Microsoft on Tuesday launched 57 patches affecting 10 product households. Six of the addressed points are thought of by Microsoft to be of Important severity, and 9 have a CVSS base rating of 8.0 or increased. Six, all affecting Home windows, are beneath lively exploit within the wild. One situation has been publicly disclosed however not but publicly exploited.
At patch time, 11 further CVEs usually tend to be exploited within the subsequent 30 days by the corporate’s estimation. 4 of this month’s points are amenable to direct detection by Sophos merchandise, and we embrace info on these within the traditional desk under.
Along with these patches, the discharge consists of advisory info on Servicing Stack Updates, in addition to on the month’s 12 Edge patches, which had been launched a number of days earlier. 9 Adobe Reader points are additionally lined.
We’re as at all times together with on the finish of this submit further appendices itemizing all Microsoft’s patches sorted by severity, by predicted exploitability timeline and CVSS Base rating, and by product household; an appendix overlaying the advisory-style updates; and a breakout of the patches affecting the assorted Home windows Server platforms nonetheless in assist.
By the numbers
- Complete CVEs: 57
- Publicly disclosed: 1
- Exploit detected: 6
- Severity
- Important: 6
- Necessary: 51
- Influence
- Distant code execution: 23
- Elevation of privilege: 23
- Data disclosure: 4
- Safety characteristic bypass: 3
- Spoofing: 3
- Denial of service: 1
- CVSS base rating 9.0 or higher: 0
- CVSS base rating 8.0 or higher: 9
Determine 1: Distant code execution points and elevation of privilege bugs are equally prevalent this month, however all of the critical-severity issues are RCE
- Home windows: 37
- 365: 11
- Workplace: 11
- Azure: 4
- Visible Studio: 4
- Excel: 3
- Phrase: 2
- .NET: 1
- ASP.NET: 1
- Entry: 1
As is our customized for this checklist, CVEs that apply to multiple product household are counted as soon as for every household they have an effect on.
Determine 2: Home windows as ever accounts for the lion’s share of patches, together with a less-common client-only situation (CVE-2025-24994). Word that the 365 and Workplace tallies are for a similar 11 CVEs
Notable March updates
Along with the problems mentioned above, quite a lot of particular gadgets benefit consideration.
CVE-2025-24057 — Microsoft Workplace Distant Code Execution Vulnerability
A heap-based buffer overflow situation affecting each 365 and Workplace might enable an unauthorized occasion to execute code regionally – and it really works in Preview Pane.
CVE-2025-26645 — Distant Desktop Shopper Distant Code Execution Vulnerability
Ranking each a CVSS Base rating of 8.8 and a Microsoft designation of Important severity, it is a relative path traversal situation in RDC. All supported variations of the shopper and server in addition to in Distant Desktop Shopper for Home windows are weak. An attacker controlling a Distant Desktop server might use this to set off RCE on a weak shopper when it connects.
CVE-2025-21180 – Home windows exFAT File System Distant Code Execution Vulnerability
CVE-2025-24985 — Home windows Quick FAT File System Driver Distant Code Execution Vulnerability
CVE-2025-24984 — Home windows NTFS Data Disclosure Vulnerability
CVE-2025-24991 – Home windows NTFS Data Disclosure Vulnerability
CVE-2025-24992 — Home windows NTFS Data Disclosure Vulnerability
CVE-2025-24993 — Home windows NTFS Distant Code Execution Vulnerability
A troublesome month for file techniques. Quick FAT is intently associated to the traditional FAT (File Allocation Desk) system and primarily sees obligation today for reminiscence units, together with USB keys, SD playing cards, and floppies (!). exFAT, the “extra trendy” model of FAT, was launched virtually 20 years in the past and freed customers from the previous 4GB file-size restrict; the “ex” means “prolonged.” For each of these bugs, the attacker must trick a person on a weak system into mounting a specifically crafted and malicious VHD. Of the 4 NTFS points, CVE-2025-24984 requires bodily entry to the goal machine (to plug in a USB). The opposite three seem like much like the VHD points described above. Three of the NTFS points and the Quick FAT situation are already beneath exploit within the wild; the opposite two usually tend to be so inside the subsequent 30 days.
CVE-2024-9157 — Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability
Not a lot is certainly identified but about this Synaptics-issued CVE, however what we do know signifies it’s probably disagreeable: The elevation-of-privilege drawback exists in Synaptics’ Audio Results audio-enhancement part, it’s a DLL-loading bug, and Microsoft considers it to be amongst these extra more likely to be exploited within the subsequent month. The excellent news is that the most recent builds of Window are, Microsoft assures the world, not weak.
