URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days
Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the wild.
Of the 56 flaws, six are rated Critical, 50 are rated Important, and one is rated Low in severity. Twenty-three of the addressed vulnerabilities are remote code execution bugs and 22 relate to privilege escalation.
The updates are in addition to 17 vulnerabilities Microsoft addressed in its Chromium-based Edge browser since the release of last month’s Patch Tuesday update, one of which is a spoofing flaw specific to the browser (CVE-2025-26643, CVSS score: 5.4).
The six vulnerabilities that have come under active exploitation are listed below –
- CVE-2025-24983 (CVSS score: 7.0) – A Windows Win32 Kernel Subsystem use-after-free (UAF) vulnerability that allows an authorized attacker to elevate privileges locally
- CVE-2025-24984 (CVSS score: 4.6) – A Windows NTFS information disclosure vulnerability that allows an attacker with physical access to a target device and the ability to plug in a malicious USB drive to potentially read portions of heap memory
- CVE-2025-24985 (CVSS score: 7.8) – An integer overflow vulnerability in Windows Fast FAT File System Driver that allows an unauthorized attacker to execute code locally
- CVE-2025-24991 (CVSS score: 5.5) – An out-of-bounds read vulnerability in Windows NTFS that allows an authorized attacker to disclose information locally
- CVE-2025-24993 (CVSS score: 7.8) – A heap-based buffer overflow vulnerability in Windows NTFS that allows an unauthorized attacker to execute code locally
- CVE-2025-26633 (CVSS score: 7.0) – An improper neutralization vulnerability in Microsoft Management Console that allows an unauthorized attacker to bypass a security feature locally
ESET, which is credited with discovering and reporting CVE-2025-24983, said it first discovered the zero-day exploit in the wild in March 2023 and delivered via a backdoor named PipeMagic on compromised hosts.
Source; The hacker news / Bleeping computer / Krebs on security / Dark reading / Securityweek / CISCO Talos intelligence group / Infosecurity magazine / SANS internet storm center
Link: https://thehackernews.com/2025/03/urgent-microsoft-patches-57-security.html
Link: https://krebsonsecurity.com/2025/03/microsoft-6-zero-days-in-march-2025-patch-tuesday/
Link: https://www.darkreading.com/application-security/whopping-number-microsoft-zero-days-under-attack
Link: https://www.securityweek.com/newly-patched-windows-zero-day-exploited-for-two-years/
Link: https://www.securityweek.com/patch-tuesday-microsoft-patches-57-flaws-flags-six-active-zero-days/
Link: https://blog.talosintelligence.com/march-patch-tuesday-release/
Link: https://www.infosecurity-magazine.com/news/microsoft-patches-seven-zerodays/
Link: https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20March%202025/31756
Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in „extremely sophisticated“ attacks.
The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component.
It has been described as an out-of-bounds write issue that could allow an attacker to craft malicious web content such that it can break out of the Web Content sandbox.
Apple said it resolved the issue with improved checks to prevent unauthorized actions. It also noted that it’s a supplementary fix for an attack that was blocked in iOS 17.2.
Source: The hacker news / Bleeping computer / Dark reading / Securityweek
Link: https://thehackernews.com/2025/03/apple-releases-patch-for-webkit-zero.html
Link: https://www.darkreading.com/mobile-security/apple-drops-another-webkit-zero-day-bug
Link: https://www.securityweek.com/apple-ships-ios-18-3-2-to-fix-already-exploited-webkit-flaw/
Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution.
The vulnerability, tracked as CVE-2025-25015, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution.
„Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests,“ the company said in an advisory released Wednesday.
Prototype pollution vulnerability is a security flaw that allows attackers to manipulate an application’s JavaScript objects and properties, potentially leading to unauthorized data access, privilege escalation, denial-of-service, or remote code execution.
The vulnerability affects all versions of Kibana between 8.15.0 and 8.17.3. It has been addressed in version 8.17.3.
Source: the hacker news
Link: https://thehackernews.com/2025/03/elastic-releases-urgent-fix-for.html
MITRE EMB3D for OT & ICS Threat Modeling Takes Flight
Frameworks to aid device and industrial control system (ICS) manufacturers in modeling the threats that their products face continue to gain traction as research matures.
Non-profit government research organization MITRE, for example, announced its EMB3D framework for threat modeling in late 2023, outlining specific categories of threats. Late last year, MITRE added recommendations for companies to mitigate the threats. And already, device manufacturers are starting to use EMB3D to enhance their threat modeling processes, researchers are using it to discuss findings in the same language, and cybersecurity vendors have started incorporating it into the products, says Marie Stanley Collins, senior principal with MITRE’s Critical Infrastructure Initiative.
„Device manufacturers can use it during their device design as they perform threat-modeling activities, to ensure they’re broadly considering known embedded device threats and are integrating mitigations that effectively protect against those threats,“ she says. „End users can use EMB3D to better inform acquisitions, so that vendors have to clearly define a product’s security threats and associated protections.“
Source: Dark reading
Link: https://www.darkreading.com/threat-intelligence/mitre-emb3d-ot-ics-threat-modeling
Patch Tuesday: Critical Code Execution Bugs in Adobe Acrobat and Reader
Software maker Adobe on Tuesday released fixes for at least 35 security flaws in a wide range of products, including serious code execution bugs in the widely deployed Acrobat and Reader applications.
