As part of its monthly Patch Tuesday event, Microsoft has fixed 57 vulnerabilities. Among them are six actively exploited zero-day vulnerabilities affecting the Microsoft Management Console, Windows NTFS, the Fast FAT File System Driver, and the Win32 Kernel Subsystem, plus several critical vulnerabilities that could allow remote code execution (RCE).
Microsoft advised that the following six vulnerabilities have been actively exploited as zero-days:
Among the critical vulnerabilities patched on Tuesday is CVE-2025-26645, a path traversal in Remote Desktop Client that could allow an unauthorized threat actor to execute code over a network.
Microsoft is advising users to download and install the latest security patches as soon as possible.
Source: SecurityWeek
It’s alarming that six zero-day vulnerabilities have been addressed in March’s Patch Tuesday event. The presence of multiple zero-day patches in a single update may indicate increased threat actor activity or could be the result of improved detection and reporting mechanisms.
Fortunately, there are some mitigating factors, such as the vulnerabilities requiring user interaction, local/physical access, and the winning of a race condition to be exploited, which slightly reduces the risk the zero-day vulnerabilities pose.
Microsoft’s policy not to publicly release additional details and indicators of compromise (IoC) associated with the vulnerabilities hinders network defenders from understanding the full nature of the potential threat of the vulnerabilities.
Regardless, the presence of multiple zero-days highlights the importance of promptly applying security updates to protect systems against actively exploited vulnerabilities.
Field Effect’s team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in Microsoft Products. This research contributes to the timely deployment of signatures into Field Effect MDR to detect and mitigate the exploitation of these vulnerabilities. Field Effect MDR users were automatically notified if a vulnerable version of Windows was detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect encourages users of the affected Windows versions to update to the latest version as soon as possible, in accordance with Microsoft’s advisory.