March Ends With More Than 6 New Windows Vulnerabilities

March End Added 6 NEW Windows Vulnerabilities – Are you Affected?

These new Windows vulnerabilities are what’s known as 0-Day attacks, that is attacks where hackers strike before a patch can be made available. March has just beaten February and January combined, with a worrying six Windows zero-days being confirmed by Microsoft in the latest security announcement. Here’s what you need to know!

Windows Operating System Security Patches Should Be Your Top Priority This Month…

Don’t make the mistake of thinking your security updates this month are optional. With six zero-day Windows vulnerabilities listed as “Exploit Detected”, and labeled by Microsoft with critical severity, this is not the month to skip patches out of convenience. The good news is all six of the detected zero-days are resolved with Microsoft’s monthly cumulative update, meaning a single update to fix all of these at once.

The vulnerabilities fixed in these security updates affect core system components like file storage, the Windows Management Console, and even the Windows Kernel itself.

The Six Windows Vulnerabilities in Detail

One of the vulnerabilities is a security feature bypass in the Microsoft Management Console. An attacker needs to convince a potential target that is either a standard user or has admin privileges to open a malicious file to exploit this vulnerability. Social engineering is certainly one of the easiest ways to make this happen (CVE-2025-26633).

Another vulnerability is a heap-based buffer overflow within Windows NTFS. An attacker can potentially exploit this issue by prompting users to mount a specially crafted virtual hard disk. A successful zero-day attack using this vulnerability could result in an unauthorized attacker executing arbitrary code locally (CVE-2024-24993).

There is also an information disclosure vulnerability in Windows NTFS that affects all Windows editions from Windows 10 to 11 and Server 2008 to Server 2025. Risk-based prioritization warrants treating this vulnerability as critical (CVE-2025-24991).

A vulnerability within the Windows fast FAT file system driver, the first to be detected for three years, was reported anonymously. We don’t have any specific details around it, but it could lead to remote code execution if a user is tricked into mounting a specially crafted virtual hard disk (CVE-2025-24985).

Another vulnerability is a Windows Win32 kernel subsystem elevation of privilege vulnerability that, if successfully exploited, could give unauthorized access to sensitive data, credentials, encryption keys, and system information. This vulnerability provides a direct path from low privileges to SYSTEM access, making it an attractive target for attackers with initial access via phishing, malware, compromised credentials, or insider threats (CVE-2025-24983).

Lastly, there is another information disclosure vulnerability in Windows NTFS that affects all Windows editions from Windows 10 to 11 and Server 2008 to Server 2025. As with the previous NTFS vulnerability, risk-based prioritization warrants treating this vulnerability as critical (CVE-2025-24984).

A Word to Our Clients Regarding These Windows Vulnerabilities

We want to assure you that your security is our top priority. Our business clients are protected by best-in-class AI accelerated antivirus solutions. These advanced systems are designed to prevent the execution of threats, mitigating risks even before these vulnerabilities were discovered.

If someone had attempted to use these attacks against you, our behavioral-based antivirus, Sentinel One, would have immediately terminated the attacking process and permanently quarantined it for our analysis. This proactive approach ensures that any potential threats are neutralized before they can cause harm.

Now that these vulnerabilities have been identified and remediated with patches by Microsoft, we will ensure that these updates are promptly applied to all of our managed computers. This further reduces your risk and our liability, providing you with peace of mind knowing that your systems are secure.

Thank you for your continued trust in our services. If you have any questions or concerns, please do not hesitate to reach out to us.

Let’s Stay Safe Out There!

author avatar
Josie Peter