Determine 3: With the primary quarter of 2025 accounted for, RCE points have simply crossed the 100-CVE mark
Sophos direct protections
| CVE | Sophos Intercept X/Endpoint IPS | Sophos XGS Firewall |
| CVE-2025-21247 | sid:2310687 | sid:2310687 |
| CVE-2025-24066 | Exp/2524066-A | Exp/2524066-A |
| CVE-2025-24067 | Exp/2524067-A | Exp/2524067-A |
| CVE-2025-24983 | Exp/2524983-A | Exp/2524983-A |
As you possibly can each month, when you don’t need to wait in your system to tug down Microsoft’s updates itself, you possibly can obtain them manually from the Home windows Replace Catalog web site. Run the winver.exe instrument to find out which construct of Home windows 10 or 11 you’re operating, then obtain the Cumulative Replace package deal in your particular system’s structure and construct quantity.
Appendix A: Vulnerability Influence and Severity
This can be a checklist of March patches sorted by impression, then sub-sorted by severity. Every checklist is additional organized by CVE.
Distant Code Execution (23 CVEs)
| Important severity | |
| CVE-2025-24035 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| CVE-2025-24045 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| CVE-2025-24057 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-24064 | Home windows Area Title Service Distant Code Execution Vulnerability |
| CVE-2025-24084 | Home windows Subsystem for Linux (WSL2) Kernel Distant Code Execution Vulnerability |
| CVE-2025-26645 | Distant Desktop Shopper Distant Code Execution Vulnerability |
| Necessary severity | |
| CVE-2025-21180 | Home windows exFAT File System Distant Code Execution Vulnerability |
| CVE-2025-24043 | WinDbg Distant Code Execution Vulnerability |
| CVE-2025-24051 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability |
| CVE-2025-24056 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-24075 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-24077 | Microsoft Phrase Distant Code Execution Vulnerability |
| CVE-2025-24078 | Microsoft Phrase Distant Code Execution Vulnerability |
| CVE-2025-24079 | Microsoft Phrase Distant Code Execution Vulnerability |
| CVE-2025-24080 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-24081 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-24082 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-24083 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-24985 | Home windows Quick FAT File System Driver Distant Code Execution Vulnerability |
| CVE-2025-24986 | Azure Promptflow Distant Code Execution Vulnerability |
| CVE-2025-24993 | Home windows NTFS Distant Code Execution Vulnerability |
| CVE-2025-26629 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-26630 | Microsoft Entry Distant Code Execution Vulnerability |
Elevation of Privilege (23 CVEs)
| Necessary severity | |
| CVE-2024-9157 | Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability |
| CVE-2025-21199 | Azure Agent Installer for Backup and Website Restoration Elevation of Privilege Vulnerability |
| CVE-2025-24044 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-24046 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24048 | Home windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-24049 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability |
| CVE-2025-24050 | Home windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-24059 | Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24066 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24067 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24070 | ASP.NET Core and Visible Studio Elevation of Privilege Vulnerability |
| CVE-2025-24072 | Microsoft Native Safety Authority (LSA) Server Elevation of Privilege Vulnerability |
| CVE-2025-24076 | Microsoft Home windows Cross System Service Elevation of Privilege Vulnerability |
| CVE-2025-24983 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-24987 | Home windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24988 | Home windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24994 | Microsoft Home windows Cross System Service Elevation of Privilege Vulnerability |
| CVE-2025-24995 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24998 | Visible Studio Installer Elevation of Privilege Vulnerability |
| CVE-2025-25003 | Visible Studio Elevation of Privilege Vulnerability |
| CVE-2025-25008 | Home windows Server Elevation of Privilege Vulnerability |
| CVE-2025-26627 | Azure Arc Installer Elevation of Privilege Vulnerability |
| CVE-2025-26631 | Visible Studio Code Elevation of Privilege Vulnerability |
Data Disclosure (4 CVEs)
| Necessary severity | |
| CVE-2025-24055 | Home windows USB Video Class System Driver Data Disclosure Vulnerability |
| CVE-2025-24984 | Home windows NTFS Data Disclosure Vulnerability |
| CVE-2025-24991 | Home windows NTFS Data Disclosure Vulnerability |
| CVE-2025-24992 | Home windows NTFS Data Disclosure Vulnerability |
Safety Characteristic Bypass (3 CVEs)
| Necessary severity | |
| CVE-2025-21247 | MapUrlToZone Safety Characteristic Bypass Vulnerability |
| CVE-2025-24061 | Home windows Mark of the Internet Safety Characteristic Bypass Vulnerability |
| CVE-2025-26633 | Microsoft Administration Console Safety Characteristic Bypass Vulnerability |
Spoofing (3 CVEs)
| Necessary severity | |
| CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2025-24071 | Microsoft Home windows File Explorer Spoofing Vulnerability |
| CVE-2025-24996 | NTLM Hash Disclosure Spoofing Vulnerability |
Denial of Service (1 CVE)
| Necessary severity | |
| CVE-2025-24997 | DirectX Graphics Kernel File Denial of Service Vulnerability |
Appendix B: Exploitability and CVSS
This can be a checklist of the March CVEs judged by Microsoft to be both beneath exploitation within the wild or extra more likely to be exploited within the wild inside the first 30 days post-release. The checklist is additional organized by CVE.
