Webinar Library
Welcome to my September Patch Tuesday newsletter. Today Microsoft released 81 updates and an additional 22 in the past month for a total of 103 updates. We have two zero-days to look at, both released today. First is CVE-2024-21907. This improper handling of exceptional conditions in Newtonsoft.Json flaw affects various flavors of SQL Server. You can check the chart below for those versions. Next is CVE-2025-55234. Unlike the above mentioned "Less than likely" to be exploited vulnerability, this elevation of privilege exploit is rated as "Exploitation more likely". This exploit affects all of the Windows OS's in the chart below. According to the executive summary from Microsoft, the SMB server might be vulnerable to relay attacks depending on your configuration of the server. So, this CVE provides you with the ability to enable support for auditing SMB client compatibility for SMB server signing as well as SMB Server EPA. This will allow you to assess your environment and to identify any potential issues before deploying SMB server hardening measures. Be sure to get these tested and deployed as soon as you can. Besides these, there are another 15 updates that are rated "Critical". I've highlighted these in bold (but not italic) in the chart below. So, we do have a good bit of updating that needs to be done. You will want to download, update and reboot those systems. See you next month!
So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 10, 11
2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations
Critical
CVE-2025-49734 CVE-2025-53796 CVE-2025-53797 CVE-2025-53798 CVE-2025-53799 CVE-2025-53800 CVE-2025-53801 CVE-2025-53802 CVE-2025-53803 CVE-2025-53804 CVE-2025-53805 CVE-2025-53806 CVE-2025-53807 CVE-2025-53808 CVE-2025-53809 CVE-2025-53810 CVE-2025-54091 CVE-2025-54092 CVE-2025-54093 CVE-2025-54094 CVE-2025-54095 CVE-2025-54096 CVE-2025-54097 CVE-2025-54098 CVE-2025-54099 CVE-2025-54101 CVE-2025-54102 CVE-2025-54103 CVE-2025-54104 CVE-2025-54105 CVE-2025-54106 CVE-2025-54107 CVE-2025-54108 CVE-2025-54109 CVE-2025-54110 CVE-2025-54111 CVE-2025-54112 CVE-2025-54113 CVE-2025-54114 CVE-2025-54115 CVE-2025-54116 CVE-2025-54894 CVE-2025-54895 CVE-2025-54911 CVE-2025-54912 CVE-2025-54913 CVE-2025-54915 CVE-2025-54916 CVE-2025-54917 CVE-2025-54918 CVE-2025-54919 CVE-2025-55223 CVE-2025-55224 CVE-2025-55225 CVE-2025-55226 CVE-2025-55228 CVE-2025-55229 CVE-2025-55230 CVE-2025-55231 CVE-2025-55234** CVE-2025-55236
Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing
Edge
Chromium-based Edge for Android
Moderate
CVE-2025-53791 CVE-2025-8879 CVE-2025-8880 CVE-2025-8881 CVE-2025-8882 CVE-2025-8901 CVE-2025-9132 CVE-2025-9478 CVE-2025-9864 CVE-2025-9865 CVE-2025-9866 CVE-2025-9867
Workaround: No Exploited: No Public: No
Office
365 Apps for Enterprise Excel/PowerPoint/Word 2016 Office 2016, 2019 OfficePLUS LTSC 2021, 2024 including for Mac Office for Android AutoUpdate for Mac Office Online Server
CVE-2025-53799 CVE-2025-54896 CVE-2025-54898 CVE-2025-54899 CVE-2025-54900 CVE-2025-54901 CVE-2025-54902 CVE-2025-54903 CVE-2025-54904 CVE-2025-54905 CVE-2025-54906 CVE-2025-54907 CVE-2025-54908 CVE-2025-54910 CVE-2025-55243 CVE-2025-55317
Elevation of Privilege Information Disclosure Remote Code Execution Spoofing
SharePoint
Enterprise Server 2016 Server 2019 Server Subscription Edition
Important
CVE-2025-54897 CVE-2025-54905 CVE-2025-54906
SQL Server
2016 SP3 GDR 2016 SP3 Azure Connect Feature Pack 2017 CU31/GDR 2019 CU32/GDR 2022 CU20/GDR
CVE-2025-21907** CVE-2025-47997 CVE-2025-55227
Elevation of Privilege Information Disclosure
Azure
Bot Service Connected Machine Agent Networking Entra ID HPC Pack 2019 Purview Data Governance
CVE-2025-49692 CVE-2025-53763 CVE-2025-54914 CVE-2025-55232 CVE-2025-55241 CVE-2025-55244 CVE-2025-55316
Apps
Xbox Gaming Services PC Manager
CVE-2025-53795 CVE-2025-55242 CVE-2025-55245
Dynamics
365 FastTrack Implementation
CVE-2025-55238