Security Advisory

MS Family March 2025 Routine Security Update Advisory

  • Mar 12 2025
MS Family March 2025 Routine Security Update Advisory

Overview

 

Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.

 

Affected Products

 

 

Azure Family

Azure ARC

Azure Agent for Backup

Azure Agent for Site Recovery

Azure CLI

Azure promptflow-core

Azure promptflow-tools

 

Developer Tools suite

ASP.NET Core 8.0

ASP.NET Core 9.0

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8)

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10)

Microsoft Visual Studio 2022 version 17.10

Microsoft Visual Studio 2022 version 17.12

Microsoft Visual Studio 2022 version 17.13

Microsoft Visual Studio 2022 version 17.8

Visual Studio Code

WinDbg

 

ESU Family

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

 

Microsoft Office Suite

Microsoft 365 Apps for Enterprise for 32-bit Systems

Microsoft 365 Apps for Enterprise for 64-bit Systems

Microsoft Access 2016 (32-bit edition)

Microsoft Access 2016 (64-bit edition)

Microsoft Excel 2016 (32-bit edition)

Microsoft Excel 2016 (64-bit edition)

Microsoft Office 2016 (32-bit edition)

Microsoft Office 2016 (64-bit edition)

Microsoft Office 2019 for 32-bit editions

Microsoft Office 2019 for 64-bit editions

Microsoft Office LTSC 2021 for 32-bit editions

Microsoft Office LTSC 2021 for 64-bit editions

Microsoft Office LTSC 2024 for 32-bit editions

Microsoft Office LTSC 2024 for 64-bit editions

Microsoft Office LTSC for Mac 2021

Microsoft Office LTSC for Mac 2024

Microsoft Word 2016 (32-bit edition)

Microsoft Word 2016 (64-bit edition)

Office Online Server

 

Windows Suite

Remote Desktop client for Windows Desktop

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows 11 Version 24H2 for ARM64-based Systems

Windows 11 Version 24H2 for x64-based Systems

Windows App Client for Windows Desktop

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022, 23H2 Edition (Server Core installation)

Windows Server 2025

Windows Server 2025 (Server Core installation)

 

Resolved Vulnerabilities

 

6 vulnerabilities rated Critical and 51 rated Important were found.

 

Azure Family

Critical elevation of privilege vulnerability in Azure Agent Installer (CVE-2025-21199)

Critical elevation of privilege vulnerability in Azure Arc (CVE-2025-26627)

Critical elevation of privilege vulnerability in Azure CLI (CVE-2025-24049)

Critical remote code execution vulnerability in Azure PromptFlow (CVE-2025-24986)

 

Developer Tools Suite

Critical remote code execution vulnerability in .NET (CVE-2025-24043)

Critical elevation of privilege vulnerability in ASP.NET Core & Visual Studio (CVE-2025-24070)

Critical elevation of privilege vulnerability in Visual Studio Code (CVE-2025-26631)

Critical elevation of privilege vulnerability in Visual Studio (CVE-2025-24998, CVE-2025-25003)

 

Microsoft Office Suite

Critical remote code execution vulnerability in Microsoft Office Access (CVE-2025-26630)

Critical remote code execution vulnerabilities in Microsoft Office Excel (CVE-2025-24081, CVE-2025-24082, CVE-2025-24075)

Critical-grade remote code execution vulnerabilities in Microsoft Office Word (CVE-2025-24077, CVE-2025-24078, CVE-2025-24079)

Urgent-grade remote code execution vulnerability in Microsoft Office (CVE-2025-24057)

Critical-rated remote code execution vulnerabilities in Microsoft Office (CVE-2025-24080, CVE-2025-24083, CVE-2025-26629)

 

Windows Family

Critical elevation of privilege vulnerability in the Kernel Streaming WOW Thunk Service Driver (CVE-2025-24995)

Critical elevation of privilege vulnerability in Microsoft Local Security Authority Server (lsasrv) (CVE-2025-24072)

Critical security feature bypass vulnerability in Microsoft Management Console (CVE-2025-26633)

Critical elevation of privilege vulnerabilities in Microsoft Streaming Service (CVE-2025-24046, CVE-2025-24067)

Critical elevation of privilege vulnerabilities in Microsoft Windows (CVE-2024-9157, CVE-2025-25008)

Critical remote code execution vulnerability in Remote Desktop Client (CVE-2025-26645)

Role: Critical remote code execution vulnerability in DNS Server (CVE-2025-24064)

Role: Critical elevation of privilege vulnerability in Windows Hyper-V (CVE-2025-24048, CVE-2025-24050)

Critical elevation of privilege vulnerability in Windows Common Log File System Driver (CVE-2025-24059)

Critical elevation of privilege vulnerabilities in Windows Cross Device Service (CVE-2025-24076, CVE-2025-24994)

Critical remote code execution vulnerability in Windows Fast FAT Driver (CVE-2025-24985)

Critical spoofing vulnerability in Windows File Explorer (CVE-2025-24071)

Critical-grade denial-of-service vulnerability in Windows Kernel Memory (CVE-2025-24997)

Critical elevation of privilege vulnerability in Windows Kernel-Mode Drivers (CVE-2025-24066)

Critical Security Feature Bypass Vulnerability in Windows MapUrlToZone (CVE-2025-21247)

Critical Security Feature Bypass Vulnerability in Windows Mark of the Web (MOTW) (CVE-2025-24061)

Critical remote code execution vulnerability in Windows NTFS (CVE-2025-24993)

Critical information disclosure vulnerabilities in Windows NTFS (CVE-2025-24984, CVE-2025-24991, CVE-2025-24992)

Critical-grade spoofing vulnerabilities in Windows NTLM (CVE-2025-24996, CVE-2025-24054)

Critical remote code execution vulnerabilities in Windows Remote Desktop Services (CVE-2025-24035, CVE-2025-24045)

Critical-grade remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) (CVE-2025-24051)

Critical remote code execution vulnerability in Windows Subsystem for Linux (CVE-2025-24084)

Critical remote code execution vulnerability in Windows Telephony Server (CVE-2025-24056)

Critical elevation of privilege vulnerabilities in Windows USB Video Driver (CVE-2025-24987, CVE-2025-24988)

Critical information disclosure vulnerability in Windows USB Video Driver (CVE-2025-24055)

Critical elevation of privilege vulnerabilities in the Windows Win32 Kernel Subsystem (CVE-2025-24044, CVE-2025-24983)

Critical remote code execution vulnerability in the Windows exFAT File System (CVE-2025-21180)

 

Vulnerability Patches

 

The following product-specific vulnerability patches were made available in the March 11, 2025 Update Please use the Windows Update feature for automatic installation or refer to the URLs in the product information below to download and install.

ASP.NET Core 8.0 version

https://dotnet.microsoft.com/en-us/download/dotnet/8.0

ASP.NET Core 9.0 version

https://dotnet.microsoft.com/en-us/download/dotnet/9.0

Azure ARC version

https://docs.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes

Azure Agent for Backup version

Azure Agent for Site Recovery version

Azure CLI version

Azure promptflow-core version

Azure promptflow-tools version

https://msrc.microsoft.com/update-guide/

Microsoft 365 Apps for Enterprise version

https://msrc.microsoft.com/update-guide/

Microsoft Access 2016 version

https://www.microsoft.com/en-us/download/details.aspx?id=108027

Microsoft Excel 2016 version

https://www.microsoft.com/en-us/download/details.aspx?id=108022

https://www.microsoft.com/en-us/download/details.aspx?id=108029

Microsoft Office 2016 version

https://www.microsoft.com/en-us/download/details.aspx?id=108030

Microsoft Office 2019 versions

Microsoft Office LTSC 2021 editions

Microsoft Office LTSC 2024 editions

https://msrc.microsoft.com/update-guide/

Microsoft Office LTSC for Mac 2021 version

Microsoft Office LTSC for Mac 2024 version

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) version

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) version

Microsoft Visual Studio 2022 version 17.10

Microsoft Visual Studio 2022 version 17.12

Microsoft Visual Studio 2022 version 17.13

Microsoft Visual Studio 2022 version 17.8

https://msrc.microsoft.com/update-guide/

Microsoft Word 2016 version

https://www.microsoft.com/en-us/download/details.aspx?id=108028

Office Online Server version

https://www.microsoft.com/en-us/download/details.aspx?id=108026

Remote Desktop client for Windows Desktop version

Visual Studio Code version

WinDbg version

https://msrc.microsoft.com/update-guide/

Windows 10 version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053618

Windows 10 Version 1607 Version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594

Windows 10 Version 1809

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596

Windows 10 Version 21H2

Windows 10 Version 22H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053606

Windows 11 Version 22H2

Windows 11 Version 23H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053602

Windows 11 Version 24H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598

https://www.catalog.update.microsoft.com/Search.aspx?q=KB5053636

Windows App Client for Windows Desktop version

https://msrc.microsoft.com/update-guide/

Windows Server 2008 R2 Service Pack 1 Version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053620

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053627

Windows Server 2008 Service Pack 2 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053888

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053995

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053593

Windows Server 2012 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053886

Windows Server 2012 R2 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053887

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053593

Windows Server 2016 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053594

Windows Server 2019 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053596

Windows Server 2022 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053603

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053638

Windows Server 2022, 23H2 Edition version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053599

Windows Server 2025 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5053598

https://www.catalog.update.microsoft.com/Search.aspx?q=KB5053636

Tags:
Previous Post

Next Post