Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993)

On March 11, Microsoft released its March 2025 Patch Tuesday release which patched 56 CVEs with six rated as critical and 50 rated as important.

Of the 56 CVEs patched this month, there were seven zero-days, including six that were exploited in the wild (CVE-2025-26633,  CVE-2025-24985, CVE-2025-24983, CVE-2025-24993, CVE-2025-24984 and CVE-2025-24991) and one that was publicly disclosed (CVE-2025-26630) prior to a patch being made available.

This month’s update includes patches for:

• .NET
• ASP.NET Core & Visual Studio
• Azure Agent Installer
• Azure Arc
• Azure CLI
• Azure PromptFlow
• Kernel Streaming WOW Thunk Service Driver
• Microsoft Local Security Authority Server (lsasrv)
• Microsoft Management Console
• Microsoft Office
• Microsoft Office Access
• Microsoft Office Excel
• Microsoft Office Word
• Microsoft Streaming Service
• Microsoft Windows
• Remote Desktop Client
• Role: DNS Server
• Visual Studio
• Visual Studio Code
• Windows Common Log File System Driver
• Windows Cross Device Service
• Windows Fast FAT Driver
• Windows File Explorer
• Windows Hyper-V
• Windows Kernel Memory
• Windows Kernel-Mode Drivers
• Windows MapUrlToZone
• Windows Mark of the Web (MOTW)
• Windows NTFS
• Windows NTLM
• Windows Remote Desktop Services
• Windows Routing and Remote Access Service (RRAS)
• Windows Subsystem for Linux
• Windows Telephony Server
• Windows USB Video Driver
• Windows Win32 Kernel Subsystem
• Windows exFAT File System

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.