惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
SegmentFault 最新的问题
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Attack and Defense Labs
Attack and Defense Labs
F
Full Disclosure
Vercel News
Vercel News
N
News | PayPal Newsroom
The GitHub Blog
The GitHub Blog
H
Hacker News: Front Page
H
Heimdal Security Blog
P
Privacy International News Feed
博客园 - 司徒正美
Google DeepMind News
Google DeepMind News
N
Netflix TechBlog - Medium
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cisco Blogs
L
Lohrmann on Cybersecurity
D
Docker
Recent Announcements
Recent Announcements
Security Archives - TechRepublic
Security Archives - TechRepublic
人人都是产品经理
人人都是产品经理
C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Proofpoint News Feed
T
Tailwind CSS Blog
C
Check Point Blog
博客园 - 叶小钗
Google Online Security Blog
Google Online Security Blog
Martin Fowler
Martin Fowler
Stack Overflow Blog
Stack Overflow Blog
博客园 - 聂微东
S
Secure Thoughts
博客园 - Franky
博客园_首页
阮一峰的网络日志
阮一峰的网络日志
P
Palo Alto Networks Blog
Latest news
Latest news
量子位
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 三生石上(FineUI控件)
The Cloudflare Blog
Last Week in AI
Last Week in AI
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Cyberwarzone
Cyberwarzone
小众软件
小众软件
Cisco Talos Blog
Cisco Talos Blog
Hacker News: Ask HN
Hacker News: Ask HN
T
Threatpost
T
Tenable Blog
P
Privacy & Cybersecurity Law Blog
WordPress大学
WordPress大学

Vulnerabilities – ThreatDown by Malwarebytes

June 2025 Microsoft Patch Tuesday fixes two zero-days April 2025 Patch Tuesday includes one zero-day What is Cross-Site Scripting (XSS)? - ThreatDown by Malwarebytes Why ransomware gangs want you to keep using that GPON router - ThreatDown by Malwarebytes Hybrid cloud environments are not safe from ransomware Windows MSHTML vulnerability actively exploited - ThreatDown by Malwarebytes Update now! Critical CVSS 10 vulnerability in Ivanti EPM - ThreatDown by Malwarebytes Update now! Four zero-days fixed in September Patch Tuesday - ThreatDown by Malwarebytes Ransomware gangs target SonicWall vulnerability
March 2025 Patch Tuesday, severity over quantity
Pieter Arntz · 2025-03-12 · via Vulnerabilities – ThreatDown by Malwarebytes
patch Tuesday header

The March 2025 Patch Tuesday update contains an unusually large number of zero-day vulnerabilities that are being actively exploited.

The overall number of patched Microsoft CVEs (57) in this month’s Patch Tuesday is relatively low, but what stands out is that six of them are listed as “Exploitation Detected.” All six have been added to CISA’s database of Known Exploited Vulnerabilities.

The six actively exploited vulnerabilities are:

CVE-2025-24983 (CVSS score 7.0 out of 10): A Windows Win32 Kernel Subsystem Elevation of Privilege vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition but would provide the successful attacker with SYSTEM privileges on a compromised device.

Reportedly, the in-the-wild use of this vulnerability is limited to older versions of Windows OS: Windows 8.1 and Server 2012 R2.

CVE-2025-24984 (CVSS score 4.6 out of 10): A Windows NTFS information disclosure vulnerability. Insertion of sensitive information into a log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

An attacker needs physical access to the target computer to plug in a malicious USB drive and could steal information by reading portions of heap memory. Heap is the name for a region of memory which is used to store dynamic variables.

CVE-2025-26633 (CVSS score 7.0 out of 10): A Microsoft Management Console (MMC) security feature bypass vulnerability. Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

Without providing a lot of details Microsoft adds:

  • In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted file that is designed to exploit the vulnerability.
  • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

CVE-2025-24985 (CVSS score 7.8 out of 10): A Windows Fast FAT File System Driver Remote Code Execution (RCE) vulnerability, due to an integer overflow or wraparound in Windows Fast FAT Driver which allows an unauthorized attacker to execute code locally.

Microsoft notes that:

An attacker can trick a local user on a vulnerable system into mounting a specially crafted Virtual Hard Disk (VHD) that would then trigger the vulnerability.

CVE-2025-24991 (CVSS score 5.5 out of 10): A Windows NTFS Information Disclosure vulnerability. An out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally—the information being small portions of heap memory. Again, the attacker will have to trick a local user on a vulnerable system into mounting a specially crafted VHD.

CVE-2025-24993 (CVSS score 7.8 out of 10): A heap based buffer overflow Windows NTFS Remote Code Execution vulnerability. Another vulnerability that requires a local user on a vulnerable system to mount a specially crafted VHD. Only this one allows an unauthorized attacker to execute code locally.

Virtual Hard Disk

Virtual Hard Disks, such as .vhd and .vhdx files, can be opened in Windows as if they are a physical disk. An attacker typically sends emails with .zip archive attachments containing virtual hard drive files, or embedded links to downloads that contain a virtual hard drive file.

There are a few things you can do to keep you safe from malicious VHDs.

  • Only accept and mount VHDs from trusted and verified sources. Be suspicious of unsolicited VHDs or those from unknown origins.
  • Use role-based access control and policies to restrict VHD access to authorized personnel only.
  • Deploy active protection on your endpoints and monitor for suspicious activity. If you lack the security staff, consider deploying an MDR service.
  • Regularly update virtualization software, hypervisors, and security tools to protect against known vulnerabilities.
  • Provide security awareness training to help users recognize social engineering tactics that might be used to trick them into mounting malicious VHDs.

Other vendors

Adobe issued important updates for Acrobat and Reader.

Broadcom patched 3 zero-days which were actively exploited.

Cisco patched an important vulnerability in Cisco Webex for BroadWorks.

Ivanti updated their security advisory for 3 actively exploited vulnerabilities Ivanti Endpoint Manager (EPM) appliances.

Google published the March 2025 Android security bulletin.

SAP released security updates for several products as part of March Patch Day.