Microsoft Patch Tuesday September 2025 security update

Microsoft’s September 2025 Patch Tuesday addresses 81 vulnerabilities, including two publicly disclosed zero-days. Among the fixes are nine critical flaws—five remote code execution, one information disclosure, and two privilege escalations. The update covers 41 elevation of privilege, 22 remote code execution, 16 information disclosure, and other vulnerabilities.

Microsoft Patch Tuesday September 2025 security updateMicrosoft Patch Tuesday September 2025 security update

The two zero-days patched are CVE-2025-55234, an SMB Server elevation of privilege vulnerability exploitable via relay attacks, and CVE-2024-21907, a denial-of-service flaw in Newtonsoft.Json used by Microsoft SQL Server.

Microsoft Patch Tuesday September 2025 security updateMicrosoft Patch Tuesday September 2025 security update

Other vendors releasing security updates in September 2025 include Adobe, Argo, Cisco, Google, SAP, Sitecore, and TP-Link, addressing various critical vulnerabilities and zero-days.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security