Microsoft Security Update Summary (September 9, 2025)

Posted on 2025-09-10 by guenni

Update[German]On September 9, 2025, Microsoft released security updates for Windows clients and servers, Office, and other products. The security updates address 81 vulnerabilities (CVEs), eight of which are critical, two of which were classified as zero-day vulnerabilities and are publicly known. Below is a brief overview of these updates, which were released on Patch Day.

Notes on the updates

A list of updates can be found on this Microsoft page. Details on the update packages for Windows, Office, etc. are available in separate blog posts.

Windows 10/11, Windows Server

All Windows 10/11 updates (as well as updates for the server counterparts) are cumulative. The monthly Patch Day update contains all security fixes for these Windows versions, as well as all non-security-related fixes up to Patch Day. In addition to security patches for vulnerabilities, the updates also contain fixes for bugs and new features.

Windows Server 2012 R2

For Windows Server 2012/R2, an ESU license is required to obtain further security updates (Windows Server 2012/R2 gets Extended Security Updates (ESU) until October 2026).

Fixed vulnerabilities

Tenable has published this blog post with an overview of the fixed vulnerabilities. Here are some of the critical vulnerabilities that have been eliminated:

  • CVE-2025-55234: Windows SMB Elevation of Privilege vulnerability, CVEv3 Score 8.8, important; Successful exploitation would allow an unauthenticated attacker to elevate their privileges to those of the compromised user account. According to Microsoft, this vulnerability was publicly disclosed before a patch was available. CVE-2025-55234 was apparently published to help customers review and assess their environment and identify incompatibility issues before leveraging some of the security features for SMB servers, according to Tenable.
  • CVE-2025-54918: Windows NTLM Elevation of Privilege vulnerability, CVEv3 Score 8.8, critical; "Exploitation More Likely"; Successful exploitation allows an attacker to elevate their privileges to SYSTEM.
  • CVE-2025-54916: Windows NTFS Remote Code Execution vulnerability, CVEv3 Score 7.8, important; "Exploitation More Likely"; An attacker who successfully exploits this vulnerability would gain RCE on the target system. According to the security advisory, any authenticated attacker could exploit this vulnerability.
  • CVE-2025-54910: Microsoft SharePoint Remote Code Execution vulnerability, CVEv3 Score 8.4, critical; "Exploitation Less Likely."; An attacker could exploit this vulnerability by tricking a victim into opening a specially crafted Office document. There is also evidence that exploitation via the Microsoft Outlook preview pane is possible. Successful exploitation would give the attacker RCE privileges on the target system. For users of Microsoft Office LTSC for Mac 2021 and 2024, the update is not yet available, but is expected to be released shortly.
  • CVE-2025-54897: Microsoft SharePoint Remote Code Execution vulnerability, CVEv3 Score 8.8, important; "Exploitation More Likely"; To exploit this vulnerability, an attacker would need to authenticate as any user. Privileged accounts such as admin or other accounts with elevated privileges are not required. After authentication, an attacker could either write arbitrary code or use code injection to execute code on a vulnerable SharePoint server and thus gain RCE.
  • CVE-2025-55224: Windows Hyper-V Remote Code Execution vulnerability, CVEv3 Score 7.8, critical; "Exploitation More Likely"; An attacker could exploit a race condition and bypass the security boundary of the guest host to execute arbitrary code on the Hyper-V host computer. Although the complexity of the attack for this vulnerability is high, the impact would be significant for an attacker who successfully exploits this vulnerability.
  •  CVE-2025-54091CVE-2025-54092CVE-2025-54098CVE-2025-54115: Windows Hyper-V Elevation of Privilege vulnerability, CVEv3 Score 7.0-7.8, important; A local, authenticated attacker could exploit these vulnerabilities to gain SYSTEM privileges. However, to exploit CVE-2025-54115, an attacker would first have to win a race condition, which contributed to its lower CVSS score.

A list of all CVEs discovered can be found on this Microsoft page, excerpts are available from Tenable. Talos has some additional vulnerabilities available.

Similar articles:
Microsoft Security Update Summary (September 9, 2025)
Patchday: Windows 10/11 Updates (September 9, 2025)
Patchday: Windows Server-Updates (September 9, 2025)
Patchday: Microsoft Office Updates (September 9, 2025)

This entry was posted in Office, Security, Update, Windows and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).