Microsoft security alert.
March 11, 2025
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 55 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Internet Explorer Cumulative Security Update (KB5053593) for March 2025
- Severity
- Serious 3
- Qualys ID
- 100422
- Vendor Reference
- KB5053593
- CVE Reference
- CVE-2025-21247
- CVSS Scores
- Base 5 / Temporal 3.7
- Description
-
Internet Explorer is a web browser developed by Microsoft that is included on Microsoft Windows operating systems.
Microsoft has released KB5053593 for Internet Explorer 11 and 9
Affected Versions:
Internet Explorer 11 on Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2012.
Internet Explorer 11 on Windows Server 2008.
Internet Explorer 9 for Windows Server 2008QID Detection Logic:
This authenticated QID detects vulnerable systems based on the file version reported by "mshtml.dll". - Consequence
-
Successful exploitation allows an unauthenticated, remote attacker to bypass security restrictions and gain access to sensitive information on a targeted system.
- Solution
-
Customers are advised to review KB5053593 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5053593
-
Microsoft Office Security Update for March 2025
- Severity
- Critical 4
- Qualys ID
- 110490
- Vendor Reference
- KB5002662, KB5002690, KB5002693, KB5002694, KB5002696, KB5002697, Office Click-2-Run and Office 365 Release Notes, Office Release Notes for Mac
- CVE Reference
- CVE-2025-24057, CVE-2025-24075, CVE-2025-24077, CVE-2025-24078, CVE-2025-24079, CVE-2025-24080, CVE-2025-24081, CVE-2025-24082, CVE-2025-24083, CVE-2025-26629, CVE-2025-26630
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft has released Office Security Updates for March 2025 to fix Remote Code Execution vulnerability.
This security update contains the following:
KB5002697
KB5002696
KB5002690
KB5002693
KB5002694
KB5002662
Office Release Notes for Mac and
Office Click-2-Run and Office 365 Release NotesQID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.Operating System: MacOS
This QID checks for the vulnerable versions of affected Office Applications.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Vulnerable products may be prone to Remote Code Execution Vulnerability.
- Solution
-
Customers are advised to refer to these Article(s):
CVE-2025-24083,
CVE-2025-26630,
CVE-2025-26629,
CVE-2025-24075,
CVE-2025-24082,
CVE-2025-24081,
CVE-2025-24080,
CVE-2025-24079,
CVE-2025-24078,
CVE-2025-24077, and
CVE-2025-24057 for more information regarding these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-24057
CVE-2025-24075
CVE-2025-24077
CVE-2025-24078
CVE-2025-24079
CVE-2025-24080
CVE-2025-24081
CVE-2025-24082
CVE-2025-24083
CVE-2025-26629
CVE-2025-26630
-
Microsoft Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability for March 2025
- Severity
- Urgent 5
- Qualys ID
- 382928
- Vendor Reference
- CVE-2025-24049
- CVE Reference
- CVE-2025-24049
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
The Azure Command-Line Interface (CLI) is a cross-platform command-line tool to connect to Azure and execute administrative commands on Azure resources. It allows the execution of commands through a terminal using interactive command-line prompts or a script.
In the vulnerable versions, Azure CLI contains a vulnerability for potential code injection.
Affected Versions:
Azure CLI versions prior to v2.69.0QID Detection Logic:(Authenticated)
The QID checks for Windows registry uninstall path to find out the vulnerable versions of Azure CLI installed.
- Consequence
-
An attacker could exploit this vulnerability by passing a specially crafted key-value argument to Azure CLI, injecting arbitrary Python code that modifies runtime behavior.
- Solution
-
Microsoft has released CVE-2025-24049 to remediate this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-24049
-
Microsoft Azure Arc Installer Security Update for March 2025
- Severity
- Critical 4
- Qualys ID
- 382929
- Vendor Reference
- CVE-2025-26627
- CVE Reference
- CVE-2025-26627
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
- Azure Arc-enabled servers lets you manage Windows and Linux physical servers and virtual machines hosted outside of Azure, on your corporate network, or other cloud provider.
- Consequence
-
Successful exploitation of this vulnerability requires an attacker to exploit two separate vulnerabilities to gain elevated privileges.
