March Microsoft Patch Tuesday. 77 CVEs, 20 of which were added during the month. 7 vulnerabilities with signs of exploitation in the wild:
RCE – Windows Fast FAT File System Driver (CVE-2025-24985) RCE – Windows NTFS (CVE-2025-24993) SFB – Microsoft Management Console (CVE-2025-26633) EoP – Windows Win32 Kernel Subsystem (CVE-2025-24983) InfDisc – Windows NTFS (CVE-2025-24991, CVE-2025-24984) AuthBypass – Power Pages (CVE-2025-24989) – in Microsoft web service, can be ignored
There are no vulnerabilities with public exploits, there are 2 more with private ones:
RCE – Bing (CVE-2025-21355) – in Microsoft web service, can be ignored SFB – Windows Kernel (CVE-2025-21247)
Among the others:
RCE – Windows Remote Desktop Client (CVE-2025-26645) and Services (CVE-2025-24035, CVE-2025-24045), MS Office (CVE-2025-26630), WSL2 (CVE-2025-24084) EoP – Windows Win32 Kernel Subsystem (CVE-2025-24044)
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.