Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days

TagCVE IDCVE TitleSeverityAzure – NetworkingCVE-2025-54914Azure Networking Elevation of Privilege VulnerabilityCriticalAzure ArcCVE-2025-55316Azure Arc Elevation of Privilege VulnerabilityImportantAzure Bot ServiceCVE-2025-55244Azure Bot Service Elevation of Privilege VulnerabilityCriticalAzure EntraCVE-2025-55241Azure Entra Elevation of Privilege VulnerabilityCriticalAzure Windows Virtual Machine AgentCVE-2025-49692Azure Connected Machine Agent Elevation of Privilege VulnerabilityImportantCapability Access Management Service (camsvc)CVE-2025-54108Capability Access Management Service (camsvc) Elevation of Privilege VulnerabilityImportantDynamics 365 FastTrack Implementation AssetsCVE-2025-55238Dynamics 365 FastTrack Implementation Assets Information Disclosure VulnerabilityCriticalGraphics KernelCVE-2025-55236Graphics Kernel Remote Code Execution VulnerabilityCriticalGraphics KernelCVE-2025-55223DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportantGraphics KernelCVE-2025-55226Graphics Kernel Remote Code Execution VulnerabilityCriticalMicrosoft AutoUpdate (MAU)CVE-2025-55317Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityImportantMicrosoft Brokering File SystemCVE-2025-54105Microsoft Brokering File System Elevation of Privilege VulnerabilityImportantMicrosoft Edge (Chromium-based)CVE-2025-9866Chromium: CVE-2025-9866 Inappropriate implementation in ExtensionsUnknownMicrosoft Edge (Chromium-based)CVE-2025-9867Chromium: CVE-2025-9867 Inappropriate implementation in DownloadsUnknownMicrosoft Edge (Chromium-based)CVE-2025-53791Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityModerateMicrosoft Edge (Chromium-based)CVE-2025-9864Chromium: CVE-2025-9864 Use after free in V8UnknownMicrosoft Edge (Chromium-based)CVE-2025-9865Chromium: CVE-2025-9865 Inappropriate implementation in ToolbarUnknownMicrosoft Graphics ComponentCVE-2025-53807Windows Graphics Component Elevation of Privilege VulnerabilityImportantMicrosoft Graphics ComponentCVE-2025-53800Windows Graphics Component Elevation of Privilege VulnerabilityCriticalMicrosoft High Performance Compute Pack (HPC)CVE-2025-55232Microsoft High Performance Compute (HPC) Pack Remote Code Execution VulnerabilityImportantMicrosoft OfficeCVE-2025-54910Microsoft Office Remote Code Execution VulnerabilityCriticalMicrosoft OfficeCVE-2025-55243Microsoft OfficePlus Spoofing VulnerabilityImportantMicrosoft OfficeCVE-2025-54906Microsoft Office Remote Code Execution VulnerabilityImportantMicrosoft Office ExcelCVE-2025-54902Microsoft Excel Remote Code Execution VulnerabilityImportantMicrosoft Office ExcelCVE-2025-54899Microsoft Excel Remote Code Execution VulnerabilityImportantMicrosoft Office ExcelCVE-2025-54904Microsoft Excel Remote Code Execution VulnerabilityImportantMicrosoft Office ExcelCVE-2025-54903Microsoft Excel Remote Code Execution VulnerabilityImportantMicrosoft Office ExcelCVE-2025-54898Microsoft Excel Remote Code Execution VulnerabilityImportantMicrosoft Office ExcelCVE-2025-54896Microsoft Excel Remote Code Execution VulnerabilityImportantMicrosoft Office ExcelCVE-2025-54900Microsoft Excel Remote Code Execution VulnerabilityImportantMicrosoft Office ExcelCVE-2025-54901Microsoft Excel Information Disclosure VulnerabilityImportantMicrosoft Office PowerPointCVE-2025-54908Microsoft PowerPoint Remote Code Execution VulnerabilityImportantMicrosoft Office SharePointCVE-2025-54897Microsoft SharePoint Remote Code Execution VulnerabilityImportantMicrosoft Office VisioCVE-2025-54907Microsoft Office Visio Remote Code Execution VulnerabilityImportantMicrosoft Office WordCVE-2025-54905Microsoft Word Information Disclosure VulnerabilityImportantMicrosoft Virtual Hard DriveCVE-2025-54112Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityImportantRole: Windows Hyper-VCVE-2025-54092Windows Hyper-V Elevation of Privilege VulnerabilityImportantRole: Windows Hyper-VCVE-2025-54091Windows Hyper-V Elevation of Privilege VulnerabilityImportantRole: Windows Hyper-VCVE-2025-54115Windows Hyper-V Elevation of Privilege VulnerabilityImportantRole: Windows Hyper-VCVE-2025-54098Windows Hyper-V Elevation of Privilege VulnerabilityImportantSQL ServerCVE-2025-47997Microsoft SQL Server Information Disclosure VulnerabilityImportantSQL ServerCVE-2025-55227Microsoft SQL Server Elevation of Privilege VulnerabilityImportantSQL ServerCVE-2024-21907VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.JsonUnknownWindows Ancillary Function Driver for WinSockCVE-2025-54099Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportantWindows BitLockerCVE-2025-54911Windows BitLocker Elevation of Privilege VulnerabilityImportantWindows BitLockerCVE-2025-54912Windows BitLocker Elevation of Privilege VulnerabilityImportantWindows Bluetooth ServiceCVE-2025-53802Windows Bluetooth Service Elevation of Privilege VulnerabilityImportantWindows Connected Devices Platform ServiceCVE-2025-54102Windows