The March 2025 Security Update... Note

The March 2025 Security Update Review

Adobe has released seven security bulletins addressing 37 CVEs in various products, including Acrobat Reader, Illustrator, and Substance 3D. Six of these bugs were reported through the ZDI program, and the patches for Reader, Illustrator, and InDesign correct Critical-rated code execution bugs. None of the bugs fixed by Adobe this month are listed as publicly known or under active attack. Microsoft has released 56 new CVEs in Windows, Office, Azure, and other products, with six rated Critical and 50 rated Important in severity. One of the actively exploited bugs was submitted through the Trend ZDI program, and six others are listed as under active attack. The bugs being exploited include a Microsoft Management Console Security Feature Bypass Vulnerability, Windows NTFS Remote Code Execution Vulnerability, and Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. Microsoft has also released patches for other vulnerabilities, including remote code execution, elevation of privilege, and information disclosure vulnerabilities. The company has not provided information on how widespread the attacks are, but recommends testing and deploying the patches quickly. The full list of CVEs released by Microsoft for March 2025 includes 67 vulnerabilities.
CdXz5zHNQW_2FAOFfpU13.png