Helient Blog

Managed Security Services Update: Microsoft patches 57 vulnerabilities, including 6 zero-days

Written by Robinson Roca | Mar 12, 2025 9:20:14 PM
Helient's Managed Security Services team through our close partnership Microsoft has been made aware that Microsoft has released its March 2025 security update, addressing 57 vulnerabilities, including six zero-day exploits currently being leveraged in active attacks. The severity of these exploits necessitates immediate patching to prevent potential system compromise. CISA, America's Cyber Defense Agency, has added these vulnerabilities to "KEV" it's Known Exploited Vulnerabilities Catalog, which mandates that federal agencies to apply patches by April 1, 2025

Vulnerability Summary:
The update resolves six critical, 50 important, and one low-severity vulnerability. Identified exploits facilitate remote code execution, privilege escalation, and unauthorized data access. Helient recommends customers patch their Windows Operating systems as soon as possible.

Here are outlines of the announced vulnerabilities being exploited in the wild and putting customers at risk.

Zero-Day Vulnerabilities (Actively Exploited):
  • CVE-2025-24045: Remote code execution vulnerability in Windows Remote Desktop Services due to improper memory handling.
  • CVE-2025-24983: Privilege escalation vulnerability within the Windows Win32 Kernel Subsystem.
  • CVE-2025-24984: Information disclosure vulnerability in Windows NTFS, exploitable via physical access.
  • CVE-2025-24985: Remote code execution vulnerability in the Windows Fast FAT File System Driver.
  • CVE-2025-24991: Information disclosure vulnerability in Windows NTFS.
  • CVE-2025-24993: Remote code execution vulnerability in Windows NTFS.
  • CVE-2025-26633: Security feature bypass vulnerability in Microsoft Management Console.

Impact and Remediation:
All systems running affected Microsoft Windows operating systems are potentially vulnerable. Immediate deployment of the provided security patches is strongly advised. Helient will be reaching out to our managed services clients to assist with their patching needs. if you need assistance, please contact us immediately at service@helient.com.
  • Organizations are urged to prioritize the deployment of these updates to mitigate the risk of exploitation.
  • The Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities1 (KEV) catalog, mandating federal agencies to apply the fixes by April 1, 2025.


References:
View full post