⚡ TL;DR | Go Straight to the March 2025 Patch Tuesday Audit Report
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The March 2025 edition of Patch Tuesday brings us 57 new fixes, with 7 rated as critical and 6 exploited. We’ve listed the most important changes below.
Win32 Kernel Subsystem Elevation of Privilege Vulnerability
The first item is a two for one. CVE-2025-24983 and CVE-2025-24044 are both Elevation of Privilege vulnerabilities with a CVSS base score between 7.0 and 7.8. CVE-2025-24983 has been actively exploited, while CVE-2025-24044 is “more likely” to be exploited.
If an attacker successfully exploits the vulnerability, they can gain SYSTEM privileges. Microsoft hasn’t released any further details about how exploitation can take place to limit exposure of unpatched systems.
Microsoft Management Console Security Feature Bypass Vulnerability
Second on the list is CVE-2025-26633 with a CVSS base score of 7. This vulnerability has also been actively exploited, however, exploitation does require user interaction. An attacker would have to convince the user to click a malicious link or open a malicious file.
A security bypass vulnerability in Microsoft Management Console (MMC) could allow an attacker to circumvent security restrictions and gain unauthorized access to administrative tools or system settings. Depending on the severity of the vulnerability, it could lead to privilege escalation, unauthorized system changes, or even full system compromise.
Windows Remote Desktop Services Remote Code Execution Vulnerability
Two critical vulnerabilities have been fixed for the Windows RDS. CVE-2025-24045 and CVE-2025-24035 have a CVSS base score of 8.1 and with the label “Exploitation More Likely”.
Microsoft only provided the following additional information:
An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.
Run the Patch Tuesday March 2025 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday March 2025 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2025-26645 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2025-26633 | Microsoft Management Console Security Feature Bypass Vulnerability |
| CVE-2025-26631 | Visual Studio Code Elevation of Privilege Vulnerability |
| CVE-2025-26630 | Microsoft Access Remote Code Execution Vulnerability |
| CVE-2025-26629 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-26627 | Azure Arc Installer Elevation of Privilege Vulnerability |
| CVE-2025-25008 | Windows Server Elevation of Privilege Vulnerability |
| CVE-2025-25003 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2025-24998 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2025-24997 | DirectX Graphics Kernel File Denial of Service Vulnerability |
| CVE-2025-24996 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2025-24995 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24994 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability |
| CVE-2025-24993 | Windows NTFS Remote Code Execution Vulnerability |
| CVE-2025-24992 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2025-24991 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2025-24988 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24987 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24986 | Azure Promptflow Remote Code Execution Vulnerability |
| CVE-2025-24985 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability |
| CVE-2025-24984 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2025-24983 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-24084 | Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability |
| CVE-2025-24083 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-24082 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24081 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24080 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-24079 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-24078 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-24077 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-24076 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability |
| CVE-2025-24075 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24072 | Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability |
| CVE-2025-24071 | Microsoft Windows File Explorer Spoofing Vulnerability |
| CVE-2025-24070 | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability |
| CVE-2025-24067 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24066 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24064 | Windows Domain Name Service Remote Code Execution Vulnerability |
| CVE-2025-24061 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2025-24059 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24057 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-24056 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2025-24055 | Windows USB Video Class System Driver Information Disclosure Vulnerability |
| CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2025-24051 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-24050 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-24049 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability |
| CVE-2025-24048 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-24046 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24045 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2025-24044 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability |
| CVE-2025-24036 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
| CVE-2025-24035 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2025-21247 | MapUrlToZone Security Feature Bypass Vulnerability |
| CVE-2025-21199 | Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability |
| CVE-2025-21180 | Windows exFAT File System Remote Code Execution Vulnerability |
| CVE-2024-9157 | Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability |
| CVE-2024-49116 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-30098 | Windows Cryptographic Services Security Feature Bypass Vulnerability |
| CVE-2022-30170 | Windows Credential Roaming Service Elevation of Privilege Vulnerability |