Skip to content
BLOG

Patch Tuesday March 2025

Brock Bingham candid headshot
Brock Bingham|March 11, 2025
Patch Tuesday (light blue)
Patch Tuesday (light blue)
Sections

We are back for a very special Patch Tuesday recap. That’s right, it’s March 11, otherwise known as 311 Day for all my fellow 80s and 90s kids who grew up listening to questionable music. That means you have my permission to rock out while deploying patches today. And if you’ve already automated all your patch deployments with PDQ Connect or PDQ Deploy & Inventory, then feel free to just relax and listen to some nostalgic jams, because you deserve it.

Alright, let’s get “Down” with these patch notes so we can change those alert statuses from “Amber” to green!

  • Total exploits patched: 56

  • Critical patches: 6

  • Already known or exploited: 6

Some highlights (or lowlights)

  • CVE-2025-26645: Our highest-rated CVE coming in at an underwhelming 8.8, CVE-2025-26645 impacts vulnerable Remote Desktop clients. If a vulnerable client connects to a compromised Remote Desktop server, an attacker could trigger a remote code execution (RCE) on the vulnerable client.

  • CVE-2025-24064: As if DNS doesn't already get enough abuse from the IT community, now it's got a shiny new vulnerability in the form of CVE-2025-24064. Rated an 8.1, this exploit could potentially allow an attacker to remotely execute code by sending a perfectly timed dynamic DNS update message to a DNS server.

  • And in place of a third highlight, let's instead point out the fact that there are like 9 CVEs all impacting Microsoft Office, Word, Excel, and Access. Pretty much all of these vulnerabilities require users to download malicious files, but only some of them can leverage the Preview Pane as an attack vector. Needless to say, if your organization uses Office, you've got some patching to do. If your organization uses Google Workspace, feel free to gloat.

Wrapping up

Unfortunately, we didn’t have 311 patches to deploy on 311 Day. That would have led to some wild conspiracy theories that I would get “All Mixed Up” in. Oh well, there’s always next time — which is March 11, 2031. Until then, keep your endpoints patched and your users from clicking on shady attachments.

Loading...

Brock Bingham candid headshot
Brock Bingham

Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.

Related articles

Green PDQ Connect logo on vintage computer

Deploying large files with PDQ Connect

PRODUCT

Dog drooling while reading content on laptop

How to remove the new Outlook

PRODUCT

Hero image illustration of PowerShell logo with rings.

How to create shortcuts on user desktops

POWERSHELL