disclosure Spoofing Vulnerability

CVE-2025-24996

No

No

-

-

Important

6.5

5.7

CVE-2025-24054

No

No

-

-

Important

6.5

5.7

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2025-26645

No

No

-

-

Critical

8.8

7.7

Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability

CVE-2024-9157

No

No

-

-

Important

 

 

Visual Studio Code Elevation of Privilege Vulnerability

CVE-2025-26631

No

No

-

-

Important

7.3

6.4

Visual Studio Elevation of Privilege Vulnerability

CVE-2025-24998

No

No

-

-

Important

7.3

6.4

CVE-2025-25003

No

No

-

-

Important

7.3

6.4

WinDbg Remote Code Execution Vulnerability

CVE-2025-24043

No

No

-

-

Important

7.5

6.5

Windows Domain Name Service Remote Code Execution Vulnerability

CVE-2025-24064

No

No

-

-

Critical

8.1

7.1

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2025-24059

No

No

-

-

Important

7.8

6.8

Windows Fast FAT File System Driver Remote Code Execution Vulnerability

CVE-2025-24985

No

Yes

-

-

Important

7.8

7.2

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2025-24048

No

No

-

-

Important

7.8

6.8

CVE-2025-24050

No

No

-

-

Important

7.8

6.8

Windows Mark of the Web Security Feature Bypass Vulnerability

CVE-2025-24061

No

No

-

-

Important

7.8

6.8

Windows NTFS Information Disclosure Vulnerability

CVE-2025-24984

No

Yes

-

-

Important

4.6

4.3

CVE-2025-24991

No

Yes

-

-

Important

5.5

5.1

CVE-2025-24992

No

No

-

-

Important

5.5

4.8

Windows NTFS Remote Code Execution Vulnerability

CVE-2025-24993

No

Yes

-

-

Important

7.8

7.2

Windows Remote Desktop Services Remote Code Execution Vulnerability

CVE-2025-24035

No

No

-

-

Critical

8.1

7.1

CVE-2025-24045

No

No

-

-

Critical

8.1

7.1

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2025-24051

No

No

-

-

Important

8.8

7.7

Windows Server Elevation of Privilege Vulnerability

CVE-2025-25008

No

No

-

-

Important

7.1

6.2

Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability

CVE-2025-24084

No

No

-

-

Critical

8.4

7.3

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-24056

No

No

-

-

Important

8.8

7.7

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

CVE-2025-24987

No

No

-

-

Important

6.6

5.8

CVE-2025-24988

No

No

-

-

Important

6.6

5.8

Windows USB Video Class System Driver Information Disclosure Vulnerability

CVE-2025-24055

No

No

-

-

Important

4.3

3.8

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

CVE-2025-24044

No

No

-

-

Important

7.8

6.8

CVE-2025-24983

No

Yes

-

-

Important

7.0

6.5

Windows exFAT File System Remote Code Execution Vulnerability

CVE-2025-21180

No

No

-

-

Important

7.8

6.8