- Solution
-
Customers are advised to refer to CVE-2025-26627 for more information on these vulnerabilities and their patches.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-26627
-
Microsoft Visual Studio Security Update for March 2025
- Severity
- Critical 4
- Qualys ID
- 92225
- Vendor Reference
- CVE-2025-24070, CVE-2025-24998, CVE-2025-25003
- CVE Reference
- CVE-2025-24070, CVE-2025-24998, CVE-2025-25003
- CVSS Scores
- Base 4.3 / Temporal 3.2
- Description
-
Microsoft has released February 2025 security updates for Visual Studio to fix Remote Code Execution and Elevation of Privilege vulnerabilities.
Affected Versions:
Microsoft Visual Studio 2022 version 17.13 prior to 17.13.3
Microsoft Visual Studio 2022 version 17.12 prior to 17.12.6
Microsoft Visual Studio 2022 version 17.10 prior to 17.10.12
Microsoft Visual Studio 2022 version 17.8 prior to 17.8.19
Microsoft Visual Studio 2019 version 16.0 prior to 16.11.45
Microsoft Visual Studio 2017 version 15.0 prior to 15.9.71
QID Detection Logic (Authenticated):
Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key HKLM\SOFTWARE\Microsoft and file devenv.exe to check the version of the Visual Studio. - Consequence
-
Successful exploitation of this vulnerability requires an attacker to exploit two separate vulnerabilities to gain elevated privileges.
- Solution
-
Customers are advised to refer to CVE-2025-25003 , CVE-2025-24070, CVE-2025-24998 for more information on these vulnerabilities and their patches.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-24070
CVE-2025-24998
CVE-2025-25003
-
Microsoft Windows Server Security Update for March 2025
- Severity
- Critical 4
- Qualys ID
- 92226
- Vendor Reference
- KB5053594, KB5053596, KB5053599, KB5053603, KB5053620, KB5053627, KB5053636, KB5053638, KB5053886, KB5053887, KB5053888, KB5053995
- CVE Reference
- CVE-2024-9157, CVE-2025-21180, CVE-2025-21247, CVE-2025-24035, CVE-2025-24044, CVE-2025-24045, CVE-2025-24046, CVE-2025-24048, CVE-2025-24050, CVE-2025-24051, CVE-2025-24054, CVE-2025-24055, CVE-2025-24056, CVE-2025-24059, CVE-2025-24061, CVE-2025-24064, CVE-2025-24066, CVE-2025-24067, CVE-2025-24071, CVE-2025-24072, CVE-2025-24076, CVE-2025-24084, CVE-2025-24983, CVE-2025-24984, CVE-2025-24985, CVE-2025-24987, CVE-2025-24988, CVE-2025-24991, CVE-2025-24992, CVE-2025-24993, CVE-2025-24995, CVE-2025-24996, CVE-2025-24997, CVE-2025-25008, CVE-2025-26633, CVE-2025-26645
- CVSS Scores
- Base 6.7 / Temporal 5.5
- Description
-
Microsoft Windows Server Security Update for March 2025
KB5053627
KB5053620
KB5053888
KB5053995
KB5053886
KB5053603
KB5053638
KB5053594
KB5053596
KB5053599
KB5053887
KB5053636
QID Detection Logic (Authenticated):This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5053627
KB5053620
KB5053888
KB5053995
KB5053886
KB5053603
KB5053638
KB5053594
KB5053596
KB5053599
KB5053887
KB5053636
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5053594
KB5053596
KB5053599
KB5053603
KB5053620
KB5053627
KB5053636
KB5053638
KB5053886
KB5053887
KB5053888
KB5053995
-
Microsoft Windows Security Update for March 2025
- Severity
- Critical 4
- Qualys ID
- 92227
- Vendor Reference
- KB5053594, KB5053596, KB5053598, KB5053602, KB5053606, KB5053618, KB5053636
- CVE Reference
- CVE-2024-9157, CVE-2025-21180, CVE-2025-21247, CVE-2025-24035, CVE-2025-24044, CVE-2025-24046, CVE-2025-24048, CVE-2025-24050, CVE-2025-24051, CVE-2025-24054, CVE-2025-24055, CVE-2025-24056, CVE-2025-24059, CVE-2025-24061, CVE-2025-24066, CVE-2025-24067, CVE-2025-24071, CVE-2025-24072, CVE-2025-24076, CVE-2025-24084, CVE-2025-24983, CVE-2025-24984, CVE-2025-24985, CVE-2025-24987, CVE-2025-24988, CVE-2025-24991, CVE-2025-24992, CVE-2025-24993, CVE-2025-24994, CVE-2025-24995, CVE-2025-24996, CVE-2025-24997, CVE-2025-26633, CVE-2025-26645
