Microsoft Patch Tuesday Security Updates for September 2025: A Look at the Vulnerabilities Fixed
Microsoft has released its Patch Tuesday security updates for September 2025, addressing a total of 80 vulnerabilities in various products, including Windows and Office. Among these, two zero-day flaws have been fixed, which pose significant security risks to users.
Zero-Day Flaws: A Growing Concern
The two publicly disclosed zero-day flaws, CVE-2025-55234 and CVE-2024-21907, are rated as "exploitation less likely" or "exploitation unlikely" by Microsoft. However, this does not mean that they are not a significant concern. CVE-2025-55234 affects Windows SMB Server, enabling relay attacks that could escalate privileges. To mitigate this vulnerability, Microsoft advises users to enable SMB signing and EPA, which may cause legacy compatibility issues.
CVE-2024-21907, on the other hand, impacts Newtonsoft.Json in SQL Server, where crafted data can trigger a StackOverflow exception and denial of service. This vulnerability has been fixed in updated libraries, providing an added layer of security for users.
The Most Severe Flaw: Microsoft HPC Pack Remote Code Execution Vulnerability
The most severe flaw, tracked as CVE-2025-55232 (CVSS score of 9.8), is a Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability. This vulnerability resides in Microsoft HPC Pack and allows remote, unauthenticated code execution without user interaction, making it potentially wormable.
"An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction," reads the advisory published by Microsoft. To mitigate this risk, Microsoft urges deploying clusters in secure enclaves, blocking TCP port 5999, and prioritizing patching.
A Total of 80 Vulnerabilities Addressed
In addition to the two zero-day flaws, a total of 80 vulnerabilities have been addressed by Microsoft, including eight that are rated Critical in severity. The remaining 72 vulnerabilities are rated as Important. This comprehensive approach demonstrates Microsoft's commitment to securing its products and protecting users from potential security threats.
The Importance of Keeping Up-to-Date
As with any software update, it is essential for users to keep their systems up-to-date to avoid exploitation of these vulnerabilities. Microsoft provides regular Patch Tuesdays, which offer a way for users to stay ahead of emerging threats and ensure the security of their devices.
Stay Safe Online
By staying informed about the latest security updates and taking steps to protect your systems, you can significantly reduce the risk of falling victim to these vulnerabilities. Remember to always keep your software up-to-date and be cautious when interacting with unknown sources.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon for more security news and updates!