***If you are receiving this email, it is because you subscribed to it. If you have not subscribed and want to unsubscribe, click here. Please do not mark as spam instead. We've had some problems lately with email blacklisting. We'd appreciate if you unsubscribe if you don't want mailings from us.***
Welcome to my March 2025 Patch Monday newsletter! We only have one zero day to talk about for the past 30 days. Although it is a single CVE, it affects a few different products including Google Chrome, Apple's macOS Sequoia, iOS, iPadOS and Safari. The CVE is CVE-2025-24201. Apple released updates on March 11th and Chrome released an update on March 10th. This vulnerability addresses an out-of-bounds write issue and the update improves checks to prevent unauthorized actions. So, you will want to get these applications update ASAP.
In addition to these, Chrome released six updated versions of their browser to patch an additional 28 vulnerabilities totaling 29 patched in the last 30 days. Of these 10 are rated critical including our zero day. There is also another update address that isn't a zero day but it is rated Critical by Google Chrome which we don't often see. So, you will want to make sure your browsers get restarted to finalize these updates.
Besides these it was a pretty standard month for Adobe, Mozilla and Zoom. See the chart below for the rest of the patches.
This month's newsletter sponsor, LOGbinder, is releasing a new version of Supercharger for Windows Event Collection this week. I am hosting a webinar for them on Thursday where we will be discussing all the steps to setup Windows Event Collection for "internet" aka "off network" endpoints. Then we'll see how Supercharger takes this huge process and makes it extremely easy to get done. This is one you won't want to miss. Register for it now!
Be sure to browse the chart below and happy patching!
|
|
So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.
|
Patch data provided by: |
 |
||||
|
Identifier |
Vendor/ |
Affected Versions |
Date Released |
Vulnerability Info |
Vender Severity / Our Recommedation |
|
Adobe Acrobat and Reader |
DC/Reader DC Continuous 25.001.20428 and earlier |
3/11/2025 |
Arbitrary Code Execution, Memory Leak |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Sampler |
4.5.2 and earlier |
3/11/2025 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Illustrator |
2024 28.7.4 and earlier |
3/11/2025 |
Arbitrary Code Execution, Application DoS, Memory Leak |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Painter |
10.1.2 and earlier |
3/11/2025 |
Arbitrary Code Execution |
Critical Priority 3: Update at admin's discretion |
|
|
Adobe InDesign |
ID20.1 and earlier |
3/11/2025 |
Arbitrary Code Execution, Application DoS, Memory Leak |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Modeler |
1.15 and earlier |
3/11/2025 |
Arbitrary Code Execution, Memory Leak |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Designer |
14.1 and earlier |
3/11/2025 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Apple macOS Sequoia |
Before 15.3.2 |
3/11/2025 |
Out of Bounds Write | Update ASAP | |
|
Apple Safari |
Before 18.3.1 |
3/11/2025 |
Out of Bounds Write | Update ASAP | |
|
Apple iOS |
iOS/iPadOS before 18.3.2 |
3/11/2025 |
Out of Bounds Write | Update ASAP | |
|
Google |
Before 134.0.6998.117 (Linux) |
3/19/2025 |
Heap Buffer Overflow, Improper Limitation, Inappropriate Implementation, Out of Bounds, Type Confusion, Use After Free |
Update ASAP | |
|
Mozilla Thunderbird |
Before 136 |
3/4/2025 |
Arbitrary Code Execution, Clickjacking, Out of Bounds, Privacy Leak, Security Feature Bypass, Use After Free, User Confusion |
Update after testing |
|
|
Mozilla Thunderbird ESR |
Before 128.8 |
3/4/2025 |
Arbitrary Code Execution, Clickjacking, Out of Bounds, Privacy Leak, Security Feature Bypass, Use After Free, User Confusion |
Update after testing |
|
|
Mozilla Firefox |
Before 136 |
3/4/2025 |
Arbitrary Code Execution, Clickjacking, Memory Corruption, Out of Bounds, Phishing, Privacy Leak, Security Feature Bypass, Tapjacking, Use After Free |
Update after testing |
|
|
Mozilla Firefox ESR |
Before 128.8 |
3/4/2025 |
Arbitrary Code Execution, Clickjacking, Out of Bounds, Security Feature Bypass, Use After Free |
Update after testing |
|
|
Mozilla Firefox for iOS |
Before 136 |
2/24/2025 |
Security Feature Bypass, Spoofing |
Update after testing |
|
|
Zoom App for iOS |
Workplace App before 6.3.0 |
3/11/2025 |
Denial of Service |
Update after testing |
|
|
Multiple CVE's |
Zoom Workplace Apps |
Desktop for Windows/macOS/Linux before 6.3.0 |
3/11/2025 |
CVE-2025-0149 Denial of Service CVE-2025-0151 Use After Free CVE-2025-27439 Buffer Overflow CVE-2025-27440 Privilege Escalation |
Update after testing |
Thanks as always for reading and best wishes on security,
Randy Franklin Smith
Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.
9450 SW Gemini Drive #53822, Beaverton, OR 97008
Note: We do our best to provide quality information and expert commentary but use all information at your own risk.