Advisory

Microsoft's September 2025 Patch Tuesday patches 81 vulnerabilities, 13 critical, two publicly disclosed

Take action: This month prioritize Windows and Microsoft SQL Server for patching - most critical and zero-days vulnerabilities affect these flaws. Then focus on the Microsoft Office and Azure products.

Learn More

Microsoft has released its September 2025 Patch Tuesday security updates, addressing 81 security vulnerabilities. This patch fixes critical flaws in Windows operating systems, Microsoft Office applications, Azure cloud services, SQL Server, and other enterprise software components. 

Zero-day vulnerabilities that were publicly disclosed before official patches became available:

  • CVE-2025-55234 - Windows SMB Elevation of Privilege Vulnerability. This flaw enables attackers to perform authentication relay attacks by exploiting improper validation in SMB sessions when SMB signing and Extended Protection for Authentication are not correctly configured. The vulnerability allows unauthenticated attackers to elevate privileges through man-in-the-middle relay attacks, potentially compromising user credentials and gaining unauthorized network access.
  • CVE-2024-21907 - Improper Handling of Exceptional Conditions in Newtonsoft.Json. It affects Microsoft SQL Server through a vulnerability in the included Newtonsoft.Json library. This vulnerability addresses mishandling of exceptional conditions in Newtonsoft.Json before version 13.0.1, where crafted data passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service

Critical vulnerabilities

  • CVE-2025-55236 - Graphics Kernel Remote Code Execution Vulnerability
  • CVE-2025-55226 - Graphics Kernel Remote Code Execution Vulnerability
  • CVE-2025-55228 - Windows Graphics Component Remote Code Execution Vulnerability
  • CVE-2025-54910 - Microsoft Office Remote Code Execution Vulnerability
  • CVE-2025-55224 - Windows Hyper-V Remote Code Execution Vulnerability
  • CVE-2025-54914 - Azure Networking Elevation of Privilege Vulnerability
  • CVE-2025-55244 - Azure Bot Service Elevation of Privilege Vulnerability
  • CVE-2025-55241 - Azure Entra Elevation of Privilege Vulnerability
  • CVE-2025-53800 - Windows Graphics Component Elevation of Privilege Vulnerability
  • CVE-2025-54918 - Windows NTLM Elevation of Privilege Vulnerability
  • CVE-2025-55238 - Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
  • CVE-2025-53799 - Windows Imaging Component Information Disclosure Vulnerability
  • CVE-2025-55242 - Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability

Other patches in the Microsoft's September 2025 Patch Tuesday are of 68 "Important" severity vulnerabilities spanning multiple product categories. The largest segment involved elevation of privilege flaws affecting core Windows components, Windows Defender Firewall Service, Windows Hyper-V virtualization platform, Windows Routing and Remote Access Service (RRAS), and various kernel-mode drivers. Remote code execution vulnerabilities were addressed in Windows NTFS file system, multiple Microsoft Office applications including PowerPoint and Visio, and Windows SMBv3 Client. The update also included important information disclosure flaws affecting Windows kernel components, Local Security Authority Subsystem Service (LSASS), and various Windows networking services that could potentially leak sensitive system information to attackers.