| Exploitation detected | |
| CVE-2025-24983 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-24984 | Home windows NTFS Data Disclosure Vulnerability |
| CVE-2025-24985 | Home windows Quick FAT File System Driver Distant Code Execution Vulnerability |
| CVE-2025-24991 | Home windows NTFS Data Disclosure Vulnerability |
| CVE-2025-24993 | Home windows NTFS Distant Code Execution Vulnerability |
| CVE-2025-26633 | Microsoft Administration Console Safety Characteristic Bypass Vulnerability |
| Exploitation extra doubtless inside the subsequent 30 days | |
| CVE-2024-9157 | Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability |
| CVE-2025-21180 | Home windows exFAT File System Distant Code Execution Vulnerability |
| CVE-2025-21247 | MapUrlToZone Safety Characteristic Bypass Vulnerability |
| CVE-2025-24035 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| CVE-2025-24044 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-24045 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| CVE-2025-24061 | Home windows Mark of the Internet Safety Characteristic Bypass Vulnerability |
| CVE-2025-24066 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24067 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24992 | Home windows NTFS Data Disclosure Vulnerability |
| CVE-2025-24995 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
This can be a checklist of March CVEs with a Microsoft-assessed CVSS Base rating of 8.0 or increased. They’re organized by rating and additional sorted by CVE. For extra info on how CVSS works, please see our collection on patch prioritization schema.
| CVSS Base | CVSS Temporal | CVE | Title |
| 8.8 | 7.7 | CVE-2025-24051 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability |
| 8.8 | 7.7 | CVE-2025-24056 | Home windows Telephony Service Distant Code Execution Vulnerability |
| 8.8 | 7.7 | CVE-2025-26645 | Distant Desktop Shopper Distant Code Execution Vulnerability |
| 8.4 | 7.3 | CVE-2025-24049 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability |
| 8.4 | 7.3 | CVE-2025-24066 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| 8.4 | 7.3 | CVE-2025-24084 | Home windows Subsystem for Linux (WSL2) Kernel Distant Code Execution Vulnerability |
| 8.1 | 7.1 | CVE-2025-24035 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| 8.1 | 7.1 | CVE-2025-24045 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| 8.1 | 7.1 | CVE-2025-24064 | Home windows Area Title Service Distant Code Execution Vulnerability |
Appendix C: Merchandise Affected
This can be a checklist of March’s patches sorted by product household, then sub-sorted by severity. Every checklist is additional organized by CVE. Patches which are shared amongst a number of product households are listed a number of occasions, as soon as for every product household. Points affecting Home windows Server are additional sorted in Appendix E.
