📅 Sep 10, 2025 ✍️ Cybernoz 📁 Securityaffairs 💬 0 ⏱️ 2 min

Microsoft Patch Tuesday security updates for September 2025 fixed two zero-day flaws

Microsoft Patch Tuesday security updates for September 2025 fixed two zero-day flaws

Microsoft Patch Tuesday security updates for September 2025 fixed two zero-day flaws

Pierluigi Paganini
Microsoft Patch Tuesday security updates for September 2025 fixed two zero-day flaws September 10, 2025

Microsoft Patch Tuesday security updates for September 2025 fixed two zero-day flaws

Microsoft Patch Tuesday security updates for September 2025 fixed 80 vulnerabilities, including two publicly disclosed zero-day flaws.

Microsoft Patch Tuesday security updates for September 2025 addressed 80 vulnerabilities in Windows and Windows Components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, Hyper-V, SQL Server, Defender Firewall Service, and Xbox (yup – Xbox!).

Eight of the flaws fixed by Microsoft are rated Critical in severity, and the rest are rated Important.

Two of these vulnerabilities are publicly disclosed zero-day flaws, and neither has been actively exploited in the wild. All vulnerabilities are rated as “exploitation less likely” or “exploitation unlikely.”

The two publicly disclosed zero-days are CVE-2025-55234 (CVSS score of 8.8) and CVE-2024-21907 (CVSS score of 7.5). CVE-2025-55234 affects Windows SMB Server, enabling relay attacks that could escalate privileges; Microsoft advises enabling SMB signing and EPA, though they may cause legacy compatibility issues, and has added auditing features in the Sept 2025 updates. CVE-2024-21907, disclosed in 2024, impacts Newtonsoft.Json in SQL Server, where crafted data can trigger a StackOverflow exception and denial of service, now fixed in updated libraries.

The most severe flaw, tracked as CVE-2025-55232 (CVSS score of 9.8), is a Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability. It resides in Microsoft HPC Pack and allows remote, unauthenticated code execution without user interaction, making it potentially wormable. Microsoft urges deploying clusters in secure enclaves, blocking TCP port 5999, and prioritizing patching.

“An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.” reads the advisory published by Microsoft,

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Patch Tuesday)




Source link

About Cybernoz

Security researcher and threat analyst with expertise in malware analysis and incident response.