CVE-2025-24983 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Published March 11, 2025
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
Microsoft Security Response Center Blog Alerts
CVE-2025-24048 Windows Hyper-V Elevation of Privilege Vulnerability
Published March 11, 2025
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-24082 Microsoft Excel Remote Code Execution Vulnerability
Published March 11, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability
Published March 11, 2025
The following updates have been made to CVE-2024-30098:
1. In the Security Updates table, added all supported versions of the following as they are affected by this vulnerability: Windows 11 24H2 and Windows Server 2025.
2. To comprehensively address this vulnerability, Microsoft has released March 2025 security updates for all affected versions of Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2022 23H2 Edition, Windows 10, and Windows 11.
3. Updated the “Are there any further actions I need to take to be protected from this vulnerability?” FAQ to state that Starting with the April 2025, the fix will automatically generate an audit event in cases where the Cryptographic Service Provider (CSP) is being used with RSA keys. If you have not already enabled the fix using the DisableCapiOverrideForRSA setting, you should monitor your systems for any error events in the Windows system event log. See the FAQ section of this CVE for more information.
CVE-2025-24084 Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability
Published March 11, 2025
Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.
CVE-2025-24046 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
Published March 11, 2025
Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
CVE-2025-24081 Microsoft Excel Remote Code Execution Vulnerability
Published March 11, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-26634 Windows Core Messaging Elevation of Privileges Vulnerability
Published March 11, 2025
Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.
CVE-2025-24076 Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability
Published March 11, 2025
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
CVE-2025-24045 Windows Remote Desktop Services Remote Code Execution Vulnerability
Published March 11, 2025
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
