Microsoft has released its monthly security update for March of 2025 which includes 57 vulnerabilities affecting a range of products, including 6 that Microsoft marked as "critical". There are six vulnerabilities that Microsoft has observed being exploited in the wild. CVE-2025-26633 is a Remoted Code Execution (RCE) vulnerability in Microsoft's Management Console. Two information disclosure vulnerabilities, CVE-2025-24984 and CVE-2025-24991, and one RCE vulnerability, CVE-2025-24993, in Windows NTFS were observed being exploited in the wild. Microsoft also patched, CVE-2025-24985, another RCE exploited in the wild in the Windows Fast FAT system driver. An Elevation of Privilege (EOP) vulnerability, CVE-2025-24983, was also discovered being exploited in the wild, in Windows' win32 Kernel Subsystem. There are two notable "critical" vulnerabilities. The first is CVE-2025-24035, which is a remote code execution (RCE) vulnerability affecting the Windows Remote Desktop Gateway (RD Gateway) service. This vulnerability is a remote unauthenticated User-after-free (UAF) issue in handling websocket initialization and closing operations which could potentially result in arbitrary code execution in the RD Gateway process. Successful exploitation of this vulnerability requires the attacker to connect to a system with the RD Gateway role. CVE-2025-24035 has been assigned a CVSS 3.1 score of 8.1 and is considered "more likely to be exploited" by Microsoft. CVE-2025-24045 is another…Read More