Full patch list

TagCVE IDCVE TitleSeverity
Azure - NetworkingCVE-2025-54914Azure Networking Elevation of Privilege VulnerabilityCritical
Azure ArcCVE-2025-55316Azure Arc Elevation of Privilege VulnerabilityImportant
Azure Bot ServiceCVE-2025-55244Azure Bot Service Elevation of Privilege VulnerabilityCritical
Azure EntraCVE-2025-55241Azure Entra Elevation of Privilege VulnerabilityCritical
Azure Windows Virtual Machine AgentCVE-2025-49692Azure Connected Machine Agent Elevation of Privilege VulnerabilityImportant
Capability Access Management Service (camsvc)CVE-2025-54108Capability Access Management Service (camsvc) Elevation of Privilege VulnerabilityImportant
Dynamics 365 FastTrack Implementation AssetsCVE-2025-55238Dynamics 365 FastTrack Implementation Assets Information Disclosure VulnerabilityCritical
Graphics KernelCVE-2025-55236Graphics Kernel Remote Code Execution VulnerabilityCritical
Graphics KernelCVE-2025-55223DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Graphics KernelCVE-2025-55226Graphics Kernel Remote Code Execution VulnerabilityCritical
Microsoft AutoUpdate (MAU)CVE-2025-55317Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityImportant
Microsoft Brokering File SystemCVE-2025-54105Microsoft Brokering File System Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-9866Chromium: CVE-2025-9866 Inappropriate implementation in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2025-9867Chromium: CVE-2025-9867 Inappropriate implementation in DownloadsUnknown
Microsoft Edge (Chromium-based)CVE-2025-53791Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2025-9864Chromium: CVE-2025-9864 Use after free in V8Unknown
Microsoft Edge (Chromium-based)CVE-2025-9865Chromium: CVE-2025-9865 Inappropriate implementation in ToolbarUnknown
Microsoft Graphics ComponentCVE-2025-53807Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2025-53800Windows Graphics Component Elevation of Privilege VulnerabilityCritical
Microsoft High Performance Compute Pack (HPC)CVE-2025-55232Microsoft High Performance Compute (HPC) Pack Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-54910Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-55243Microsoft OfficePlus Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2025-54906Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-54902Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-54899Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-54904Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-54903Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-54898Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-54896Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-54900Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-54901Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office PowerPointCVE-2025-54908Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2025-54897Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2025-54907Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-54905Microsoft Word Information Disclosure VulnerabilityImportant
Microsoft Virtual Hard DriveCVE-2025-54112Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2025-54092Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2025-54091Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2025-54115Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2025-54098Windows Hyper-V Elevation of Privilege VulnerabilityImportant
SQL ServerCVE-2025-47997Microsoft SQL Server Information Disclosure VulnerabilityImportant
SQL ServerCVE-2025-55227Microsoft SQL Server Elevation of Privilege VulnerabilityImportant
SQL ServerCVE-2024-21907VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.JsonUnknown
Windows Ancillary Function Driver for WinSockCVE-2025-54099Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows BitLockerCVE-2025-54911Windows BitLocker Elevation of Privilege VulnerabilityImportant
Windows BitLockerCVE-2025-54912Windows BitLocker Elevation of Privilege VulnerabilityImportant
Windows Bluetooth ServiceCVE-2025-53802Windows Bluetooth Service Elevation of Privilege VulnerabilityImportant
Windows Connected Devices Platform ServiceCVE-2025-54102Windows Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
Windows Connected Devices Platform ServiceCVE-2025-54114Windows Connected Devices Platform Service (Cdpsvc) Denial of Service VulnerabilityImportant
Windows Defender Firewall ServiceCVE-2025-53810Windows Defender Firewall Service Elevation of Privilege VulnerabilityImportant
Windows Defender Firewall ServiceCVE-2025-53808Windows Defender Firewall Service Elevation of Privilege VulnerabilityImportant
Windows Defender Firewall ServiceCVE-2025-54094Windows Defender Firewall Service Elevation of Privilege VulnerabilityImportant
Windows Defender Firewall ServiceCVE-2025-54915Windows Defender Firewall Service Elevation of Privilege VulnerabilityImportant
Windows Defender Firewall ServiceCVE-2025-54109Windows Defender Firewall Service Elevation of Privilege VulnerabilityImportant
Windows Defender Firewall ServiceCVE-2025-54104Windows Defender Firewall Service Elevation of Privilege VulnerabilityImportant
Windows DWMCVE-2025-53801Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows Imaging ComponentCVE-2025-53799Windows Imaging Component Information Disclosure VulnerabilityCritical
Windows Internet Information ServicesCVE-2025-53805HTTP.sys Denial of Service VulnerabilityImportant
Windows KernelCVE-2025-53803Windows Kernel Memory Information Disclosure VulnerabilityImportant
Windows KernelCVE-2025-53804Windows Kernel-Mode Driver Information Disclosure VulnerabilityImportant
Windows KernelCVE-2025-54110Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Local Security Authority Subsystem Service (LSASS)CVE-2025-54894Local Security Authority Subsystem Service Elevation of Privilege VulnerabilityImportant
Windows Local Security Authority Subsystem Service (LSASS)CVE-2025-53809Local Security Authority Subsystem Service (LSASS) Denial of Service VulnerabilityImportant
Windows Management ServicesCVE-2025-54103Windows Management Service Elevation of Privilege VulnerabilityImportant
Windows MapUrlToZoneCVE-2025-54107MapUrlToZone Security Feature Bypass VulnerabilityImportant
Windows MapUrlToZoneCVE-2025-54917MapUrlToZone Security Feature Bypass VulnerabilityImportant
Windows MultiPoint ServicesCVE-2025-54116Windows MultiPoint Services Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2025-54916Windows NTFS Remote Code Execution VulnerabilityImportant
Windows NTLMCVE-2025-54918Windows NTLM Elevation of Privilege VulnerabilityCritical
Windows PowerShellCVE-2025-49734PowerShell Direct Elevation of Privilege VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-54095Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-54096Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-53797Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-53796Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-54106Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-54097Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-53798Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-54113Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-55225Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-53806Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows SMBCVE-2025-55234Windows SMB Elevation of Privilege VulnerabilityImportant
Windows SMBv3 ClientCVE-2025-54101Windows SMB Client Remote Code Execution VulnerabilityImportant
Windows SPNEGO Extended NegotiationCVE-2025-54895SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege VulnerabilityImportant
Windows TCP/IPCVE-2025-54093Windows TCP/IP Driver Elevation of Privilege VulnerabilityImportant
Windows UI XAML Maps MapControlSettingsCVE-2025-54913Windows UI XAML Maps MapControlSettings Elevation of Privilege VulnerabilityImportant
Windows UI XAML Phone DatePickerFlyoutCVE-2025-54111Windows UI XAML Phone DatePickerFlyout Elevation of Privilege VulnerabilityImportant
Windows Win32K - GRFXCVE-2025-55224Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows Win32K - GRFXCVE-2025-55228Windows Graphics Component Remote Code Execution VulnerabilityCritical
Windows Win32K - GRFXCVE-2025-54919Windows Graphics Component Remote Code Execution VulnerabilityImportant
XboxCVE-2025-55242Xbox Certification Bug Copilot Djando Information Disclosure VulnerabilityCritical
XBox Gaming ServicesCVE-2025-55245Xbox Gaming Services Elevation of Privilege VulnerabilityImportant
Microsoft's September 2025 Patch Tuesday patches 81 vulnerabilities, 13 critical, two publicly disclosed
Read More
Google fixes Chrome vulnerability exploited by hackers - …
Hackers claim responsibility for breaching Plume - Smart …
Google Patches Fourth Chrome Zero-Day of 2026 in …
Google releases April 2025 Android security update, patching …
Microsoft releases June 2025 Patch, fixing actively exploited …