Little fires everywhere for March Patch Tuesday – Sophos News
Microsoft on Tuesday released 57 patches affecting 10 product families. Six of the addressed issues are considered by Microsoft to be of Critical severity, and nine have a CVSS base score of 8.0 or higher. Six, all affecting Windows, are under active exploit in the wild. One issue has been publicly disclosed but not yet publicly exploited.
At patch time, 11 additional CVEs are more likely to be exploited in the next 30 days by the company’s estimation. Four of this month’s issues are amenable to direct detection by Sophos products, and we include information on those in the usual table below.
In addition to these patches, the release includes advisory information on Servicing Stack Updates, as well as on the month’s 12 Edge patches, which were released several days earlier. Nine Adobe Reader issues are also covered.
We are as always including at the end of this post additional appendices listing all Microsoft’s patches sorted by severity, by predicted exploitability timeline and CVSS Base score, and by product family; an appendix covering the advisory-style updates; and a breakout of the patches affecting the various Windows Server platforms still in support.
By the numbers
- Total CVEs: 57
- Publicly disclosed: 1
- Exploit detected: 6
- Severity
- Critical: 6
- Important: 51
- Impact
- Remote code execution: 23
- Elevation of privilege: 23
- Information disclosure: 4
- Security feature bypass: 3
- Spoofing: 3
- Denial of service: 1
- CVSS base score 9.0 or greater: 0
- CVSS base score 8.0 or greater: 9
Figure 1: Remote code execution issues and elevation of privilege bugs are equally prevalent this month, but all the critical-severity problems are RCE
- Windows: 37
- 365: 11
- Office: 11
- Azure: 4
- Visual Studio: 4
- Excel: 3
- Word: 2
- .NET: 1
- ASP.NET: 1
- Access: 1
As is our custom for this list, CVEs that apply to more than one product family are counted once for each family they affect.
Figure 2: Windows as ever accounts for the lion’s share of patches, including a less-common client-only issue (CVE-2025-24994). Note that the 365 and Office tallies are for the same 11 CVEs
Notable March updates
In addition to the issues discussed above, a variety of specific items merit attention.
CVE-2025-24057 — Microsoft Office Remote Code Execution Vulnerability
A heap-based buffer overflow issue affecting both 365 and Office could allow an unauthorized party to execute code locally – and it works in Preview Pane.
CVE-2025-26645 — Remote Desktop Client Remote Code Execution Vulnerability
Rating both a CVSS Base score of 8.8 and a Microsoft designation of Critical severity, this is a relative path traversal issue in RDC. All supported versions of the client and server as well as in Remote Desktop Client for Windows are vulnerable. An attacker controlling a Remote Desktop server could use this to trigger RCE on a vulnerable client when it connects.
CVE-2025-21180 – Windows exFAT File System Remote Code Execution Vulnerability
CVE-2025-24985 — Windows Fast FAT File System Driver Remote Code Execution Vulnerability
CVE-2025-24984 — Windows NTFS Information Disclosure Vulnerability
CVE-2025-24991 – Windows NTFS Information Disclosure Vulnerability
CVE-2025-24992 — Windows NTFS Information Disclosure Vulnerability
CVE-2025-24993 — Windows NTFS Remote Code Execution Vulnerability
A tough month for file systems. Fast FAT is closely related to the ancient FAT (File Allocation Table) system and mainly sees duty these days for memory devices, including USB keys, SD cards, and floppies (!). exFAT, the “more modern” version of FAT, was introduced almost two decades ago and freed users from the old 4GB file-size limit; the “ex” means “extended.” For both of those bugs, the attacker would have to trick a user on a vulnerable system into mounting a specially crafted and malicious VHD. Of the four NTFS issues, CVE-2025-24984 requires physical access to the target machine (to plug in a USB). The other three appear to be similar to the VHD issues described above. Three of the NTFS issues and the Fast FAT issue are already under exploit in the wild; the other two are more likely to be so within the next 30 days.
CVE-2024-9157 — Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability
Not much is definitely known yet about this Synaptics-issued CVE, but what we do know indicates it’s potentially unpleasant: The elevation-of-privilege problem exists in Synaptics’ Audio Effects audio-enhancement component, it’s a DLL-loading bug, and Microsoft considers it to be among those more likely to be exploited in the next month. The good news is that the latest builds of Window are, Microsoft assures the world, no longer vulnerable.
