Microsoft’s March Patch Tuesday Fixes 57 Security Flaws That Might Threaten Your Business

On the second Tuesday of each month, Microsoft releases a security patch for Windows. The company calls this update “Patch Tuesday,” and it contains fixes for any security vulnerabilities discovered since the previous month’s Patch Tuesday update.

March’s Patch Tuesday update is a serious one: Released on March 11, the patch fixes 57 security vulnerabilities, including seven zero-day flaws. Six of those zero-days are actively exploited, which could jeopardize your company’s cyber security.

While all vulnerabilities are important to patch, zero-days are essential to fix. Zero-days are flaws that are either actively exploited or publicly disclosed before a company can release a patch. That means six of these flaws are vulnerabilities bad actors have actively exploited already, while one is simply publicly known, though in the week since the update, it’s possible bad actors have discovered how to exploit it, too.

The six actively-exploited vulnerabilities are:

• CVE-2025-24983: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
• CVE-2025-24984: Windows NTFS Information Disclosure Vulnerability
• CVE-2025-24985: Windows Fast FAT File System Driver Remote Code Execution Vulnerability
• CVE-2025-24991: Windows NTFS Information Disclosure Vulnerability
• CVE-2025-24993: Windows NTFS Remote Code Execution Vulnerability
• CVE-2025-26633: Microsoft Management Console Security Feature Bypass Vulnerability
  

The publicly disclosed vulnerability is:

• CVE-2025-26630: Microsoft Access Remote Code Execution Vulnerability

To protect your business’ data, your MSP recommends installing the security update as soon as possible. To do so, open Start > Settings > Windows Update, then choose “Check for Windows updates.” If you require additional assistance, please contact IT support.