Microsoft issues: Windows admins have to deal with patching six zero days, six critical vulnerabilities, plus the hole that already has a publicly available proof-of-concept.”All six of the vulnerabilities that Microsoft has labelled as ‘exploit detected’ are resolved with the monthly cumulative update,” pointed out Tyler Reguly, associate director of security R&D at Fortra. “This means a single update to roll out to fix all of these at once. Thankfully, none of them require post-patch configuration steps. The same is true for five of the six critical severity vulnerabilities.”The remaining critical vulnerability (CVE-2025-24057) and the publicly disclosed vulnerability (CVE-2025-26630), he added, both require Office updates.”Fortunately,” he said, “this greatly limits the amount of patching to be done to resolve the big-ticket items.”The Windows zero-day vulnerabilities include:
Windows NTFS Information Disclosure Vulnerability (CVE-2025-24984), affecting all systems using the NFTS file system. The vulnerability results from improper handling of sensitive kernel or heap memory data in NTFS log files. According to Action1, NTFS records certain filesystem events without adequately sanitizing memory contents, potentially exposing sensitive data from running processes or kernel memory heaps;Windows NTFS Remote Code Execution Vulnerability (CVE-2025-24993). This is a heap-based buffer overflow triggered by mounting specially crafted Virtual Hard Disk (VHD) files. Malformed metadata structures cause the NTFS driver to mishandle memory, leading to memory corruption and arbitrary code execution;Windows NTFS Out-of-Bounds Read Information Disclosure Vulnerability (CVE-2025-24991) caused by improper constraint checks when parsing NTFS metadata. Crafted VHDs can trigger an over-read in kernel-mode memory, potentially leaking sensitive heap data;Windows Fast FAT File System Driver Remote Code Execution Vulnerability (CVE-2025-24985), which affects All Windows systems using the FAT/FAT32 file framework. It’s a combination of integer overflow and heap-based buffer overflow problems. Specially crafted FAT-formatted Virtual Hard Disks can exploit improper arithmetic validation, leading to memory corruption and arbitrary code execution with kernel-level privileges;Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability (CVE-2025-24983), a newly disclosed zero-day, results from a Use After Free condition, where a kernel-mode component continues referencing memory after it has been freed. Improper memory handling in critical kernel operations allows attackers to exploit freed memory for privilege escalation, notes. Action1;
Network infrastructure: Network infrastructure manufacturers Cisco Systems and Juniper Networks also issued patches.Cisco fixed a vulnerability in Webex for BroadWorks version 45.2 that could allow unauthorized remote access to credentials. Action1 said that Cisco confirmed in its security bulletin that it has implemented configuration changes to address the problem, and advises customers to restart the Webex application to apply the fix.The hole could allow an authenticated user to access plaintext credentials in client and server logs if SIP communications are configured without encryption. The flaw stems from sensitive information being exposed in SIP headers, and impacts only Cisco BroadWorks (on premises) and Cisco Webex for BroadWorks (hybrid cloud/local) instances running in Windows environments.Cisco recommends that administrators enable secure transport for SIP communications to encrypt data in transit as a temporary workaround until the configuration change is fully deployed. Additionally, credential rotation is advised to mitigate potential exposure.Juniper Networks has patched a critical authentication bypass vulnerability in Session Smart Routers (SSRs) that could allow an attacker to gain full control of the device. Tracked as CVE-2025-21589, the issue was discovered during internal security testing, and also affects Session Smart Conductor and WAN Assurance Managed Routers.According to Juniper’s Security Incident Response Team (SIRT), there is no evidence that the vulnerability has been exploited in real-world attacks. The fix is available in SSR-5.6.17, SSR-6.1.12-lts, SSR-6.2.8-lts, SSR-6.3.3-r2, and later versions.Because Juniper devices are frequently targeted in mission-critical environments, sometimes within a week of a patch release, admins should move quickly. While some Mist Cloud-connected devices have already received the update, administrators should manually upgrade all affected systems to a patched version as soon as possible.For deployments using Conductor, only the Conductor nodes need to be updated, as the fix is automatically applied to connected routers. However, all devices should still be updated to ensure full protection.
And there’s more: Separately
Progress Software patched several critical vulnerabilities in LoadMaster, an application delivery controller, which could allow attackers to execute arbitrary commands or download files from affected systems;Fortinet updated its advisory for CVE-2024-55591, warning of an additional vulnerability, CVE-2025-24472. This has now been patched. The hole could allow authentication bypass on FortiOS and FortiProxy devices using a specially crafted CSF proxy request, enabling remote attackers to gain super-administrator privileges, said Action1;Citrix released security updates to address a privilege escalation vulnerability (CVE-2024-12284) in NetScaler Console (formerly NetScaler ADM) and NetScaler Agent. It could allow authenticated attackers to execute commands without additional authorization under certain conditions;Ivanti released updates to fix multiple critical vulnerabilities in Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited for remote code execution (RCE).
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3843344/march-patch-tuesday-warnings-act-fast-to-plug-zero-day-holes-in-windows-vmware.html
