Microsoft Releases September 2025 Patch Tuesday Updates

使用Microsoft To Do或Microsoft Planner进行日常任务管理 #生活常识# #时间管理建议# #时间记录工具#

Key Takeaways:

Microsoft patched 80 security flaws across Windows, Office, Azure, and more. Several critical vulnerabilities were addressed, including remote code execution risks. Important changes are coming in October that organizations must prepare for.

Microsoft has released the September 2025 Patch Tuesday updates for Windows 11 and Windows 10. This month, the company has fixed 80 vulnerabilities in Windows, Office, Microsoft Edge, Azure, Hyper-V, and other components.

This month’s Patch Tuesday serves as a reminder for organizations to prepare for two key changes coming in October: the end-of-support for Windows 10 and the next phase of mandatory multifactor authentication (MFA) for Azure. Security teams should begin planning now, and those unable to complete their Windows 10 migration in time should consider enrolling in Microsoft’s Extended Security Updates program.

September 2025 Patch Tuesday updates fix 80 vulnerabilities

As noted by the Zero Day Initiative, Microsoft has fixed eight critical vulnerabilities, while the rest are rated as important. Fortunately, none of these flaws is currently being actively exploited. Here’s a look at some of the most important vulnerabilities patched this month:

CVE-2025-55234: This is a zero-day EoP vulnerability in Windows Server Message Block (SMB) that could be exploited by an attacker to gain the privileges of the legitimate user. This bug enables hackers to launch SMB relay attacks to escalate privileges on the target system. CVE-2024-21907: This is a high-severity flaw affecting the popular .NET library Newtonsoft.Json (also known as Json.NET), specifically versions prior to 13.0.1. This vulnerability could be exploited to cause resource exhaustion (CPU/RAM) or a complete service outage. CVE-2025-55232: This is an RCE vulnerability in the Microsoft High Performance Compute (HPC) Pack. This flaw could allow remote code execution over the enterprise network. CVE-2025-54916: This is another remote code execution vulnerability in Windows NTFS. It could be triggered by an unauthenticated user from a local machine. CVE-2025-54910: This is a critical remote code execution vulnerability in Microsoft Office. An attacker can exploit this flaw by crafting a malicious Office document that, when opened, causes memory corruption and enables code execution.

You can find the full list of CVEs for September 2025 below:

