Microsoft's September 2025 Patch Tuesday includes 86 security fixes for Windows 11 and associated Microsoft products, with two vulnerabilities flagged as zero-days that were previously disclosed to the public.
Among these, a critical flaw in the Windows SMB component, rated “Exploitation More Likely,” signals heightened risk for enterprise environments relying on default configurations.
The security fixes were released earlier as part of the cumulative update KB5065426, targeting Windows 11 version 24H2. The most pressing issue addressed is CVE-2025-55234, an Elevation of Privilege vulnerability in the Windows SMB Server that could allow attackers to conduct relay attacks and impersonate users. With a CVSS score of 8.8, this zero-day flaw is especially dangerous due to its low complexity, network-based vector, and the lack of any required privileges or user interaction.
This issue was publicly disclosed before a patch was available, though Microsoft reports it has not yet been exploited in the wild. The vulnerability is tied to improper authentication mechanisms in SMB Server, which under certain conditions could be bypassed to elevate privileges. While SMB already supports hardening features such as SMB signing and Extended Protection for Authentication (EPA), Microsoft’s update also introduces new audit capabilities that help organizations assess compatibility before enforcing these defenses. Admins are urged to activate these measures proactively to mitigate exposure.
A second publicly disclosed vulnerability, CVE-2024-21907, stems from Newtonsoft.Json, a widely used third-party .NET library. This issue, categorized as a denial-of-service vulnerability due to improper handling of exceptional conditions in the DeserializeObject method, was patched in updated builds of SQL Server. Though the flaw is not being exploited, it represents a serious concern for systems accepting user input into JSON processing pipelines.
Beyond these two zero-days, six additional vulnerabilities were classified as “Exploitation More Likely” by Microsoft. These include issues in Windows Kernel (CVE-2025-53803, CVE-2025-53804, CVE-2025-54110), Windows NTFS (CVE-2025-54916), Windows Hyper-V (CVE-2025-54098), and Windows SMB (CVE-2025-55234), with most allowing local privilege escalation or system-level compromise if successfully exploited.
Also notable in this release is a fix for a long-standing compatibility issue involving MSI repair operations and User Account Control (UAC) prompts. Prior to this patch, users without administrative privileges experienced UAC interruptions when launching or repairing apps using MSI installers, especially affecting legacy software like Office Professional Plus 2010 and Autodesk products. The fix now allows for a whitelist-based approach to suppress UAC for specific apps.
While none of the vulnerabilities have yet been exploited in the wild, the presence of publicly disclosed zero-days and kernel-level issues makes this update especially urgent.
To install the latest Windows update, open Settings > Windows Update, then click ‘Check for updates’ and select ‘Download and install’ to begin the process.
A system restart will be required to complete the installation and apply the security fixes. Before proceeding, it’s strongly recommended to back up your data to safeguard against potential issues such as update failures and filesystem corruption.
Leave a Reply