Microsoft addressed 57 Common Vulnerabilities and Exposures (CVE’s) this month with 7 marked as zero-day vulnerabilities. The most critical Common Vulnerabilities and Exposures (CVE’s) are noted below:
Microsoft Vulnerabilities:
Windows Zero-Days:
- CVE-2025-26633 – Microsoft Management Console Security Feature Bypass Vulnerability
- Vulnerability not publicly disclosed but actively being exploited in the wild.
- CVE-2025-24985 – Windows Fast FAT File System Driver Remote Code Execution Vulnerability
- Vulnerability not publicly disclosed but actively being exploited in the wild.
- CVE-2025-24983 – Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
- Vulnerability not publicly disclosed but actively being exploited in the wild.
- CVE-2025-24984/CVE-2025-24991 – Windows NTFS Information Disclosure Vulnerability
- Vulnerabilities not publicly disclosed but actively being exploited in the wild.
- CVE-2025-24993 – Windows NTFS Remote Code Execution Vulnerability
- Vulnerability not publicly disclosed but actively being exploited in the wild.
- CVE-2025-26630 – Microsoft Access Remote Code Execution Vulnerability
- Vulnerability publicly disclosed but no reports of being actively exploited in the wild.
Other Critical CVE’s:
- CVE-2025-21376 – Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
- CVE-2025-24057 – Microsoft Office Remote Code Execution Vulnerability
- CVE-2025-26645 – Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2025-24064 – Windows Domain Name Service Remote Code Execution Vulnerability
- CVE-2025-24035 / CVE-2025-24045 – Windows Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2025-24084 – Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability
3rd Party Critical CVE’s:
Adobe Products:
- Adobe released 7 patches covering 37 CVE’s in Adobe Acrobat Reader, InDesign, Illustrator, Substance 3D Designer, Substance 3D Modeler, Substance 3D Painter, and Substance 3D Sampler.
Apple:
Broadcom:
Cisco:
- Cisco fixes WebEx flaw that could expose credentials and critical vulnerabilities in Cisco Small Business routers
Firefox:
Google Chrome:
- Versions 134.0.6998.88/.89 were released for Windows & Apple and version 134.0.6998.88 for Linux on March 10th .
- This update includes 5 Security Fixes.
- Chrome Release: March 10th 2025
Ivanti:
SAP:
About FortressSRM Cyber Hygiene Offering:
Software vulnerabilities are one of the top cyber-attack vectors and one in three breaches are the result of vulnerabilities that were known about and should have been already patched.
Keeping operating systems and application software patched and secure is time consuming and tedious – an internal IT resource nightmare. Fortress SRM’s Guardian Managed Patching with Monitoring Service delivers automated, high-efficacy (97%+) updates to Microsoft and over 80 third-party software, ensuring efficient patch deployment to every device, whether on or off network. This includes the deployment of critical updates, security updates, feature updates, operating system upgrades, key Windows security setting and configurations.
The Fortress SRM real-time reporting console includes current patch levels of devices and gives the Client total visibility into what patch related activities have been performed, while real-time patch monitoring provides deep insight into approved, unapproved, pending, and failed patching efforts.
Ready to start the Cyber Hygiene journey? Contact us at: Contact Us | Fortress Security Risk Management (fortresssrm.com)