Sign up to save your podcasts
Or
Share March 2025 Security News and Microsoft Patch Tuesday Update
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
March 2025 Security News and Microsoft Patch Tuesday Update
In this month’s cybersecurity news breakdown, Head Security Nerd Lewis Pope offers a critical overview of current threat activity, nation-state actor updates, and essential guidance for IT professionals and MSPs. This episode also includes a comprehensive look at March’s Microsoft Patch Tuesday and highlights several vulnerabilities and advisories that demand immediate attention.
In This Podcast, You Will Learn:
- How Silk Typhoon is shifting to target cloud environments and MSP supply chains
- Why low-tech attacks like QR-code-based mail extortion are bypassing traditional controls
- The security risks of VMware CVEs and VM-to-host escape exploits
- The importance of monitoring for “Living off the Land” remote tools used in ransomware campaigns
- Why old CVEs from as far back as 2018 are still active—and how poor patching practices allow it
- What "Pastejacking" is and why it's now a rising threat vector in user-targeted attacks
- The details and implications of March's Patch Tuesday, including 6 zero-day vulnerabilities and 137 deployment packages
- The risks of running unsupported Windows OS versions and how they accumulate unpatched vulnerabilities over time
Key Microsoft Patch Tuesday Highlights for March 2025 (16:24):
- 59 vulnerabilities addressed (56 new), including:
- 6 Zero-days under active exploitation
- 7 Critical vulnerabilities
- Emphasis on patching important-rated zero-days, not just "critical" scores
- 1218 deployment combinations needed—highlighting the complexity of enterprise patching
- Important fixes for:
- USB printer issues on Windows 10/11
- CVE-2025-24983: Win32k EoP vuln on older systems
- Windows Cryptographic Services bypass (CVE-2024-3098)
- Extended impact of CVE-2024-49116 to more Windows Server versions
- Windows Server 2022 patch may hang at 100% for extended periods—monitor closely
Disclaimer: This podcast provides educational information about issues that may be relevant to information technology service providers. Nothing in the podcast should be construed as any recommendation or endorsement by N-able, or as legal or any other advice. The views expressed by guests are their own and their appearance on the podcast does not imply an endorsement of them or any entity they represent. Views and opinions expressed by N-able employees are those of the employees and do not necessarily reflect the view of N-able or its officers and directors. The podcast may also contain forward-looking statements regarding future product plans, functionality, or development efforts that should not be interpreted as a commitment from N-able related to any deliverables or timeframe. All content is based on information available at the time of recording, and N-able has no obligation to update any forward-looking statements. https://www.n-able.com
View all episodes
By N-ableIn this month’s cybersecurity news breakdown, Head Security Nerd Lewis Pope offers a critical overview of current threat activity, nation-state actor updates, and essential guidance for IT professionals and MSPs. This episode also includes a comprehensive look at March’s Microsoft Patch Tuesday and highlights several vulnerabilities and advisories that demand immediate attention.
In This Podcast, You Will Learn:
- How Silk Typhoon is shifting to target cloud environments and MSP supply chains
- Why low-tech attacks like QR-code-based mail extortion are bypassing traditional controls
- The security risks of VMware CVEs and VM-to-host escape exploits
- The importance of monitoring for “Living off the Land” remote tools used in ransomware campaigns
- Why old CVEs from as far back as 2018 are still active—and how poor patching practices allow it
- What "Pastejacking" is and why it's now a rising threat vector in user-targeted attacks
- The details and implications of March's Patch Tuesday, including 6 zero-day vulnerabilities and 137 deployment packages
- The risks of running unsupported Windows OS versions and how they accumulate unpatched vulnerabilities over time
Key Microsoft Patch Tuesday Highlights for March 2025 (16:24):
- 59 vulnerabilities addressed (56 new), including:
- 6 Zero-days under active exploitation
- 7 Critical vulnerabilities
- Emphasis on patching important-rated zero-days, not just "critical" scores
- 1218 deployment combinations needed—highlighting the complexity of enterprise patching
- Important fixes for:
- USB printer issues on Windows 10/11
- CVE-2025-24983: Win32k EoP vuln on older systems
- Windows Cryptographic Services bypass (CVE-2024-3098)
- Extended impact of CVE-2024-49116 to more Windows Server versions
- Windows Server 2022 patch may hang at 100% for extended periods—monitor closely
Disclaimer: This podcast provides educational information about issues that may be relevant to information technology service providers. Nothing in the podcast should be construed as any recommendation or endorsement by N-able, or as legal or any other advice. The views expressed by guests are their own and their appearance on the podcast does not imply an endorsement of them or any entity they represent. Views and opinions expressed by N-able employees are those of the employees and do not necessarily reflect the view of N-able or its officers and directors. The podcast may also contain forward-looking statements regarding future product plans, functionality, or development efforts that should not be interpreted as a commitment from N-able related to any deliverables or timeframe. All content is based on information available at the time of recording, and N-able has no obligation to update any forward-looking statements. https://www.n-able.com