Microsoft September 2025 Patch Tuesday Fixes 80+ Vulnerabilities, Including 2 Zero-Day Flaws - LinkedIn

Microsoft has rolled out its September 2025 Patch Tuesday updates, fixing 81 security vulnerabilities across products such as Windows, Microsoft Office, Azure, and SQL Server. This month’s release addresses a variety of issues, including 22 Remote Code Execution (RCE) vulnerabilities, making it particularly important for system administrators. Of the total flaws, 8 are rated Critical, while the remaining 73 are classified as Important. Breakdown of Vulnerabilities: 1 Spoofing 2 Security Feature Bypass 4 Denial of Service (DoS) 14 Information Disclosure 22 Remote Code Execution (RCE) 38 Elevation of Privilege (EoP) Publicly Disclosed Zero-Day Vulnerabilities Microsoft’s latest Patch Tuesday release addresses two critical zero-day vulnerabilities affecting Windows SMB Server and Microsoft SQL Server. A "zero-day" vulnerability refers to a security flaw that is publicly disclosed or actively exploited before an official patch becomes available, leaving systems at risk until a fix is released. This month’s update brings long-awaited fixes for the following two zero-day vulnerabilities: CVE-2025-55234 – Windows SMB Server Elevation of Privilege Vulnerability One of the most significant fixes targets a vulnerability in the Windows SMB (Server Message Block) Server, classified as an elevation of privilege flaw. The vulnerability, tracked as CVE-2025-55234, can be exploited through relay attacks—techniques where an attacker intercepts and forwards authentication requests to gain unauthorized access or elevated privileges on a system. Microsoft’s advisory explains: “SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make users subject to elevation of privilege attacks.” To mitigate this risk, Windows has long included security features designed to harden SMB Server environments, such as SMB Server Signing and SMB Server Extended Protection for Authentication (EPA). These settings help prevent tampering with authentication messages, reducing the risk of man-in-the-middle attacks. However, enabling these features can cause compatibility issues with older devices and legacy SMB implementations, creating a dilemma for organizations balancing security with operational stability. To address this, Microsoft recommends enabling auditing on SMB servers before enforcing these hardening features. This allows administrators to identify any devices or applications that might break once SMB Signing or EPA is fully enabled. Microsoft adds: “As part of the Windows updates released on and after September 9, 2025 (CVE-2025-55234), support is enabled for auditing SMB client compatibility for SMB Server signing as well as SMB Server EPA.” Interestingly, Microsoft has not attributed the discovery of this vulnerability to any specific researcher or security firm, nor has it provided details on the initial public disclosure source. CVE-2024-21907 – Improper Handling of Exceptional Conditions in Newtonsoft.Json The second zero-day, CVE-2024-21907, involves a widely used open-source component, Newtonsoft.Json, which is included in Microsoft SQL Server distributions. The vulnerability, originally disclosed in 2024 by VulnCheck, arises from the improper handling of exceptional conditions in Newtonsoft.Json before version 13.0.1. According to Microsoft’s documentation: “Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.” This flaw is particularly concerning because it allows a remote attacker—with no authentication—to crash vulnerable systems by sending specially crafted data payloads. While the attack is limited to denial-of-service (DoS) rather than remote code execution, the potential impact on production SQL Server environments could be significant, particularly for mission-critical applications. The September Patch Tuesday updates incorporate the patched version of Newtonsoft.Json to prevent this issue, ensuring that SQL Server installations using older versions of the library are now secured against this attack vector. Summary and Recommendations Both vulnerabilities highlight the challenges of maintaining secure enterprise environments in the face of rapidly evolving threats: For SMB Server (CVE-2025-55234): For SQL Server / Newtonsoft.Json (CVE-2024-21907): Microsoft’s September 2025 Patch Tuesday delivers crucial updates addressing significant vulnerabilities. Users and administrators are encouraged to review and apply these updates promptly to enhance system security. Complete Break Down of Patch Tuesday Vulnerabilities 🔴 CRITICAL: CVE-2025-54914 Azure Networking Elevation of Privilege Vulnerability CVE-2025-55244 Azure Bot Service Elevation of Privilege Vulnerability CVE-2025-55241 Azure Entra Elevation of Privilege Vulnerability CVE-2025-55238 Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability CVE-2025-55236 Graphics Kernel Remote Code Execution Vulnerability CVE-2025-55226 Graphics Kernel Remote Code Execution Vulnerability CVE-2025-53800 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2025-54910 Microsoft Office Remote Code Execution Vulnerability CVE-2025-53799 Windows Imaging Component Information Disclosure Vulnerability CVE-2025-54918 Windows NTLM Elevation of Privilege Vulnerability CVE-2025-55224 Windows Hyper-V Remote Code Execution Vulnerability CVE-2025-55228 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-55242 Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability 🟡 IMPORTANT: CVE-2025-55316 Azure Arc Elevation of Privilege Vulnerability CVE-2025-49692 Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2025-54108 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability CVE-2025-55223 DirectX Graphics Kernel Elevation of Privilege Vulnerability CVE-2025-55317 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability CVE-2025-54105 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-53807 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2025-55232 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability CVE-2025-55243 Microsoft OfficePlus Spoofing Vulnerability CVE-2025-54906 Microsoft Office Remote Code Execution Vulnerability CVE-2025-54902 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54899 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54904 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54903 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54898 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54896 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54900 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-54901 Microsoft Excel Information Disclosure Vulnerability CVE-2025-54908 Microsoft PowerPoint Remote Code Execution Vulnerability CVE-2025-54897 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2025-54907 Microsoft Office Visio Remote Code Execution Vulnerability Recommended by LinkedIn Beyond 'npm run build': The Server Security Skills No… Chandan Thakur 4 months ago What Happened Over the Week? | CVEs Edition BRANDEFENSE 1 year ago How to Create an SSH Key and configure key-based… Altair Lage 4 days ago CVE-2025-54905 Microsoft Word Information Disclosure Vulnerability CVE-2025-54112 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability CVE-2025-54092 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-54091 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-54115 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-54098 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-47997 Microsoft SQL Server Information Disclosure Vulnerability CVE-2025-55227 Microsoft SQL Server Elevation of Privilege Vulnerability CVE-2025-54099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-54911 Windows BitLocker Elevation of Privilege Vulnerability CVE-2025-54912 Windows BitLocker Elevation of Privilege Vulnerability CVE-2025-53802 Windows Bluetooth Service Elevation of Privilege Vulnerability CVE-2025-54102 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability CVE-2025-54114 Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability CVE-2025-53810 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-53808 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-54094 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-54915 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-54109 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-54104 Windows Defender Firewall Service Elevation of Privilege Vulnerability CVE-2025-53801 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2025-53805 HTTP.sys Denial of Service Vulnerability CVE-2025-53803 Windows Kernel Memory Information Disclosure Vulnerability CVE-2025-53804 Windows Kernel-Mode Driver Information Disclosure Vulnerability CVE-2025-54110 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-54894 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability CVE-2025-53809 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability CVE-2025-54103 Windows Management Service Elevation of Privilege Vulnerability CVE-2025-54107 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-54917 MapUrlToZone Security Feature Bypass Vulnerability CVE-2025-54116 Windows MultiPoint Services Elevation of Privilege Vulnerability CVE-2025-54916 Windows NTFS Remote Code Execution Vulnerability CVE-2025-49734 PowerShell Direct Elevation of Privilege Vulnerability CVE-2025-54095 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-54096 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53797 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53796 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-54106 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-54097 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53798 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-54113 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-55225 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53806 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-55234 Windows SMB Elevation of Privilege Vulnerability CVE-2025-54101 Windows SMB Client Remote Code Execution Vulnerability CVE-2025-54895 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability CVE-2025-54093 Windows TCP/IP Driver Elevation of Privilege Vulnerability CVE-2025-54913 Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability CVE-2025-54111 Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability CVE-2025-54919 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-55245 Xbox Gaming Services Elevation of Privilege Vulnerability 🟢 MODERATE: CVE-2025-53791 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability ⚪️ UNKNOWN: CVE-2025-9866 Chromium: CVE-2025-9866 Inappropriate implementation in Extensions CVE-2025-9867 Chromium: CVE-2025-9867 Inappropriate implementation in Downloads CVE-2025-9864 Chromium: CVE-2025-9864 Use after free in V8 CVE-2025-9865 Chromium: CVE-2025-9865 Inappropriate implementation in Toolbar CVE-2024-21907 VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json REMINDER: Support for Windows 10 will end in October 2025! After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but it is recommended you move to Windows 11 for continued security and updates.