Figure 3: With the first quarter of 2025 accounted for, RCE issues have just crossed the 100-CVE mark
Sophos direct protections
| CVE | Sophos Intercept X/Endpoint IPS | Sophos XGS Firewall |
| CVE-2025-21247 | sid:2310687 | sid:2310687 |
| CVE-2025-24066 | Exp/2524066-A | Exp/2524066-A |
| CVE-2025-24067 | Exp/2524067-A | Exp/2524067-A |
| CVE-2025-24983 | Exp/2524983-A | Exp/2524983-A |
As you can every month, if you don’t want to wait for your system to pull down Microsoft’s updates itself, you can download them manually from the Windows Update Catalog website. Run the winver.exe tool to determine which build of Windows 10 or 11 you’re running, then download the Cumulative Update package for your specific system’s architecture and build number.
Appendix A: Vulnerability Impact and Severity
This is a list of March patches sorted by impact, then sub-sorted by severity. Each list is further arranged by CVE.
Remote Code Execution (23 CVEs)
| Critical severity | |
| CVE-2025-24035 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2025-24045 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2025-24057 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-24064 | Windows Domain Name Service Remote Code Execution Vulnerability |
| CVE-2025-24084 | Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability |
| CVE-2025-26645 | Remote Desktop Client Remote Code Execution Vulnerability |
| Important severity | |
| CVE-2025-21180 | Windows exFAT File System Remote Code Execution Vulnerability |
| CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability |
| CVE-2025-24051 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-24056 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2025-24075 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24077 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-24078 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-24079 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-24080 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-24081 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24082 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24083 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-24985 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability |
| CVE-2025-24986 | Azure Promptflow Remote Code Execution Vulnerability |
| CVE-2025-24993 | Windows NTFS Remote Code Execution Vulnerability |
| CVE-2025-26629 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-26630 | Microsoft Access Remote Code Execution Vulnerability |
Elevation of Privilege (23 CVEs)
| Important severity | |
| CVE-2024-9157 | Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability |
| CVE-2025-21199 | Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability |
| CVE-2025-24044 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-24046 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24048 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-24049 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability |
| CVE-2025-24050 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-24059 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24066 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24067 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24070 | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability |
| CVE-2025-24072 | Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability |
| CVE-2025-24076 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability |
| CVE-2025-24983 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-24987 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24988 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24994 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability |
| CVE-2025-24995 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24998 | Visual Studio Installer Elevation of Privilege Vulnerability |
| CVE-2025-25003 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2025-25008 | Windows Server Elevation of Privilege Vulnerability |
| CVE-2025-26627 | Azure Arc Installer Elevation of Privilege Vulnerability |
| CVE-2025-26631 | Visual Studio Code Elevation of Privilege Vulnerability |
Information Disclosure (4 CVEs)
| Important severity | |
| CVE-2025-24055 | Windows USB Video Class System Driver Information Disclosure Vulnerability |
| CVE-2025-24984 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2025-24991 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2025-24992 | Windows NTFS Information Disclosure Vulnerability |
Security Feature Bypass (3 CVEs)
| Important severity | |
| CVE-2025-21247 | MapUrlToZone Security Feature Bypass Vulnerability |
| CVE-2025-24061 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2025-26633 | Microsoft Management Console Security Feature Bypass Vulnerability |
Spoofing (3 CVEs)
| Important severity | |
| CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2025-24071 | Microsoft Windows File Explorer Spoofing Vulnerability |
| CVE-2025-24996 | NTLM Hash Disclosure Spoofing Vulnerability |
Denial of Service (1 CVE)
| Important severity | |
| CVE-2025-24997 | DirectX Graphics Kernel File Denial of Service Vulnerability |
Appendix B: Exploitability and CVSS
This is a list of the March CVEs judged by Microsoft to be either under exploitation in the wild or more likely to be exploited in the wild within the first 30 days post-release. The list is further arranged by CVE.
| Exploitation detected | |
| CVE-2025-24983 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-24984 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2025-24985 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability |
| CVE-2025-24991 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2025-24993 | Windows NTFS Remote Code Execution Vulnerability |
| CVE-2025-26633 | Microsoft Management Console Security Feature Bypass Vulnerability |
| Exploitation more likely within the next 30 days | |
| CVE-2024-9157 | Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability |
| CVE-2025-21180 | Windows exFAT File System Remote Code Execution Vulnerability |
| CVE-2025-21247 | MapUrlToZone Security Feature Bypass Vulnerability |
| CVE-2025-24035 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2025-24044 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-24045 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2025-24061 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2025-24066 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24067 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24992 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2025-24995 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
This is a list of March CVEs with a Microsoft-assessed CVSS Base score of 8.0 or higher. They are arranged by score and further sorted by CVE. For more information on how CVSS works, please see our series on patch prioritization schema.
