Virtual Administrator’s March 2025 Patch Recommendations

Patch Recommendations

All new patches will be approved in our patch policy.

 

March brings a modest 56 security updates but with 6 actively exploited zero-day vulnerabilities.

Notably all 6 are rated as “Important” by Microsoft which generally means exploitation requires some user interaction.

  • CVE-2025-24991 and CVE-2025-24993 are both vulnerabilities in NTFS and the attacker need to dupe the end user into mounting a malicious virtual hard disk.
  • CVE-2025-24985 is a remote code execution vulnerability in the Windows Fast FAT File System Driver and also requires the end user to mount a virtual hard disk.
  • CVE-2025-26633 is a security feature bypass vulnerability in the Microsoft Management Console (MMC).
  • CVE-2025-24983 is an elevation of privilege vulnerability in the Win32 kernel subsystem.
  • CVE-2025-24984 is a Windows NTFS information disclosure vulnerabilities but an “attacker needs physical access to the target computer to plug in a malicious USB drive.”
  • New Microsoft Security Advisory ADV236618.
  • Also a few new SSUs for Windows Server 2016 and Windows 10 versions 1507.

Last month’s issue with the System Guard Runtime Monitor Broker Service (SgrmBroker.exe) has not been fixed. If your USB printer starts printing random text, or you can’t download Roblox, see “known Issues” below.

 

Disclosed: CVE-2025-26630

Exploited: CVE-2025-24983, CVE-2025-24984, CVE-2025-24985, CVE-2025-24991, CVE-2025-24993, CVE-2025-26633

 

Security Update Guide

https://msrc.microsoft.com/update-guide/en-us

 

Microsoft Security Advisories

ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:3/11/2025)

https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001

Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.

NOTE: The Windows 10/11 Security Stack Updates are included in the monthly Cumulative Updates.

 

ADV236618 | AMD-SB-7033 AMD CPU Microcode Signature Verification Vulnerability

https://msrc.microsoft.com/update-guide/advisory/ADV236618

Microsoft is aware of AMD-SB-7033/CVE-2024-36347 disclosed by AMD on March 5, 2025. Microsoft is not aware of any active attacks leveraging this vulnerability.

This vulnerability requires local administrator privileges to load malicious microcode. Mitigations are in place across all Microsoft cloud services. As a result, Microsoft cloud customers are already protected and no customer action is required.

 

Known Issues

USB printers might print random text and Roblox download issues.

Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.

“USB printers might print random text with the January 2025 preview update.”

https://support.microsoft.com/en-us/topic/march-11-2025-kb5053602-os-builds-22621-5039-and-22631-5039-19284fef-ba57-440b-a027-2d5eeecb73fa

https://support.microsoft.com/en-us/topic/march-11-2025-kb5053606-os-builds-19044-5608-and-19045-5608-8beab4af-42c8-4469-9273-d241597431c3

Affected platforms: Windows 10 21H2/22H2 and Windows 11 22H2/23H2

Symptom:  After installing this update, you might observe issues with USB connected dual-mode printers that support both USB Print and IPP Over USB protocols. You might observe that the printer unexpectedly prints random text and data, including network commands and unusual characters. Resulting from this issue, the printed text might often start with the header “POST /ipp/print HTTP/1.1”, followed by other IPP (Internet Printing Protocol) related headers. This issue tends to occur more often when the printer is either powered on or reconnected to the device after being disconnected.

Workaround: This issue is mitigated using Known Issue Rollback (KIR). IT administrators can mitigate this issue by following the steps mentioned in the Resolution section of this known issue in Windows release health site.

https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22h2#3495msgdesc

Status: We are working on a final resolution that will be part of a future Windows update.

 

“Roblox from the Microsoft Store on Windows fails to download.”

https://support.microsoft.com/en-us/topic/march-11-2025-kb5053598-os-build-26100-3476-a248e951-daef-43ad-aa10-0b99f551cec2

Affected platforms: Windows 11 24H2

Symptom:  We’re aware of an issue where players on Arm devices are unable to download and play Roblox from the Microsoft Store on Windows.

Workaround: Roblox is working on a resolution to address this issue. Please refer to the Roblox support site for updates. Until the resolution is available, players on Arm devices can play Roblox by downloading the title directly from www.Roblox.com.

 

Good resource for known issues with Windows 10/11 patches. Find the version and click on “Known issues”.

Windows release health

https://docs.microsoft.com/en-us/windows/release-health/

 

Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022,2025 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

 

Security and Quality Rollup

  • KB5053887 – Windows Server 2012 R2 (ESU)
  • KB5053886 – Windows Server 2012 (ESU)

 

Cumulative Updates

Windows 10

  • KB5053618 – Original release version 1507 (OS Build 10240)
  • KB5053594 – Version 1607 “Anniversary Update” (OS Build 14393)
  • KB5053596 – Version 1809 “October 2018 Update” (OS Build 17763)
  • KB5053606 – Version 21H2 “November 2021 Update” (OS Build 19044)
  • KB5053606 – Version 22H2 “November 2022 Update” (OS Build 19045)

(Versions 1511,1703,1709,1803,1903,1909,2004,20H2,21H1 are no longer under support)

 

Windows 11

  • KB5053602 – 22H2 (OS Build 22621)
  • KB5053602 – 23H2 (OS Build 22631)
  • KB5053598 – 24H2 (OS Build 26100)

(Version 21H2 is no longer under support)

 

Windows Server

  • KB5053594 – Server 2016 (same KB as Windows 10 Version 1607)
  • KB5053596 – Server 2019 (same KB as Windows 10 Version 1809)
  • KB5053603 – Server 2022 (OS Build 20348)
  • KB5053599 – Server 23H2 (OS Build 25398)
  • KB5053598 – Server 2025 (OS Build 26100)

 

March 2025 updates for Microsoft Office

https://support.microsoft.com/en-us/topic/march-2025-updates-for-microsoft-office-5907fd31-82aa-4d5f-9fe7-fb031a678f0e

 

Notable CVEs

 

CVE-2025-24035 | Windows Remote Desktop Services Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24035

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

 

CVE-2025-24045 | Windows Remote Desktop Services Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24045

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

 

CVE-2025-24983 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24983

Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

 

CVE-2025-24984 | Windows NTFS Information Disclosure Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-24984

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

 

CVE-2025-24985 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-24985

Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.

 

CVE-2025-24991 | Windows NTFS Information Disclosure Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-24991

Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.

 

CVE-2025-24993 | Windows NTFS Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-24993

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

 

CVE-2025-26633 | Microsoft Management Console Security Feature Bypass Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-26633

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

 

Latest Patch Updates

Third Party Updates 3-14-2025

Read More

Third Party Updates 2-14-2025

Read More
Patch Recommendations

Virtual Administrator’s February Patch Recommendations

Read More
Patch Recommendations

Virtual Administrator’s January Patch Recommendations

Read More

Third Party Updates 01-17-2025

Read More

Third party updates 12-13-2024

Read More