Microsoft September 2025 Patch Tuesday Fixes 80+ Vulnerabilities, Including 2 Zero-Day Flaws

Microsoft has rolled out its September 2025 Patch Tuesday updates, fixing 81 security vulnerabilities across products such as Windows, Microsoft Office, Azure, and SQL Server.

This month’s release addresses a variety of issues, including 22 Remote Code Execution (RCE) vulnerabilities, making it particularly important for system administrators. Of the total flaws, 8 are rated Critical, while the remaining 73 are classified as Important.

Breakdown of Vulnerabilities:

• 1 Spoofing
• 2 Security Feature Bypass
• 4 Denial of Service (DoS)
• 14 Information Disclosure
• 22 Remote Code Execution (RCE)
• 38 Elevation of Privilege (EoP)

Publicly Disclosed Zero-Day Vulnerabilities

Microsoft’s latest Patch Tuesday release addresses two critical zero-day vulnerabilities affecting Windows SMB Server and Microsoft SQL Server. A "zero-day" vulnerability refers to a security flaw that is publicly disclosed or actively exploited before an official patch becomes available, leaving systems at risk until a fix is released.

This month’s update brings long-awaited fixes for the following two zero-day vulnerabilities:

CVE-2025-55234 – Windows SMB Server Elevation of Privilege Vulnerability

One of the most significant fixes targets a vulnerability in the Windows SMB (Server Message Block) Server, classified as an elevation of privilege flaw. The vulnerability, tracked as CVE-2025-55234, can be exploited through relay attacks—techniques where an attacker intercepts and forwards authentication requests to gain unauthorized access or elevated privileges on a system.

Microsoft’s advisory explains:

“SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make users subject to elevation of privilege attacks.”

To mitigate this risk, Windows has long included security features designed to harden SMB Server environments, such as SMB Server Signing and SMB Server Extended Protection for Authentication (EPA). These settings help prevent tampering with authentication messages, reducing the risk of man-in-the-middle attacks.

However, enabling these features can cause compatibility issues with older devices and legacy SMB implementations, creating a dilemma for organizations balancing security with operational stability.

To address this, Microsoft recommends enabling auditing on SMB servers before enforcing these hardening features. This allows administrators to identify any devices or applications that might break once SMB Signing or EPA is fully enabled.

Microsoft adds:

“As part of the Windows updates released on and after September 9, 2025 (CVE-2025-55234), support is enabled for auditing SMB client compatibility for SMB Server signing as well as SMB Server EPA.”

Interestingly, Microsoft has not attributed the discovery of this vulnerability to any specific researcher or security firm, nor has it provided details on the initial public disclosure source.

CVE-2024-21907 – Improper Handling of Exceptional Conditions in Newtonsoft.Json

The second zero-day, CVE-2024-21907, involves a widely used open-source component, Newtonsoft.Json, which is included in Microsoft SQL Server distributions. The vulnerability, originally disclosed in 2024 by VulnCheck, arises from the improper handling of exceptional conditions in Newtonsoft.Json before version 13.0.1.

According to Microsoft’s documentation:

“Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.”

This flaw is particularly concerning because it allows a remote attacker—with no authentication—to crash vulnerable systems by sending specially crafted data payloads. While the attack is limited to denial-of-service (DoS) rather than remote code execution, the potential impact on production SQL Server environments could be significant, particularly for mission-critical applications.

The September Patch Tuesday updates incorporate the patched version of Newtonsoft.Json to prevent this issue, ensuring that SQL Server installations using older versions of the library are now secured against this attack vector.

Summary and Recommendations

Both vulnerabilities highlight the challenges of maintaining secure enterprise environments in the face of rapidly evolving threats:

• For SMB Server (CVE-2025-55234):
• For SQL Server / Newtonsoft.Json (CVE-2024-21907):

Microsoft’s September 2025 Patch Tuesday delivers crucial updates addressing significant vulnerabilities. Users and administrators are encouraged to review and apply these updates promptly to enhance system security.

Complete Break Down of Patch Tuesday Vulnerabilities

🔴 CRITICAL:

CVE-2025-54914 Azure Networking Elevation of Privilege Vulnerability

CVE-2025-55244 Azure Bot Service Elevation of Privilege Vulnerability

CVE-2025-55241 Azure Entra Elevation of Privilege Vulnerability

CVE-2025-55238 Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability

CVE-2025-55236 Graphics Kernel Remote Code Execution Vulnerability

CVE-2025-55226 Graphics Kernel Remote Code Execution Vulnerability

CVE-2025-53800 Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2025-54910 Microsoft Office Remote Code Execution Vulnerability