Home windows (37 CVEs)
| Important severity | |
| CVE-2025-24035 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| CVE-2025-24045 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability |
| CVE-2025-24064 | Home windows Area Title Service Distant Code Execution Vulnerability |
| CVE-2025-24084 | Home windows Subsystem for Linux (WSL2) Kernel Distant Code Execution Vulnerability |
| CVE-2025-26645 | Distant Desktop Shopper Distant Code Execution Vulnerability |
| Necessary severity | |
| CVE-2024-9157 | Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability |
| CVE-2025-21180 | Home windows exFAT File System Distant Code Execution Vulnerability |
| CVE-2025-21247 | MapUrlToZone Safety Characteristic Bypass Vulnerability |
| CVE-2025-24044 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-24046 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24048 | Home windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-24050 | Home windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-24051 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability |
| CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2025-24055 | Home windows USB Video Class System Driver Data Disclosure Vulnerability |
| CVE-2025-24056 | Home windows Telephony Service Distant Code Execution Vulnerability |
| CVE-2025-24059 | Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24061 | Home windows Mark of the Internet Safety Characteristic Bypass Vulnerability |
| CVE-2025-24066 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24067 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24071 | Microsoft Home windows File Explorer Spoofing Vulnerability |
| CVE-2025-24072 | Microsoft Native Safety Authority (LSA) Server Elevation of Privilege Vulnerability |
| CVE-2025-24076 | Microsoft Home windows Cross System Service Elevation of Privilege Vulnerability |
| CVE-2025-24983 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-24984 | Home windows NTFS Data Disclosure Vulnerability |
| CVE-2025-24985 | Home windows Quick FAT File System Driver Distant Code Execution Vulnerability |
| CVE-2025-24987 | Home windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24988 | Home windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24991 | Home windows NTFS Data Disclosure Vulnerability |
| CVE-2025-24992 | Home windows NTFS Data Disclosure Vulnerability |
| CVE-2025-24993 | Home windows NTFS Distant Code Execution Vulnerability |
| CVE-2025-24994 | Microsoft Home windows Cross System Service Elevation of Privilege Vulnerability |
| CVE-2025-24995 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24996 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2025-24997 | DirectX Graphics Kernel File Denial of Service Vulnerability |
| CVE-2025-25008 | Home windows Server Elevation of Privilege Vulnerability |
| CVE-2025-26633 | Microsoft Administration Console Safety Characteristic Bypass Vulnerability |
365 (11 CVEs)
| Important severity | |
| CVE-2025-24057 | Microsoft Workplace Distant Code Execution Vulnerability |
| Necessary severity | |
| CVE-2025-24075 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-24077 | Microsoft Phrase Distant Code Execution Vulnerability |
| CVE-2025-24078 | Microsoft Phrase Distant Code Execution Vulnerability |
| CVE-2025-24079 | Microsoft Phrase Distant Code Execution Vulnerability |
| CVE-2025-24080 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-24081 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-24082 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-24083 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-26629 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-26630 | Microsoft Entry Distant Code Execution Vulnerability |
Workplace (11 CVEs)
| Important severity | |
| CVE-2025-24057 | Microsoft Workplace Distant Code Execution Vulnerability |
| Necessary severity | |
| CVE-2025-24075 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-24077 | Microsoft Phrase Distant Code Execution Vulnerability |
| CVE-2025-24078 | Microsoft Phrase Distant Code Execution Vulnerability |
| CVE-2025-24079 | Microsoft Phrase Distant Code Execution Vulnerability |
| CVE-2025-24080 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-24081 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-24082 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-24083 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-26629 | Microsoft Workplace Distant Code Execution Vulnerability |
| CVE-2025-26630 | Microsoft Entry Distant Code Execution Vulnerability |
Azure (4 CVEs)
| Necessary severity | |
| CVE-2025-21199 | Azure Agent Installer for Backup and Website Restoration Elevation of Privilege Vulnerability |
| CVE-2025-24049 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability |
| CVE-2025-24986 | Azure Promptflow Distant Code Execution Vulnerability |
| CVE-2025-26627 | Azure Arc Installer Elevation of Privilege Vulnerability |
Visible Studio (4 CVEs)
| Necessary severity | |
| CVE-2025-24070 | ASP.NET Core and Visible Studio Elevation of Privilege Vulnerability |
| CVE-2025-24998 | Visible Studio Installer Elevation of Privilege Vulnerability |
| CVE-2025-25003 | Visible Studio Elevation of Privilege Vulnerability |
| CVE-2025-26631 | Visible Studio Code Elevation of Privilege Vulnerability |
Excel (3 CVEs)
| Necessary severity | |
| CVE-2025-24075 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-24081 | Microsoft Excel Distant Code Execution Vulnerability |
| CVE-2025-24082 | Microsoft Excel Distant Code Execution Vulnerability |
Phrase (2 CVEs)
| Necessary severity | |
| CVE-2025-24078 | Microsoft Phrase Distant Code Execution Vulnerability |
| CVE-2025-24079 | Microsoft Phrase Distant Code Execution Vulnerability |
ASP.NET (1 CVE)
| Necessary severity | |
| CVE-2025-24070 | ASP.NET Core and Visible Studio Elevation of Privilege Vulnerability |
.NET (1 CVE)
| Necessary severity | |
| CVE-2025-24043 | WinDbg Distant Code Execution Vulnerability |
Entry (1 CVE)
| Necessary severity | |
| CVE-2025-26630 | Microsoft Entry Distant Code Execution Vulnerability |
Appendix D: Advisories and Different Merchandise
This can be a checklist of advisories and knowledge on different related CVEs within the March Microsoft launch. The problems addressed in these CVEs have already been mitigated by Chrome, however had been listed within the launch within the pursuits of transparency. Word that CVE-2025-21353 applies specifically to Android.
