Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Identity Fabric: Stitching Together IAM or Selling the Emperor’s New Clothes?

Webinar Library

Latest Blogs

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Cracking AD Passwords with NTDSXtract, Dsusers.py and John the Ripper

Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

Top Resources

Security Log

Additional Resources

September, 2025: Patch Tuesday - Two Zero Days This Month

Welcome to my September Patch Tuesday newsletter. Today Microsoft released 81 updates and an additional 22 in the past month for a total of 103 updates.

We have two zero-days to look at, both released today.

First is CVE-2024-21907. This improper handling of exceptional conditions in Newtonsoft.Json flaw affects various flavors of SQL Server. You can check the chart below for those versions.

Next is CVE-2025-55234. Unlike the above mentioned "Less than likely" to be exploited vulnerability, this elevation of privilege exploit is rated as "Exploitation more likely". This exploit affects all of the Windows OS's in the chart below. According to the executive summary from Microsoft, the SMB server might be vulnerable to relay attacks depending on your configuration of the server. So, this CVE provides you with the ability to enable support for auditing SMB client compatibility for SMB server signing as well as SMB Server EPA. This will allow you to assess your environment and to identify any potential issues before deploying SMB server hardening measures. Be sure to get these tested and deployed as soon as you can.

Besides these, there are another 15 updates that are rated "Critical". I've highlighted these in bold (but not italic) in the chart below.

So, we do have a good bit of updating that needs to be done. You will want to download, update and reboot those systems. See you next month!

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 10, 11 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations	Critical	CVE-2025-49734 CVE-2025-53796 CVE-2025-53797 CVE-2025-53798 CVE-2025-53799 CVE-2025-53800 CVE-2025-53801 CVE-2025-53802 CVE-2025-53803 CVE-2025-53804 CVE-2025-53805 CVE-2025-53806 CVE-2025-53807 CVE-2025-53808 CVE-2025-53809 CVE-2025-53810 CVE-2025-54091 CVE-2025-54092 CVE-2025-54093 CVE-2025-54094 CVE-2025-54095 CVE-2025-54096 CVE-2025-54097 CVE-2025-54098 CVE-2025-54099 CVE-2025-54101 CVE-2025-54102 CVE-2025-54103 CVE-2025-54104 CVE-2025-54105 CVE-2025-54106 CVE-2025-54107 CVE-2025-54108 CVE-2025-54109 CVE-2025-54110 CVE-2025-54111 CVE-2025-54112 CVE-2025-54113 CVE-2025-54114 CVE-2025-54115 CVE-2025-54116 CVE-2025-54894 CVE-2025-54895 CVE-2025-54911 CVE-2025-54912 CVE-2025-54913 CVE-2025-54915 CVE-2025-54916 CVE-2025-54917 CVE-2025-54918 CVE-2025-54919 CVE-2025-55223 CVE-2025-55224 CVE-2025-55225 CVE-2025-55226 CVE-2025-55228 CVE-2025-55229 CVE-2025-55230 CVE-2025-55231 CVE-2025-55234 CVE-2025-55236**	Workaround: No Exploited: No Public: Yes**	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing
Edge	Chromium-based Edge for Android	Moderate	CVE-2025-53791 CVE-2025-8879 CVE-2025-8880 CVE-2025-8881 CVE-2025-8882 CVE-2025-8901 CVE-2025-9132 CVE-2025-9478 CVE-2025-9864 CVE-2025-9865 CVE-2025-9866 CVE-2025-9867	Workaround: No Exploited: No Public: No	Security Feature Bypass
Office	365 Apps for Enterprise Excel/PowerPoint/Word 2016 Office 2016, 2019 OfficePLUS LTSC 2021, 2024 including for Mac Office for Android AutoUpdate for Mac Office Online Server	Critical	CVE-2025-53799 CVE-2025-54896 CVE-2025-54898 CVE-2025-54899 CVE-2025-54900 CVE-2025-54901 CVE-2025-54902 CVE-2025-54903 CVE-2025-54904 CVE-2025-54905 CVE-2025-54906 CVE-2025-54907 CVE-2025-54908 CVE-2025-54910 CVE-2025-55243 CVE-2025-55317	Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure Remote Code Execution Spoofing
SharePoint	Enterprise Server 2016 Server 2019 Server Subscription Edition	Important	CVE-2025-54897 CVE-2025-54905 CVE-2025-54906	Workaround: No Exploited: No Public: No	Information Disclosure Remote Code Execution
SQL Server	2016 SP3 GDR 2016 SP3 Azure Connect Feature Pack 2017 CU31/GDR 2019 CU32/GDR 2022 CU20/GDR	Important	CVE-2025-21907** CVE-2025-47997 CVE-2025-55227	Workaround: No Exploited: No Public: Yes**	Elevation of Privilege Information Disclosure
Azure	Bot Service Connected Machine Agent Networking Entra ID HPC Pack 2019 Purview Data Governance	Critical	CVE-2025-49692 CVE-2025-53763 CVE-2025-54914 CVE-2025-55232 CVE-2025-55241 CVE-2025-55244 CVE-2025-55316	Workaround: No Exploited: No Public: No	Elevation of Privilege Remote Code Execution
Apps	Xbox Gaming Services PC Manager	Critical	CVE-2025-53795 CVE-2025-55242 CVE-2025-55245	Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure
Dynamics	365 FastTrack Implementation	Critical	CVE-2025-55238	Workaround: No Exploited: No Public: No	Information Disclosure

Send me this chart next Patch Tuesday.

User name:
Password:
	/ Forgot?
	Register

September 2025 Patch Tuesday	"Patch Tuesday - Two Zero Days This Month " - sponsored by Supercharger for Windows Event Collection

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.