CVE-2025-24984 Windows NTFS Information Disclosure Vulnerability
Published March 11, 2025
Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.
Microsoft Security Response Center Blog Alerts
CVE-2025-24050 Windows Hyper-V Elevation of Privilege Vulnerability
Published March 11, 2025
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-24083 Microsoft Office Remote Code Execution Vulnerability
Published March 11, 2025
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2022-30170 Windows Credential Roaming Service Elevation of Privilege Vulnerability
Published March 11, 2025
In the Security Updates table added Windows Server 2022, 23H2 Edition (Server Core installation) as it is affected by this vulnerability. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
CVE-2025-24983 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Published March 11, 2025
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2025-24048 Windows Hyper-V Elevation of Privilege Vulnerability
Published March 11, 2025
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-24082 Microsoft Excel Remote Code Execution Vulnerability
Published March 11, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability
Published March 11, 2025
The following updates have been made to CVE-2024-30098:
1. In the Security Updates table, added all supported versions of the following as they are affected by this vulnerability: Windows 11 24H2 and Windows Server 2025.
2. To comprehensively address this vulnerability, Microsoft has released March 2025 security updates for all affected versions of Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2022 23H2 Edition, Windows 10, and Windows 11.
3. Updated the “Are there any further actions I need to take to be protected from this vulnerability?” FAQ to state that Starting with the April 2025, the fix will automatically generate an audit event in cases where the Cryptographic Service Provider (CSP) is being used with RSA keys. If you have not already enabled the fix using the DisableCapiOverrideForRSA setting, you should monitor your systems for any error events in the Windows system event log. See the FAQ section of this CVE for more information.
CVE-2025-24084 Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability
Published March 11, 2025
Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.
CVE-2025-24046 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
Published March 11, 2025
Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