As part of its scheduled Patch Tuesday rollout, the San Jose, Calif. company called immediate attention to a high-severity bulletin documenting at least nine security defects in Adobe Acrobat and Reader for Windows and macOS.
The company flagged multiple critical-severity issues and warned that successful exploitation could lead to arbitrary code execution and memory leaks.
Adobe is also pushing users to prioritize an available security update for Adobe InDesign, warning that multiple critical- and important-severity flaws could lead to memory leaks, arbitrary code execution and application denial-of-service.
The company’s Adobe Substance 3D Sampler also received a security makeover with patches for seven documented flaws that expose users to computer takeover attacks.
“ This update addresses critical vulnerabilities in Adobe Substance 3D Sampler. Successful exploitation could lead to arbitrary code execution,” the company said in a bulletin.
Source: Securityweek
Link: https://www.securityweek.com/patch-tuesday-critical-code-execution-bugs-in-acrobat-and-reader/
SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver
Enterprise software maker SAP on Tuesday announced the release of 21 new and three updated security notes on its March 2025 security patch day.
The company included five high-priority security notes in its advisory, namely three new notes that address vulnerabilities in Commerce, NetWeaver, and Commerce Cloud, and two updated notes that resolve flaws in Approuter and PDCE.
The most severe of these issues are CVE-2025-27434 and CVE-2025-26661 (CVSS score of 8.8), described as a cross-site scripting (XSS) bug in Commerce and a missing authorization check in NetWeaver.
The XSS issue resides in the open source library Swagger UI, and could allow an unauthenticated attacker to inject malicious code if they convince a user “to place a malicious payload into an input field”, application security firm Onapsis notes.
The NetWeaver vulnerability was discovered in the transaction SA38, and allows access to restricted functionality.
SAP also released patches for Commerce Cloud to resolve two high-severity bugs in Apache Tomcat that could be exploited to cause a denial-of-service (DoS) condition or bypass authentication.
The updated high-priority security notes resolve an authentication bypass in Approuter and a missing authorization check in PDCE. The notes were initially published in February 2025 and July 2024.
Source: Securityweek
Link: https://www.securityweek.com/sap-patches-high-severity-vulnerabilities-in-commerce-netweaver/
Cisco Patches 10 Vulnerabilities in IOS XR
Cisco on Wednesday announced patches for 10 vulnerabilities in IOS XR, including five that could be exploited to cause denial-of-service (DoS) conditions.
The most severe of the DoS flaws are CVE-2025-20142 and CVE-2025-20146, high-severity issues that impact the IPv4 access control list (ACL) feature, quality of service (QoS) policy, and the Layer 3 multicast feature of ASR 9000 series, ASR 9902, and ASR 9903 routers.
The incorrect handling of malformed IPv4 packets on devices with ACL or QoS policies applied could allow attackers to send crafted IPv4 packets and cause network processor errors, line card exceptions, or resets, leading to DoS.
Cisco also patched high-severity bugs in the Internet Key Exchange version 2 (IKEv2) function (CVE-2025-20209) and in the handling of specific packets (CVE-2025-20141) in IOS XR that could lead to DoS conditions.
The fifth DoS vulnerability, a medium-severity issue in the confederation implementation for BGP in IOS XR, which could be exploited remotely, without authentication, was publicly reported in September 2024, Cisco warns.
Source: Securityweek
Link: https://www.securityweek.com/cisco-patches-10-vulnerabilities-in-ios-xr/
Using Newly Surfaced Data Breaches for OSINT Research
Data breaches are an unfortunate reality for many websites, leading to leaked information often posted on dark web forums or discovered by security researchers. Before this data disappears or is removed, Data Breach Search Engines (DBSEs) gather, verify, and categorize it, making it accessible to people seeking to understand what information may have been compromised. DBSEs like Have I Been Pwned allow OSINT (open-source intelligence) investigators to enter an email address and see if it was used on a breached site, often revealing critical information about the target’s online footprint. These DBSEs serve as an important privacy service, allowing users to know if their information has been exposed and, in some cases, request its removal from these databases.
Source: Secjuice
Link: https://www.secjuice.com/osint-data-breach-research/
CISA: Medusa ransomware hit over 300 critical infrastructure orgs
CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month.
This was revealed in a joint advisory issued today in coordination with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC).
„As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing,“ CISA, the FBI, and MS-ISAC warned on Wednesday.
„FBI, CISA, and MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Medusa ransomware incidents.“
As the advisory explains, to defend against Medusa ransomware attacks, defenders are advised to take the following measures:
- Mitigate known security vulnerabilities to ensure operating systems, software, and firmware are patched within a reasonable timeframe,
- Segment networks to limit lateral movement between infected devices and other devices within the organization, and
- Filter network traffic by blocking access from unknown or untrusted origins to remote services on internal systems.
This ransomware operation surfaced four years ago, in January 2021, but the gang’s activity only picked up two years later, in 2023, when it launched the Medusa Blog leak site to pressure victims into paying ransoms using stolen data as leverage.
Source: Bleeping computer / Securityweek / CISA cybersecurity advisory
Link: https://www.securityweek.com/medusa-ransomware-made-300-critical-infrastructure-victims/
Link: https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a