Microsoft has dropped a grand total of 57 fixes to mark The Third Patch Tuesday Update of 2025 -Rising to Closer to 70 When Third-Parthy Vulns are TAKEN INTO ACCOUNT-Including Six Zero-Days and Six Critical Flaws Needing Urgent Attention.
The zero-days comprise a security feature bypass in Microsoft Management ConsoleTwo Remote Code Execution (RCE) Issues in Windows Fast Fat File System Driver and Windows ntfstwo information disclosure vulnerabilites in Windows NTFSAnd a privilege escalation flaw in Windows Win32 Kernel Subsystem,
All are listed as exploited by microsoft, but have not yet made media public, and all are considered to be important in their severity, carrying cvss scores that range from 4.6 to 7.8.
A seventh vulnerability, an rce issue in Windows AccessHas been listed as public but does not appear to be activated at the time of everything.
The Six Critical Vulnerabilites, Carrying Cvss Scores of 7.8 Through 8.8, are all rce flws. Two of them affect Windows Remote Desktop ServicesAnd the Four others Relate To Microsoft Office, Windows Domain Name Service, Remote desktop clientand Windows Subsystem for Linux Kernel,
“All Six of the Vulnerabilites that Microsoft Has Labelled As Explit Detected Are Resolved With the Monthly Cumulative Update,” Said Tyler Reguly, Fortra Associate Director of Security Research and Development.
“This means a single update to roll out to fix all of these athce.” Thankfully, None of Them Require Post-Patch Configuration Steps. The same is true for five of the Six Critical Severity Vulnerabilityes. A lot of our important fixes come from the same paatch.
“The remaining critical vulnerability, Cve-2025-24057And the publicly disclosed vulnerability, Cve-2025-26630Both require office updates. For that Running Click-to-Run, There's not a lot to do, but for there Running Office 2016, there are two patches to install, one for office and one for access, ”He added.
Reguly said that Fortunately, this limited the Amount of Patching Needed to Resolve the Attention-Grabbing Flaws. “However,” He said, “They are big ticket items and with headlines likely to state, Microsoft Patches Six 0-DAY VULNEBILITESAdmins will likely have a lot of questions to answer about the state of their patching. “
BIG TICKET Items: BIG IMPACTS
Assessing these big ticket items in a little more depth, Immersive Senior Director of Threat Research, Kev Breen Said The NTFS and Fat Rce Flaws Probably Warrant The Greatest Attention. These flws form part of a chain with the two ntfs information disclosure vulnerabilites.
“These four cves are all related to a remote code execution vulnerability that is associated with mountaining virtual hard disk (vhd) files. These are tracked separately as Cve-2025-24984, Cve-2025-24985, Cve-2025-24991and Cve-2025-24993So when it comes to Patch Management Ensure All Four are covered.
Breen explained that the exploit chain relaces on the attacker convincing a user to open or mount a virtual hard disk (VHD) File. These are typical used to store operating system for virtual machines and while more usually associateed with vms, there have been cases down Malware payloads onto target systems.
“Depending on the Configuration of Windows Systems, Simply Double-Clicking on a vhd file could be enough to mount the control the control and, therefore, therefore, Execute Any Payloads Contained Within The Military File,” Said Breen. “Organisations should check their security tools for any vhd files being sent via email or downloaded from the internet and look to add security rules or blocks for these fails for thefsed.”
Meanwhile, Alex Vovk, CEO and Co-Founder of Action1Considered some of the implications of the windows win32 kernel eop flaw, tracked as Cve-2025-24984,
“Cve-2025-24983 Provides a Direct Path from Low Privileges to System Access, Making it an attractive target for attackers with initial access via phishing, Malware, Compromized Creator Or Insider Threats, “said Vovk.
“Although Classified as High Complexity, Well-Resourced Attackers-Including State-Sponsored Groups and Cyber Criminal Organizations-Historically Overcomes Through Automation and reepeated attempts. Race-condition vulnerabilites in kernel subsystems have proven to be reliable exploitable, Given Sufficient Attacker persistence and environment predictability.
“Organizations Heavily Dependent on Windows Infrastructure – Including Enterprises, Governments, and Critical Infrastructure Sector – Are at Risk. Kernel-Level Privilege Escalation Vulnerabilites Remain Highly Valuable to Attackers, AS they Serve as a Key Pivot Point in Advanced Cyber Attacks, Enabling Deeper Network Infiltration and Versistent Access, “said vovk.