Connected Devices Platform Service Elevation of Privilege VulnerabilityImportantWindows Connected Devices Platform ServiceCVE-2025-54114Windows Connected Devices Platform Service (Cdpsvc) Denial of Service VulnerabilityImportantWindows Defender Firewall ServiceCVE-2025-53810Windows Defender Firewall Service Elevation of Privilege VulnerabilityImportantWindows Defender Firewall ServiceCVE-2025-53808Windows Defender Firewall Service Elevation of Privilege VulnerabilityImportantWindows Defender Firewall ServiceCVE-2025-54094Windows Defender Firewall Service Elevation of Privilege VulnerabilityImportantWindows Defender Firewall ServiceCVE-2025-54915Windows Defender Firewall Service Elevation of Privilege VulnerabilityImportantWindows Defender Firewall ServiceCVE-2025-54109Windows Defender Firewall Service Elevation of Privilege VulnerabilityImportantWindows Defender Firewall ServiceCVE-2025-54104Windows Defender Firewall Service Elevation of Privilege VulnerabilityImportantWindows DWMCVE-2025-53801Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportantWindows Imaging ComponentCVE-2025-53799Windows Imaging Component Information Disclosure VulnerabilityCriticalWindows Internet Information ServicesCVE-2025-53805HTTP.sys Denial of Service VulnerabilityImportantWindows KernelCVE-2025-53803Windows Kernel Memory Information Disclosure VulnerabilityImportantWindows KernelCVE-2025-53804Windows Kernel-Mode Driver Information Disclosure VulnerabilityImportantWindows KernelCVE-2025-54110Windows Kernel Elevation of Privilege VulnerabilityImportantWindows Local Security Authority Subsystem Service (LSASS)CVE-2025-54894Local Security Authority Subsystem Service Elevation of Privilege VulnerabilityImportantWindows Local Security Authority Subsystem Service (LSASS)CVE-2025-53809Local Security Authority Subsystem Service (LSASS) Denial of Service VulnerabilityImportantWindows Management ServicesCVE-2025-54103Windows Management Service Elevation of Privilege VulnerabilityImportantWindows MapUrlToZoneCVE-2025-54107MapUrlToZone Security Feature Bypass VulnerabilityImportantWindows MapUrlToZoneCVE-2025-54917MapUrlToZone Security Feature Bypass VulnerabilityImportantWindows MultiPoint ServicesCVE-2025-54116Windows MultiPoint Services Elevation of Privilege VulnerabilityImportantWindows NTFSCVE-2025-54916Windows NTFS Remote Code Execution VulnerabilityImportantWindows NTLMCVE-2025-54918Windows NTLM Elevation of Privilege VulnerabilityCriticalWindows PowerShellCVE-2025-49734PowerShell Direct Elevation of Privilege VulnerabilityImportantWindows Routing and Remote Access Service (RRAS)CVE-2025-54095Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportantWindows Routing and Remote Access Service (RRAS)CVE-2025-54096Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportantWindows Routing and Remote Access Service (RRAS)CVE-2025-53797Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportantWindows Routing and Remote Access Service (RRAS)CVE-2025-53796Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportantWindows Routing and Remote Access Service (RRAS)CVE-2025-54106Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportantWindows Routing and Remote Access Service (RRAS)CVE-2025-54097Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportantWindows Routing and Remote Access Service (RRAS)CVE-2025-53798Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportantWindows Routing and Remote Access Service (RRAS)CVE-2025-54113Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportantWindows Routing and Remote Access Service (RRAS)CVE-2025-55225Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportantWindows Routing and Remote Access Service (RRAS)CVE-2025-53806Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportantWindows SMBCVE-2025-55234Windows SMB Elevation of Privilege VulnerabilityImportantWindows SMBv3 ClientCVE-2025-54101Windows SMB Client Remote Code Execution VulnerabilityImportantWindows SPNEGO Extended NegotiationCVE-2025-54895SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege VulnerabilityImportantWindows TCP/IPCVE-2025-54093Windows TCP/IP Driver Elevation of Privilege VulnerabilityImportantWindows UI XAML Maps MapControlSettingsCVE-2025-54913Windows UI XAML Maps MapControlSettings Elevation of Privilege VulnerabilityImportantWindows UI XAML Phone DatePickerFlyoutCVE-2025-54111Windows UI XAML Phone DatePickerFlyout Elevation of Privilege VulnerabilityImportantWindows Win32K – GRFXCVE-2025-55224Windows Hyper-V Remote Code Execution VulnerabilityCriticalWindows Win32K – GRFXCVE-2025-55228Windows Graphics Component Remote Code Execution VulnerabilityCriticalWindows Win32K – GRFXCVE-2025-54919Windows Graphics Component Remote Code Execution VulnerabilityImportantXboxCVE-2025-55242Xbox Certification Bug Copilot Djando Information Disclosure VulnerabilityCriticalXBox Gaming ServicesCVE-2025-55245Xbox Gaming Services Elevation of Privilege VulnerabilityImportant