Patch Tuesday:​ September 2025's Microsoft Security Updates

Stay ahead of critical vulnerabilities with our breakdown of this month's Microsoft security patches.

In this Guide:

September 2025 Patch Tuesday

Microsoft fixed 81 new CVEs, 2 of which were publicly disclosed. 8 CVEs are Critical (5 RCE, 2 EoP, 1 Info Disclosure) and affect Windows and Office.

Microsoft’s publicly disclosed vulnerabilities

Microsoft fixed an Elevation of Privilege vulnerability in Windows SMB (CVE-2025-55234) which is publicly disclosed. Microsoft rates it as Important and it has a CVSS v3.1 score of 8.8 and affects all Windows OS. Code maturity is unproven so no code samples have been disclosed. A risk based prioritization would be Important.

Microsoft fixed an Improper Handling of Exceptional Conditions vulnerability in Newtonsoft.Json (CVE-2024-21907) which is publicly disclosed. The CVE is unrated and affects SQL Server 2016, 2017 and 2019. Depending on how the library is used an unauthenticated and remote attacker could cause a denial-of-service. A risk based prioritization would be Important.

CVETypeDescriptionAffected Products
CVE-2025-54916RCEStack-buffer overflow in Windows NTFS allowing remote code execution over the network.Windows 10, 11, Server 2008, 2012, 2016, 2019, 2022, 2025
CVE-2025-54910RCE (ACE)Heap-based buffer overflow in Microsoft Office enabling local Arbitrary Code Execution.Microsoft 365 Apps, Office 2016, 2019, LTSC 2021, 2024
CVE-2025-54918EoPImproper authentication in Windows NTLM allowing privilege escalation to SYSTEM over the network.Windows 10, 11, Server 2008, 2012, 2016, 2019, 2022, 2025
CVE-2025-54101RCEUse-after-free in Windows SMB v3 Client/Server requiring race condition win for exploitation.Windows 10, 11, Server 2008, 2012, 2016, 2019, 2022
CVE-2025-55226RCEConcurrent execution with improper synchronization in DirectX Graphics Kernel allowing local code execution.Windows 10, 11, Server 2008, 2012, 2016, 2019, 2022, 2025
CVE-2025-55236RCETOCTOU race condition in DirectX Graphics Kernel allowing local code execution.Windows 10, 11, Server 2019, 2022, 2025
CVE-2025-53803Info DisclosureWindows Kernel Memory Information Disclosure vulnerability rated as likely to be exploited.Windows
CVE-2025-53804Info DisclosureWindows Kernel-Mode Driver Information Disclosure vulnerability rated as likely to be exploited.Windows
CVE-2025-54093EoPWindows TCP/IP Driver Elevation of Privilege vulnerability rated as likely to be exploited.Windows
CVE-2025-54098EoPWindows Hyper-V Elevation of Privilege vulnerability rated as likely to be exploited.Windows
CVE-2025-54110EoPWindows Kernel Elevation of Privilege vulnerability rated as likely to be exploited.Windows

A complete list of all the other vulnerabilities Microsoft has disclosed this month is available on its patch security update page.

For businesses, IT administrators, and security teams, Patch Tuesday is a crucial part of a proactive cybersecurity strategy. These updates close security holes that could otherwise be exploited by attackers, protecting sensitive data and maintaining the stability of your IT environment.

Discover Every Asset.
Defend Every Endpoint.​

  • Device Compliance
  • License Management
  • Software Metering
  • Asset Monitoring
  • Application Control
  • Data Security
  • Audit Reporting
Try For Free