- CVSS Scores
- Base 6.7 / Temporal 5.5
- Description
-
Microsoft Windows Security Update for March 2025
KB5053618
KB5053594
KB5053596
KB5053598
KB5053602
KB5053606
KB5053636
QID Detection Logic (Authenticated):This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5053618
KB5053594
KB5053596
KB5053598
KB5053602
KB5053606
KB5053636
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5053594
KB5053596
KB5053598
KB5053602
KB5053606
KB5053618
KB5053636
-
Microsoft WinDbg Remote Code Execution (RCE) Vulnerability for March 2025
- Severity
- Critical 4
- Qualys ID
- 92228
- Vendor Reference
- CVE-2025-24043
- CVE Reference
- CVE-2025-24043
- CVSS Scores
- Base 7.6 / Temporal 5.6
- Description
-
WinDbg is a multipurpose debugger for the Microsoft Windows operating systems, distributed by Microsoft. This can be used to analyze crash dumps, debug live user-mode and kernel-mode code, and examine CPU registers and memory.
Affected Versions:
WinDbg build versions prior to 1.2502.25002.0QID Detection Logic:(Authenticated)
The QID uses the WMI query to find out if the vulnerable version of WinDbg is installed.
- Consequence
-
Successful exploitation of this vulnerability can lead to Remote Code Execution.
- Solution
-
Customers are advised to refer to CVE-2025-24043 for more information and to remediate this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-24043
-
Microsoft Windows Domain Name System (DNS) Remote Code Execution (RCE) Vulnerability for March 2025
- Severity
- Critical 4
- Qualys ID
- 92229
- Vendor Reference
- CVE-2025-24064
- CVE Reference
- CVE-2025-24064
- CVSS Scores
- Base 5.4 / Temporal 4
- Description
-
Microsoft Windows Domain Name Service (DNS) Remote Code Execution Vulnerability for March 2025
CVE-2025-24064
QID Detection Logic (Authenticated):This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Please refer to the following KB Articles associated with the update:
CVE-2025-24064
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-24064
-
Microsoft ASP.NET Core Security Update for March 2025
- Severity
- Critical 4
- Qualys ID
- 92230
- Vendor Reference
- CVE-2025-24070
- CVE Reference
- CVE-2025-24070
- CVSS Scores
- Base 6.6 / Temporal 4.9
- Description
-
Microsoft has released February 2024 security updates for .NET Core and ASP.NET Core to fix multiple security vulnerabilities.
Affected versions:
ASP.NET Core and .NET Core 9.0 before version 9.0.3
ASP.NET Core and .NET Core 8.0 before version 8.0.14
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
- Consequence
- Weak authentication in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
- Solution
-
Customers are advised to refer to CVE-2025-24070 for more information on the vulnerability and it's patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-24070
-
Microsoft Visual Studio Code Security Update for March 2025
- Severity
- Critical 4
- Qualys ID
- 92232
- Vendor Reference
- CVE-2025-26631
- CVE Reference
- CVE-2025-26631
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux.
Affected Versions:
Visual studio code prior to version 1.98.0QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Visual Studio Code.
- Consequence
-
Vulnerable versions of Visual Studio may be prone to Remote Code Execution and.
- Solution
-
Customers are advised to refer to:
CVE-2025-26631 for further patch details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2023-32002
These new vulnerability checks are included in Qualys vulnerability signature 2.6.273-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 100422
- 110490
- 382928
- 382929
- 92225
- 92226
- 92227
- 92228
- 92229
- 92230
- 92232
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.