March 2025 Security News and Microsoft Patch Tuesday Update

In this month’s cybersecurity news breakdown, Head Security Nerd Lewis Pope offers a critical overview of current threat activity, nation-state actor updates, and essential guidance for IT professionals and MSPs. This episode also includes a comprehensive look at March’s Microsoft Patch Tuesday and highlights several vulnerabilities and advisories that demand immediate attention. In This Podcast, You Will Learn:How Silk Typhoon is shifting to target cloud environments and MSP supply chainsWhy low-tech attacks like QR-code-based mail extortion are bypassing traditional controlsThe security risks of VMware CVEs and VM-to-host escape exploitsThe importance of monitoring for “Living off the Land” remote tools used in ransomware campaignsWhy old CVEs from as far back as 2018 are still active—and how poor patching practices allow itWhat "Pastejacking" is and why it's now a rising threat vector in user-targeted attacksThe details and implications of March's Patch Tuesday, including 6 zero-day vulnerabilities and 137 deployment packagesThe risks of running unsupported Windows OS versions and how they accumulate unpatched vulnerabilities over timeKey Microsoft Patch Tuesday Highlights for March 2025 (16:24):59 vulnerabilities addressed (56 new), including: 6 Zero-days under active exploitation 7 Critical vulnerabilitiesEmphasis on patching important-rated zero-days, not just "critical" scores1218 deployment combinations needed—highlighting the complexity of enterprise patchingImportant fixes for:USB printer issues on Windows 10/11CVE-2025-24983: Win32k EoP vuln on older systemsWindows Cryptographic Services bypass (CVE-2024-3098)Extended impact of CVE-2024-49116 to more Windows Server versions Windows Server 2022 patch may hang at 100% for extended periods—monitor closely Disclaimer: This podcast provides educational information about issues that may be relevant to information technology service providers. Nothing in the podcast should be construed as any recommendation or endorsement by N-able, or as legal or any other advice. The views expressed by guests are their own and their appearance on the podcast does not imply an endorsement of them or any entity they represent. Views and opinions expressed by N-able employees are those of the employees and do not necessarily reflect the view of N-able or its officers and directors. The podcast may also contain forward-looking statements regarding future product plans, functionality, or development efforts that should not be interpreted as a commitment from N-able related to any deliverables or timeframe. All content is based on information available at the time of recording, and N-able has no obligation to update any forward-looking statements. https://www.n-able.com

There are no comments yet.

Please log in to write the first comment.