Microsoft info:
| CVE / identifier | Product | Title |
| ADV990001 | Newest Servicing Stack Updates | |
| CVE-2025-1914 | Edge | Chromium: CVE-2025-1914 Out of bounds learn in V8 |
| CVE-2025-1915 | Edge | Chromium: CVE-2025-1915 Improper Limitation of a Pathname to a Restricted Listing in DevTools |
| CVE-2025-1916 | Edge | Chromium: CVE-2025-1916 Use after free in Profiles |
| CVE-2025-1917 | Edge | Chromium: CVE-2025-1917 Inappropriate Implementation in Browser UI |
| CVE-2025-1918 | Edge | Chromium: CVE-2025-1918 Out of bounds learn in PDFium |
| CVE-2025-1919 | Edge | Chromium: CVE-2025-1919 Out of bounds learn in Media |
| CVE-2025-1921 | Edge | Chromium: CVE-2025-1921 Inappropriate Implementation in Media Stream |
| CVE-2025-1922 | Edge | Chromium: CVE-2025-1922 Inappropriate Implementation in Choice |
| CVE-2025-1923 | Edge | Chromium: CVE-2025-1923 Inappropriate Implementation in Permission Prompts |
| CVE-2025-26643 | Edge | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2025-25001 | Edge | Microsoft Edge for iOS Spoofing Vulnerability |
| CVE-2025-21353 | Edge | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability |
There are 9 Adobe advisories on this month’s launch.
| CVE-2025-27158 | APSB25-14 | Entry of Uninitialized Pointer (CWE-824) |
| CVE-2025-27159 | APSB25-14 | Use After Free (CWE-416) |
| CVE-2025-27160 | APSB25-14 | Use After Free (CWE-416) |
| CVE-2025-27161 | APSB25-14 | Out-of-bounds Learn (CWE-125) |
| CVE-2025-27162 | APSB25-14 | Entry of Uninitialized Pointer (CWE-824) |
| CVE-2025-27174 | APSB25-14 | Use After Free (CWE-416) |
| CVE-2025-24431 | APSB25-14 | Out-of-bounds Learn (CWE-125) |
| CVE-2025-27163 | APSB25-14 | Out-of-bounds Learn (CWE-125) |
| CVE-2025-27164 | APSB25-14 | Out-of-bounds Learn (CWE-125) |
Appendix E: Affected Home windows Server variations
This can be a desk of CVEs within the March launch affecting 9 Home windows Server variations, 2008 by 2025. The desk differentiates amongst main variations of the platform however doesn’t go into deeper element (eg., Server Core). Important-severity points are marked in purple; an “x” signifies that the CVE doesn’t apply to that model. Directors are inspired to make use of this appendix as a place to begin to establish their particular publicity, as every reader’s scenario, particularly because it issues merchandise out of mainstream assist, will differ. For particular Information Base numbers, please seek the advice of Microsoft.
| 2008 | 2008-R2 | 2012 | 2012-R2 | 2016 | 2019 | 2022 | 2022 23H2 | 2025 | |
| CVE-2024-9157 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21180 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21247 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24035 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24044 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24045 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24046 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24048 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24050 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24051 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24054 | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24055 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24056 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24059 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24061 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24064 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24066 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24067 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24071 | × | × | × | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24072 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24076 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-24084 | × | × | × | × | × | × | ■ | ■ | ■ |
| CVE-2025-24983 | ■ | ■ | ■ | ■ | ■ | × | × | × | × |
| CVE-2025-24984 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24985 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24987 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24988 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24991 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24992 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24993 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24994 | × | × | × | × | × | × | × | × | × |
| CVE-2025-24995 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24996 | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24997 | × | × | × | × | × | × | ■ | ■ | ■ |
| CVE-2025-25008 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-26633 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-26645 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