| CVSS Base | CVSS Temporal | CVE | Title |
| 8.8 | 7.7 | CVE-2025-24051 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| 8.8 | 7.7 | CVE-2025-24056 | Windows Telephony Service Remote Code Execution Vulnerability |
| 8.8 | 7.7 | CVE-2025-26645 | Remote Desktop Client Remote Code Execution Vulnerability |
| 8.4 | 7.3 | CVE-2025-24049 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability |
| 8.4 | 7.3 | CVE-2025-24066 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| 8.4 | 7.3 | CVE-2025-24084 | Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability |
| 8.1 | 7.1 | CVE-2025-24035 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| 8.1 | 7.1 | CVE-2025-24045 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| 8.1 | 7.1 | CVE-2025-24064 | Windows Domain Name Service Remote Code Execution Vulnerability |
Appendix C: Products Affected
This is a list of March’s patches sorted by product family, then sub-sorted by severity. Each list is further arranged by CVE. Patches that are shared among multiple product families are listed multiple times, once for each product family. Issues affecting Windows Server are further sorted in Appendix E.
Windows (37 CVEs)
| Critical severity | |
| CVE-2025-24035 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2025-24045 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2025-24064 | Windows Domain Name Service Remote Code Execution Vulnerability |
| CVE-2025-24084 | Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability |
| CVE-2025-26645 | Remote Desktop Client Remote Code Execution Vulnerability |
| Important severity | |
| CVE-2024-9157 | Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability |
| CVE-2025-21180 | Windows exFAT File System Remote Code Execution Vulnerability |
| CVE-2025-21247 | MapUrlToZone Security Feature Bypass Vulnerability |
| CVE-2025-24044 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-24046 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24048 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-24050 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-24051 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2025-24055 | Windows USB Video Class System Driver Information Disclosure Vulnerability |
| CVE-2025-24056 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2025-24059 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24061 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2025-24066 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24067 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24071 | Microsoft Windows File Explorer Spoofing Vulnerability |
| CVE-2025-24072 | Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability |
| CVE-2025-24076 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability |
| CVE-2025-24983 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-24984 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2025-24985 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability |
| CVE-2025-24987 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24988 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24991 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2025-24992 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2025-24993 | Windows NTFS Remote Code Execution Vulnerability |
| CVE-2025-24994 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability |
| CVE-2025-24995 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24996 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2025-24997 | DirectX Graphics Kernel File Denial of Service Vulnerability |
| CVE-2025-25008 | Windows Server Elevation of Privilege Vulnerability |
| CVE-2025-26633 | Microsoft Management Console Security Feature Bypass Vulnerability |
365 (11 CVEs)
| Critical severity | |
| CVE-2025-24057 | Microsoft Office Remote Code Execution Vulnerability |
| Important severity | |
| CVE-2025-24075 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24077 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-24078 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-24079 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-24080 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-24081 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24082 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24083 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-26629 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-26630 | Microsoft Access Remote Code Execution Vulnerability |
Office (11 CVEs)
| Critical severity | |
| CVE-2025-24057 | Microsoft Office Remote Code Execution Vulnerability |
| Important severity | |
| CVE-2025-24075 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24077 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-24078 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-24079 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-24080 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-24081 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24082 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24083 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-26629 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-26630 | Microsoft Access Remote Code Execution Vulnerability |
Azure (4 CVEs)
| Important severity | |
| CVE-2025-21199 | Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability |
| CVE-2025-24049 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability |
| CVE-2025-24986 | Azure Promptflow Remote Code Execution Vulnerability |
| CVE-2025-26627 | Azure Arc Installer Elevation of Privilege Vulnerability |
Visual Studio (4 CVEs)
| Important severity | |
| CVE-2025-24070 | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability |
| CVE-2025-24998 | Visual Studio Installer Elevation of Privilege Vulnerability |
| CVE-2025-25003 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2025-26631 | Visual Studio Code Elevation of Privilege Vulnerability |
Excel (3 CVEs)
| Important severity | |
| CVE-2025-24075 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24081 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24082 | Microsoft Excel Remote Code Execution Vulnerability |
Word (2 CVEs)
| Important severity | |
| CVE-2025-24078 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-24079 | Microsoft Word Remote Code Execution Vulnerability |
ASP.NET (1 CVE)
| Important severity | |
| CVE-2025-24070 | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability |
.NET (1 CVE)
| Important severity | |
| CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability |
Access (1 CVE)
| Important severity | |
| CVE-2025-26630 | Microsoft Access Remote Code Execution Vulnerability |
Appendix D: Advisories and Other Products
This is a list of advisories and information on other relevant CVEs in the March Microsoft release. The issues addressed in these CVEs have already been mitigated by Chrome, but were listed in the release in the interests of transparency. Note that CVE-2025-21353 applies specially to Android.
