***If you are receiving this email, it is because you subscribed to it. If you have not subscribed and want to unsubscribe, click here. Please do not mark as spam instead. We've had some problems lately with email blacklisting. We'd appreciate if you unsubscribe if you don't want mailings from us.***

Welcome to my March 2025 Patch Monday newsletter! We only have one zero day to talk about for the past 30 days. Although it is a single CVE, it affects a few different products including Google Chrome, Apple's macOS Sequoia, iOS, iPadOS and Safari. The CVE is CVE-2025-24201. Apple released updates on March 11th and Chrome released an update on March 10th. This vulnerability addresses an out-of-bounds write issue and the update improves checks to prevent unauthorized actions. So, you will want to get these applications update ASAP.

In addition to these, Chrome released six updated versions of their browser to patch an additional 28 vulnerabilities totaling 29 patched in the last 30 days. Of these 10 are rated critical including our zero day. There is also another update address that isn't a zero day but it is rated Critical by Google Chrome which we don't often see. So, you will want to make sure your browsers get restarted to finalize these updates.

Besides these it was a pretty standard month for Adobe, Mozilla and Zoom. See the chart below for the rest of the patches.

This month's newsletter sponsor, LOGbinder, is releasing a new version of Supercharger for Windows Event Collection this week. I am hosting a webinar for them on Thursday where we will be discussing all the steps to setup Windows Event Collection for "internet" aka "off network" endpoints. Then we'll see how Supercharger takes this huge process and makes it extremely easy to get done. This is one you won't want to miss. Register for it now!

Be sure to browse the chart below and happy patching!

Follow randyfsmith on X

Subscribe to Randy Franklin Smith on Facebook

So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.

Patch data provided by:

Identifier

Vendor/
Product

Affected Versions

Date Released
by Vendor

Vulnerability Info

Vender Severity / Our Recommedation

Multiple CVE's

Adobe Acrobat and Reader

DC/Reader DC Continuous 25.001.20428 and earlier

Classic 2024 24.001.30225 and earlier

Classic 2020 20.005.30748 and earlier

3/11/2025

Arbitrary Code Execution,
Memory Leak

Critical Priority 3: Update at admins discretion

Multiple CVE's

Adobe Substance 3D Sampler

4.5.2 and earlier

3/11/2025

Arbitrary Code Execution

Critical Priority 3: Update at admins discretion

Multiple CVE's

Adobe Illustrator

2024 28.7.4 and earlier

2025 29.2.1 and earlier

3/11/2025

Arbitrary Code Execution,
Application DoS,
Memory Leak

Critical Priority 3: Update at admins discretion

Multiple CVE's

Adobe Substance 3D Painter

10.1.2 and earlier

3/11/2025

Arbitrary Code Execution

Critical Priority 3: Update at admin's discretion

Multiple CVE's

Adobe InDesign

ID20.1 and earlier

ID19.5.2 and earlier

3/11/2025

Arbitrary Code Execution,
Application DoS,
Memory Leak

Critical Priority 3: Update at admins discretion

Multiple CVE's

Adobe Substance 3D Modeler

1.15 and earlier

3/11/2025

Arbitrary Code Execution,
Memory Leak

Critical Priority 3: Update at admins discretion

Multiple CVE's

Adobe Substance 3D Designer

14.1 and earlier

3/11/2025

Arbitrary Code Execution

Critical Priority 3: Update at admins discretion

CVE-2025-24201

Apple macOS Sequoia

Before 15.3.2

3/11/2025

Out of Bounds Write Update ASAP

CVE-2025-24201

Apple Safari

Before 18.3.1

3/11/2025

Out of Bounds Write Update ASAP

CVE-2025-24201

Apple iOS

iOS/iPadOS before 18.3.2

3/11/2025

Out of Bounds Write Update ASAP

Multiple CVE's

Google
Chrome

Before 134.0.6998.117 (Linux)

Before 134.0.6998.117/118 (Windows/Mac)

3/19/2025

Heap Buffer Overflow,
Improper Limitation,
Inappropriate Implementation,
Out of Bounds,
Type Confusion,
Use After Free
Update ASAP

Multiple CVE's

Mozilla Thunderbird

Before 136

3/4/2025

Arbitrary Code Execution,
Clickjacking,
Out of Bounds,
Privacy Leak,
Security Feature Bypass,
Use After Free,
User Confusion

Update after testing

Multiple CVE's

Mozilla Thunderbird ESR

Before 128.8

3/4/2025

Arbitrary Code Execution,
Clickjacking,
Out of Bounds,
Privacy Leak,
Security Feature Bypass,
Use After Free,
User Confusion

Update after testing

Multiple CVE's

Mozilla Firefox

Before 136

3/4/2025

Arbitrary Code Execution,
Clickjacking,
Memory Corruption,
Out of Bounds,
Phishing,
Privacy Leak,
Security Feature Bypass,
Tapjacking,
Use After Free

Update after testing

Multiple CVE's

Mozilla Firefox ESR

Before 128.8

3/4/2025

Arbitrary Code Execution,
Clickjacking,
Out of Bounds,
Security Feature Bypass,
Use After Free

Update after testing

Multiple CVE's

Mozilla Firefox for iOS

Before 136

2/24/2025

Security Feature Bypass,
Spoofing

Update after testing

CVE-2025-0150

Zoom App for iOS

Workplace App before 6.3.0
Meeting SDK before 6.3.0

3/11/2025

Denial of Service

Update after testing

Multiple CVE's

Zoom Workplace Apps

Desktop for Windows/macOS/Linux before 6.3.0

Workplace App for iOS/Android before 6.3.0

Workplace VDI Client for Windows before 6.2.10

Rooms Controller for Windows/macOS/Linux/Android before 6.3.0

Rooms Client for Windows/macOS/Android/iPad before 6.3.0

Meeting SDK for Windows/iOS/Android/macOS/Linux before 6.3.0

3/11/2025

CVE-2025-0149
Denial of Service

CVE-2025-0151
Use After Free

CVE-2025-27439
Buffer Overflow

CVE-2025-27440
Privilege Escalation

Update after testing

Thanks as always for reading and best wishes on security,

Randy Franklin Smith

Follow randyfsmith on Twitter Subscribe to Randy Franklin Smith on Facebook

Click here to unsubscribe

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.

9450 SW Gemini Drive #53822, Beaverton, OR 97008

Note: We do our best to provide quality information and expert commentary but use all information at your own risk.