CVE-2025-53799 Windows Imaging Component Information Disclosure Vulnerability

CVE-2025-54918 Windows NTLM Elevation of Privilege Vulnerability

CVE-2025-55224 Windows Hyper-V Remote Code Execution Vulnerability

CVE-2025-55228 Windows Graphics Component Remote Code Execution Vulnerability

CVE-2025-55242 Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability

🟡 IMPORTANT:

CVE-2025-55316 Azure Arc Elevation of Privilege Vulnerability

CVE-2025-49692 Azure Connected Machine Agent Elevation of Privilege Vulnerability

CVE-2025-54108 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

CVE-2025-55223 DirectX Graphics Kernel Elevation of Privilege Vulnerability

CVE-2025-55317 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

CVE-2025-54105 Microsoft Brokering File System Elevation of Privilege Vulnerability

CVE-2025-53807 Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2025-55232 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability

CVE-2025-55243 Microsoft OfficePlus Spoofing Vulnerability

CVE-2025-54906 Microsoft Office Remote Code Execution Vulnerability

CVE-2025-54902 Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-54899 Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-54904 Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-54903 Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-54898 Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-54896 Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-54900 Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-54901 Microsoft Excel Information Disclosure Vulnerability

CVE-2025-54908 Microsoft PowerPoint Remote Code Execution Vulnerability

CVE-2025-54897 Microsoft SharePoint Remote Code Execution Vulnerability

CVE-2025-54907 Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2025-54905 Microsoft Word Information Disclosure Vulnerability

CVE-2025-54112 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability

CVE-2025-54092 Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2025-54091 Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2025-54115 Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2025-54098 Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2025-47997 Microsoft SQL Server Information Disclosure Vulnerability

CVE-2025-55227 Microsoft SQL Server Elevation of Privilege Vulnerability

CVE-2025-54099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2025-54911 Windows BitLocker Elevation of Privilege Vulnerability

CVE-2025-54912 Windows BitLocker Elevation of Privilege Vulnerability

CVE-2025-53802 Windows Bluetooth Service Elevation of Privilege Vulnerability

CVE-2025-54102 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

CVE-2025-54114 Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability

CVE-2025-53810 Windows Defender Firewall Service Elevation of Privilege Vulnerability

CVE-2025-53808 Windows Defender Firewall Service Elevation of Privilege Vulnerability

CVE-2025-54094 Windows Defender Firewall Service Elevation of Privilege Vulnerability

CVE-2025-54915 Windows Defender Firewall Service Elevation of Privilege Vulnerability

CVE-2025-54109 Windows Defender Firewall Service Elevation of Privilege Vulnerability

CVE-2025-54104 Windows Defender Firewall Service Elevation of Privilege Vulnerability

CVE-2025-53801 Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVE-2025-53805 HTTP.sys Denial of Service Vulnerability

CVE-2025-53803 Windows Kernel Memory Information Disclosure Vulnerability

CVE-2025-53804 Windows Kernel-Mode Driver Information Disclosure Vulnerability

CVE-2025-54110 Windows Kernel Elevation of Privilege Vulnerability

CVE-2025-54894 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

CVE-2025-53809 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

CVE-2025-54103 Windows Management Service Elevation of Privilege Vulnerability

CVE-2025-54107 MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-54917 MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-54116 Windows MultiPoint Services Elevation of Privilege Vulnerability

CVE-2025-54916 Windows NTFS Remote Code Execution Vulnerability

CVE-2025-49734 PowerShell Direct Elevation of Privilege Vulnerability

CVE-2025-54095 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

CVE-2025-54096 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

CVE-2025-53797 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

CVE-2025-53796 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

CVE-2025-54106 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2025-54097 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

CVE-2025-53798 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

CVE-2025-54113 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2025-55225 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

CVE-2025-53806 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

CVE-2025-55234 Windows SMB Elevation of Privilege Vulnerability

CVE-2025-54101 Windows SMB Client Remote Code Execution Vulnerability

CVE-2025-54895 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability

CVE-2025-54093 Windows TCP/IP Driver Elevation of Privilege Vulnerability

CVE-2025-54913 Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability

CVE-2025-54111 Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability

CVE-2025-54919 Windows Graphics Component Remote Code Execution Vulnerability

CVE-2025-55245 Xbox Gaming Services Elevation of Privilege Vulnerability

🟢 MODERATE:

CVE-2025-53791 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

⚪️ UNKNOWN:

CVE-2025-9866 Chromium: CVE-2025-9866 Inappropriate implementation in Extensions

CVE-2025-9867 Chromium: CVE-2025-9867 Inappropriate implementation in Downloads

CVE-2025-9864 Chromium: CVE-2025-9864 Use after free in V8

CVE-2025-9865 Chromium: CVE-2025-9865 Inappropriate implementation in Toolbar

CVE-2024-21907 VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json

REMINDER:

Support for Windows 10 will end in October 2025! After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but it is recommended you move to Windows 11 for continued security and updates.