Microsoft information:
| CVE / identifier | Product | Title |
| ADV990001 | Latest Servicing Stack Updates | |
| CVE-2025-1914 | Edge | Chromium: CVE-2025-1914 Out of bounds read in V8 |
| CVE-2025-1915 | Edge | Chromium: CVE-2025-1915 Improper Limitation of a Pathname to a Restricted Directory in DevTools |
| CVE-2025-1916 | Edge | Chromium: CVE-2025-1916 Use after free in Profiles |
| CVE-2025-1917 | Edge | Chromium: CVE-2025-1917 Inappropriate Implementation in Browser UI |
| CVE-2025-1918 | Edge | Chromium: CVE-2025-1918 Out of bounds read in PDFium |
| CVE-2025-1919 | Edge | Chromium: CVE-2025-1919 Out of bounds read in Media |
| CVE-2025-1921 | Edge | Chromium: CVE-2025-1921 Inappropriate Implementation in Media Stream |
| CVE-2025-1922 | Edge | Chromium: CVE-2025-1922 Inappropriate Implementation in Selection |
| CVE-2025-1923 | Edge | Chromium: CVE-2025-1923 Inappropriate Implementation in Permission Prompts |
| CVE-2025-26643 | Edge | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2025-25001 | Edge | Microsoft Edge for iOS Spoofing Vulnerability |
| CVE-2025-21353 | Edge | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability |
There are 9 Adobe advisories in this month’s release.
| CVE-2025-27158 | APSB25-14 | Access of Uninitialized Pointer (CWE-824) |
| CVE-2025-27159 | APSB25-14 | Use After Free (CWE-416) |
| CVE-2025-27160 | APSB25-14 | Use After Free (CWE-416) |
| CVE-2025-27161 | APSB25-14 | Out-of-bounds Read (CWE-125) |
| CVE-2025-27162 | APSB25-14 | Access of Uninitialized Pointer (CWE-824) |
| CVE-2025-27174 | APSB25-14 | Use After Free (CWE-416) |
| CVE-2025-24431 | APSB25-14 | Out-of-bounds Read (CWE-125) |
| CVE-2025-27163 | APSB25-14 | Out-of-bounds Read (CWE-125) |
| CVE-2025-27164 | APSB25-14 | Out-of-bounds Read (CWE-125) |
Appendix E: Affected Windows Server versions
This is a table of CVEs in the March release affecting nine Windows Server versions, 2008 through 2025. The table differentiates among major versions of the platform but doesn’t go into deeper detail (eg., Server Core). Critical-severity issues are marked in red; an “x” indicates that the CVE does not apply to that version. Administrators are encouraged to use this appendix as a starting point to ascertain their specific exposure, as each reader’s situation, especially as it concerns products out of mainstream support, will vary. For specific Knowledge Base numbers, please consult Microsoft.
| 2008 | 2008-R2 | 2012 | 2012-R2 | 2016 | 2019 | 2022 | 2022 23H2 | 2025 | |
| CVE-2024-9157 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21180 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-21247 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24035 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24044 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24045 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24046 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24048 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24050 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24051 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24054 | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24055 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24056 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24059 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24061 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24064 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24066 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24067 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24071 | × | × | × | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24072 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24076 | × | × | × | × | × | × | × | ■ | ■ |
| CVE-2025-24084 | × | × | × | × | × | × | ■ | ■ | ■ |
| CVE-2025-24983 | ■ | ■ | ■ | ■ | ■ | × | × | × | × |
| CVE-2025-24984 | × | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24985 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24987 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24988 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24991 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24992 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24993 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24994 | × | × | × | × | × | × | × | × | × |
| CVE-2025-24995 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24996 | × | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-24997 | × | × | × | × | × | × | ■ | ■ | ■ |
| CVE-2025-25008 | × | × | × | × | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-26633 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2025-26645 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
