57 Security Patches Released by Microsoft, Covering 6 Exploited Zero-Day Vulnerabilities

Microsoft released over 50 security updates for Windows yesterday, including fixes for six actively exploited zero-day vulnerabilities.

Among them, multiple NTFS flaws pose significant risks. CVE-2025-24991 and CVE-2025-24993 require an attacker to trick a user into mounting a malicious virtual hard disk—one exposing memory contents, the other allowing local code execution. Another NTFS flaw, CVE-2025-24984, can be exploited via a malicious USB to leak heap memory data. CVE-2025-24985 also involves a virtual hard disk attack enabling code execution.

Microsoft patched CVE-2025-24983, an elevation of privilege vulnerability in older Windows versions, discovered by ESET. This flaw, linked to the PipeMagic backdoor, affects Windows 8.1 and Server 2012 R2 but is also present in newer versions like Windows 10 build 1809 and Server 2016. However, Windows 11 and Server 2019+ appear unaffected.

Additionally, CVE-2025-26633, a Microsoft Management Console flaw, requires a user to open a malicious file for exploitation.

Notably, this marks the sixth consecutive month that Microsoft has released zero-day patches without labeling any as "critical."

The US Cybersecurity Agency (CISA) has included the vulnerabilities in its catalog and is calling on federal authorities to install the patches by 1 April 2025. Google, Adobe and Cisco have also recently published security updates.