[German]On September 9, 2025 (the second Tuesday of the month, Microsoft Patch Day), Microsoft released several security updates for Microsoft Office 2016, as well as the C2R variants (Office 2016-2021 and 365) and other products. This month, serious vulnerabilities in Office were closed. Below is an overview of the available updates.
An overview of the updates can be found on this website (and here for this month). Details are documented in the linked KB articles. The updates are available for the installable MSI version of Microsoft Office (the Click-to-Run packages obtain the updates through other channels). Office 2019/2021/2024 does not appear in the list because it is distributed via Click-to-Run packages and receives security updates via the Office Update feature.
Office 2016
The following security updates have been released for Microsoft Office 2016.
- KB5002782: Security update for Excel 2016 that closes the RCE vulnerabilities CVE-2025-54900, CVE-2025-54904, CVE-2025-54903, CVE-2025-54899, CVE-2025-54896, CVE-2025-54902 and CVE-2025-54898.
- KB5002576: Security update for Office 2016 that addresses the RCE vulnerability CVE-2025-54906.
- KB5002762: Security update for Office 2016 that addresses the RCE vulnerability CVE-2025-54901.
- KB5002766: Security update for Office 2016 that addresses the RCE vulnerability CVE-2025-54906.
- KB5002781: Security update for Office 2016 that addresses the RCE vulnerabilities CVE-2025-54910 and CVE-2025-54906.
- KB5002779: Security update for PowerPoint 2016 that addresses the RCE vulnerability CVE-2025-54908.
- KB5002780: Security update for Word 2016 that addresses the RCE vulnerability CVE-2025-54905.
Details about the Office updates and the direct download addresses for the updates can be found in the linked KB articles.
Office C2R updates
For Click-2-Run installation packages, the updates are obtained and installed directly via the respective Office package. According to this Microsoft website, the following security updates have been released:
- Current Channel: Version 2508 (Build 19127.20222)
- Monthly Enterprise Channel: Version 2507 (Build 19029.20244)
- Monthly Enterprise Channel: Version 2506 (Build 18925.20242)
- Monthly Enterprise Channel: Version 2505 (Build 18827.20244)
- Semi-Annual Enterprise Channel: Version 2502 (Build 18526.20604)
- Semi-Annual Enterprise Channel: Version 2408 (Build 17928.20700)
- Office 2024 Retail: Version 2508 (Build 19127.20222)
- Office 2021 Retail: Version 2508 (Build 19127.20222)
- Office 2019 Retail: Version 2508 (Build 19127.20222)
- Office 2016 Retail: Version 2508 (Build 19127.20222)
- Office LTSC 2024 Volume Licensed: Version 2408 (Build 17932.20540)
- Office LTSC 2021 Volume Licensed: Version 2108 (Build 14334.20296)
- Office 2019 Volume Licensed: Version 1808 (Build 10417.20051)
The website linked above lists the security vulnerabilities that have been fixed for individual Office modules. For volume licenses, the respective builds are listed on this Microsoft page.
Updates for Office/SharePoint Server
Microsoft has also released security updates for various versions of Microsoft SharePoint Server.
SharePoint Server Subscription Edition
- SharePoint Server Subscription Edition: KB5002784
Microsoft SharePoint Server 2019
Microsoft SharePoint Server 2016
- SharePoint Enterprise Server 2016: KB5002778
- SharePoint Enterprise Server 2016 Language Pack: KB5002777
Office Online Server
- Office Online Server: KB5002776
Similar articles:
Microsoft Security Update Summary (September 9, 2025)
Patchday: Windows 10/11 Updates (September 9, 2025)
Patchday: Windows Server-Updates (September 9, 2025)
Patchday: Microsoft Office Updates (September 9, 2025)
AutoCAD, Firefox, SAP requests admin rights after Windows August 2025 updates (MSI error 1730)
Microsoft confirms UAC issue in Windows after August 2025 update
Windows 10/11: Aug. 2025 updates cause streaming problems
Am i the only one experiancing word strange formats? The Document is unusable. Btw. no editing possible… opening in libreoffice or older word version is working normally.
Till now I haven't got reports. If you send me details, I can prepare a blog post – in German and English – to find out, if it's a single case. The email may be found in the about section in the side bar.