Microsoft addressed 57 Common Vulnerabilities and Exposures (CVE’s) this month with 7 marked as zero-day vulnerabilities. The most critical Common Vulnerabilities and Exposures (CVE’s) are noted below:
Microsoft Vulnerabilities:
Windows Zero-Days:
- CVE-2025-26633 – Microsoft Management Console Security Feature Bypass Vulnerability
- Vulnerability not publicly disclosed but actively being exploited in the wild.
- CVE-2025-24985 – Windows Fast FAT File System Driver Remote Code Execution Vulnerability
- Vulnerability not publicly disclosed but actively being exploited in the wild.
- CVE-2025-24983 – Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
- Vulnerability not publicly disclosed but actively being exploited in the wild.
- CVE-2025-24984/CVE-2025-24991 – Windows NTFS Information Disclosure Vulnerability
- Vulnerabilities not publicly disclosed but actively being exploited in the wild.
- CVE-2025-24993 – Windows NTFS Remote Code Execution Vulnerability
- Vulnerability not publicly disclosed but actively being exploited in the wild.
- CVE-2025-26630 – Microsoft Access Remote Code Execution Vulnerability
- Vulnerability publicly disclosed but no reports of being actively exploited in the wild.
Other Critical CVE’s:
- CVE-2025-21376 – Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
- CVE-2025-24057 – Microsoft Office Remote Code Execution Vulnerability
- CVE-2025-26645 – Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2025-24064 – Windows Domain Name Service Remote Code Execution Vulnerability
- CVE-2025-24035 / CVE-2025-24045 – Windows Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2025-24084 – Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability
3rd Party Critical CVE’s:
Adobe Products:
- Adobe released 7 patches covering 37 CVE’s in Adobe Acrobat Reader, InDesign, Illustrator, Substance 3D Designer, Substance 3D Modeler, Substance 3D Painter, and Substance 3D Sampler.
Apple:
Broadcom:
Cisco:
- Cisco fixes WebEx flaw that could expose credentials and critical vulnerabilities in Cisco Small Business routers
Firefox:
Google Chrome:
- Versions 134.0.6998.88/.89 were released for Windows & Apple and version 134.0.6998.88 for Linux on March 10th .
- This update includes 5 Security Fixes.
- Chrome Release: March 10th 2025
Ivanti:
SAP:
About Fortress SRM’s Vigilant Managed Cyber Hygiene Offering
Software vulnerabilities are a leading cause of cyberattacks, with nearly one-third of breaches stemming from unpatched, known flaws.
Maintaining secure and up-to-date operating systems and applications is a complex, time-consuming task that often strains internal IT resources. Fortress SRM’s Vigilant Managed Cyber Hygiene with 24/7/365 U.S.-based Monitoring Service simplifies patch management by delivering automated, high-efficacy updates (97%+ success rate) for Microsoft and over 100 third-party applications. This includes critical security patches, OS upgrades, and key configuration updates—across all devices, on or off the network.
Our real-time reporting console offers full visibility into patch status and activity, helping organizations maintain a strong, proactive security posture.
Ready to strengthen your cyber hygiene?
Contact us at Contact Us | Fortress Security Risk Management (fortresssrm.com) to learn how Fortress SRM can help support and enhance your organization’s cybersecurity strategy.