CATEGORIES
home News

Microsoft Fixes Six Actively-Exploited 0-Day Flaws In Patch Tuesday Rollout, Update ASAP

by Victor AwogbemilaWednesday, March 12, 2025, 02:35 PM EDT
hero Microsoft Fixes Six%20Actively Exploit zero Day Flaws
This month's Microsoft Patch Tuesday is here and it's a big one. Last month fixed 63 vulnerabilities. This month's update, however, includes patches for another 57 security vulnerabilities, six of which are already being actively exploited by hackers, while cybersecurity experts describe another six as critical. These vulnerabilities require swift action and Microsoft has advised users to update their devices to get patched ASAP.

Microsoft addressed a vulnerability registered on the CVE program as CVE-2025-24993, one of the six reported active exploits. For a successful attack, hackers will need to trick users into mounting a Virtual Hard Disk (VHD); otherwise, the attack will fail. As a Remote Code Execution (RCE) vulnerability, malicious actors can trick users into taking actions that trigger payloads or malware without physical access to the computer. With a successful attack, bad actors can steal sensitive information, corrupt systems with viruses, or control the victim's computer remotely.

Microsoft also reported that hackers are already exploiting CVE-2025-24983. Successful exploitation allows hackers to assume administrator roles and enjoy full privileges on a system. However, unlike CVE-2025-24993, this vulnerability cannot be exploited without physical access to the computer, making it less critical. Local attackers can install a backdoor, trojan, or malware, which could lead to all sorts of problems.

body Microsoft Fixes Six%20Actively Exploit zero Day Flaws

The other four exploited vulnerabilities are CVE-2025-26633, CVE-2025-24991, CVE-2025-24984, and CVE-2025-24985. CVE-2025-26633 allows attackers to find their way around a core security feature on Windows, while CVE-2025-24984 and CVE-2025-24991 enable local attackers to read the heap memory. The last zero-day exploit - CVE-2025-24985, like CVE-2025-24993, requires attackers to trick users into mounting a VHD.

The update fixes 23 remote code execution security flaws, 22 vulnerabilities allowing attackers to gain special privileges, and 12 vulnerabilities that can cause security bypass, spoofing, denial of service (DOS), and information disclosure.

As expected, to give users a reasonable timeframe for updating their OS, Microsoft did not reveal details of how criminals exploit the flaws. However, users are encouraged to update their Windows PCs as soon as possible to have it patched against all 57 vulnerabilities.

This is all we have until next month's edition of Patch Tuesday, we urge you to keep your Windows installs safe from the relentless fingers of hackers.
Tags:  Microsoft, security, nasdaqmsft, zeroday
TOP CONVERSATIONS
Which New GPU Is For You?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2025 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment