This September 2025 Patch Tuesday from Microsoft addresses 81 security flaws, including two publicly disclosed zero-days affecting Windows SMB Server and SQL Server. The update fixes numerous critical and important vulnerabilities, with additional patches released by several other vendors. #CVE-2025-55234 #CVE-2025-55238
Keypoints
- Microsoftβs September 2025 Patch Tuesday fixes 81 vulnerabilities, including two public zero-days.
- The zero-day flaws involve SMB Server escalation of privilege and Newtonsoft.Json mishandling in SQL Server.
- Critical vulnerabilities include remote code execution and privilege escalation issues across multiple Microsoft components.
- Other vendors like Adobe, Google, Cisco, and SAP also released security updates in September 2025.
- Microsoft recommends enabling specific security features and auditing to mitigate risks from SMB relay attacks.