Webinar Library
Welcome to my March Patch Tuesday newsletter. Today Microsoft released updates for 57 threats and an additional 20 in the past month for a total of 77 vulnerabilities being patched. We have 8 that are zero days; exploited and/or public as of today:
Microsoft rates the one public vulnerability as "Exploitation Less Likely". Of the seven that are rated "Exploitation Detected", only CVE-2025-24989 is rated "Critical". This vulnerability affects Power Pages and could allow an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. In addition to these we have seven others that are rated critical. All of these are remote code execution vulnerabilities affecting various flavors of Windows and Office. I would say we have an above average month so please make sure you push out these updates and get your systems rebooted.
So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 10, 11
Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations Remote Desktop Client Windows App Client
Critical
CVE-2024-9157 CVE-2025-21180 CVE-2025-21247 CVE-2025-24035 CVE-2025-24044 CVE-2025-24045 CVE-2025-24046 CVE-2025-24048 CVE-2025-24050 CVE-2025-24051 CVE-2025-24054 CVE-2025-24055 CVE-2025-24056 CVE-2025-24059 CVE-2025-24061 CVE-2025-24064 CVE-2025-24066 CVE-2025-24067 CVE-2025-24071 CVE-2025-24072 CVE-2025-24076 CVE-2025-24084 CVE-2025-24983* CVE-2025-24984* CVE-2025-24985* CVE-2025-24987 CVE-2025-24988 CVE-2025-24991* CVE-2025-24992 CVE-2025-24993* CVE-2025-24994 CVE-2025-24995 CVE-2025-24996 CVE-2025-24997 CVE-2025-25008 CVE-2025-26633* CVE-2025-26645
Denial of Service
Elevation of Privilege Information Disclosure
Remote Code Execution Security Feature Bypass Spoofing
Edge
Chromium-based
Low
CVE-2025-0995 CVE-2025-0996 CVE-2025-0997 CVE-2025-0998 CVE-2025-0999 CVE-2025-1006 CVE-2025-1426 CVE-2025-1914 CVE-2025-1915 CVE-2025-1916 CVE-2025-1917 CVE-2025-1918 CVE-2025-1919 CVE-2025-1921 CVE-2025-1922 CVE-2025-1923 CVE-2025-21401 CVE-2025-26643
Workaround: No Exploited: No Public: No
Office
365 Apps for Enterprise Access/Excel/Word 2016 Office 2016, 2019 LTSC 2021, 2024 including for Mac Online Server
CVE-2025-24057 CVE-2025-24075 CVE-2025-24077 CVE-2025-24078 CVE-2025-24079 CVE-2025-24080 CVE-2025-24081 CVE-2025-24082 CVE-2025-24083 CVE-2025-26629 CVE-2025-26630**
Remote Code Execution
Azure
ARC CLI Agent for Backup Agent for Site Recovery promptflow-tools & promptflow-core
Important
CVE-2025-21199 CVE-2025-24049 CVE-2025-24986 CVE-2025-26627
Developer Tools
Visual Studio (VS) Code VS 2017 15.0 - 15.9 VS 2019 16.0-16.11 VS 2022 17.8, 17.10, 17.12, 17.13 ASP.NET Core 8, 9 WinDbg
CVE-2025-24043 CVE-2025-24070 CVE-2025-24998 CVE-2025-25003 CVE-2025-26631
Elevation of Privilege Remote Code Execution
Apps
Microsoft Bing
CVE-2025-21355
Dynamics
Microsoft Power Pages
CVE-2025-24989*
Workaround: No Exploited: Yes* Public: No