TagCVEBase ScoreExploitabilityFAQs?Workarounds?Mitigations?SQL ServerCVE-2025-479976.5Exploitation Less LikelyYesNoNoAzure Windows Virtual Machine AgentCVE-2025-496927.8Exploitation UnlikelyYesNoNoWindows PowerShellCVE-2025-497347Exploitation Less LikelyYesNoNoMicrosoft Edge (Chromium-based)CVE-2025-537914.7Exploitation Less LikelyYesNoNoWindows Routing and Remote Access Service (RRAS)CVE-2025-537966.5Exploitation UnlikelyYesNoNoWindows Routing and Remote Access Service (RRAS)CVE-2025-537976.5Exploitation UnlikelyYesNoNoWindows Routing and Remote Access Service (RRAS)CVE-2025-537986.5Exploitation UnlikelyYesNoNoWindows Imaging ComponentCVE-2025-537995.5Exploitation UnlikelyYesNoNoMicrosoft Graphics ComponentCVE-2025-538007.8Exploitation Less LikelyYesNoNoWindows DWMCVE-2025-538017.8Exploitation Less LikelyYesNoNoWindows Bluetooth ServiceCVE-2025-538027Exploitation Less LikelyYesNoNoWindows KernelCVE-2025-538035.5Exploitation More LikelyYesNoNoWindows KernelCVE-2025-538045.5Exploitation More LikelyYesNoNoWindows Internet Information ServicesCVE-2025-538057.5Exploitation UnlikelyNoNoNoWindows Routing and Remote Access Service (RRAS)CVE-2025-538066.5Exploitation UnlikelyYesNoNoMicrosoft Graphics ComponentCVE-2025-538077Exploitation Less LikelyYesNoNoWindows Defender Firewall ServiceCVE-2025-538086.7Exploitation Less LikelyYesNoNoWindows Local Security Authority Subsystem Service (LSASS)CVE-2025-538096.5Exploitation Less LikelyNoNoNoWindows Defender Firewall ServiceCVE-2025-538106.7Exploitation Less LikelyYesNoNoRole: Windows Hyper-VCVE-2025-540917.8Exploitation Less LikelyYesNoNoRole: Windows Hyper-VCVE-2025-540927.8Exploitation Less LikelyYesNoNoWindows TCP/IPCVE-2025-540937Exploitation More LikelyYesNoNoWindows Defender Firewall ServiceCVE-2025-540946.7Exploitation UnlikelyYesNoNoWindows Routing and Remote Access Service (RRAS)CVE-2025-540956.5Exploitation UnlikelyYesNoNoWindows Routing and Remote Access Service (RRAS)CVE-2025-540966.5Exploitation UnlikelyYesNoNoWindows Routing and Remote Access Service (RRAS)CVE-2025-540976.5Exploitation UnlikelyYesNoNoRole: Windows Hyper-VCVE-2025-540987.8Exploitation More LikelyYesNoNoWindows Ancillary Function Driver for WinSockCVE-2025-540997Exploitation Less LikelyYesNoNoWindows SMBv3 ClientCVE-2025-541014.8Exploitation Less LikelyYesNoNoWindows Connected Devices Platform ServiceCVE-2025-541027.8Exploitation Less LikelyYesNoNoWindows Management ServicesCVE-2025-541037.4Exploitation Less LikelyYesNoNoWindows Defender Firewall ServiceCVE-2025-541046.7Exploitation Less LikelyYesNoNoMicrosoft Brokering File SystemCVE-2025-541057Exploitation Less LikelyYesNoNoWindows Routing and Remote Access Service (RRAS)CVE-2025-541068.8Exploitation Less LikelyYesNoNoWindows MapUrlToZoneCVE-2025-541074.3Exploitation Less LikelyYesNoNoCapability Access Management Service (camsvc)CVE-2025-541087Exploitation UnlikelyYesNoNoWindows Defender Firewall ServiceCVE-2025-541096.7Exploitation Less LikelyYesNoNoWindows KernelCVE-2025-541108.8Exploitation More LikelyYesNoNoWindows UI XAML Phone DatePickerFlyoutCVE-2025-541117.8Exploitation Less LikelyYesNoNoMicrosoft Virtual Hard DriveCVE-2025-541127Exploitation UnlikelyYesNoNoWindows Routing and Remote Access Service (RRAS)CVE-2025-541138.8Exploitation UnlikelyYesNoNoWindows Connected Devices Platform ServiceCVE-2025-541147Exploitation Less LikelyYesNoNoRole: Windows Hyper-VCVE-2025-541157Exploitation Less LikelyYesNoNoWindows MultiPoint ServicesCVE-2025-541167.3Exploitation UnlikelyYesNoNoWindows Local Security Authority Subsystem Service (LSASS)CVE-2025-548947.8Exploitation Less LikelyYesNoNoWindows SPNEGO Extended NegotiationCVE-2025-548957.8Exploitation Less LikelyYesNoNoMicrosoft Office ExcelCVE-2025-548967.8Exploitation UnlikelyYesNoNoMicrosoft Office SharePointCVE-2025-548978.8Exploitation Less LikelyYesNoNoMicrosoft Office ExcelCVE-2025-548987.8Exploitation Less LikelyYesNoNoMicrosoft Office ExcelCVE-2025-548997.8Exploitation UnlikelyYesNoNoMicrosoft Office ExcelCVE-2025-549007.8Exploitation UnlikelyYesNoNoMicrosoft Office ExcelCVE-2025-549015.5Exploitation Less LikelyYesNoNoMicrosoft Office ExcelCVE-2025-549027.8Exploitation Less LikelyYesNoNoMicrosoft Office ExcelCVE-2025-549037.8Exploitation Less LikelyYesNoNoMicrosoft Office ExcelCVE-2025-549047.8Exploitation Less LikelyYesNoNoMicrosoft Office WordCVE-2025-549057.1Exploitation Less LikelyYesNoNoMicrosoft OfficeCVE-2025-549067.8Exploitation Less LikelyYesNoNoMicrosoft Office VisioCVE-2025-549077.8Exploitation Less LikelyYesNoNoMicrosoft Office PowerPointCVE-2025-549087.8Exploitation Less LikelyYesNoNoMicrosoft OfficeCVE-2025-549108.4Exploitation Less LikelyYesNoNoWindows BitLockerCVE-2025-549117.3Exploitation Less LikelyYesNoNoWindows BitLockerCVE-2025-549127.8Exploitation Less LikelyNoNoNoWindows UI XAML Maps MapControlSettingsCVE-2025-549137.8Exploitation UnlikelyYesNoNoWindows Defender Firewall ServiceCVE-2025-549156.7Exploitation UnlikelyYesNoNoWindows NTFSCVE-2025-549167.8Exploitation More LikelyYesNoNoWindows MapUrlToZoneCVE-2025-549174.3Exploitation Less LikelyYesNoNoWindows NTLMCVE-2025-549188.8Exploitation More LikelyYesNoNoWindows Win32K – GRFXCVE-2025-549197.5Exploitation Less LikelyYesNoNoGraphics KernelCVE-2025-552237Exploitation Less LikelyYesNoNoWindows Win32K – GRFXCVE-2025-552247.8Exploitation Less LikelyYesNoNoWindows Routing and Remote Access Service (RRAS)CVE-2025-552256.5Exploitation Less LikelyYesNoNoGraphics KernelCVE-2025-552266.7Exploitation Less LikelyYesNoNoSQL ServerCVE-2025-552278.8Exploitation Less LikelyYesNoNoWindows Win32K – GRFXCVE-2025-552287.8Exploitation Less LikelyYesNoNoMicrosoft High Performance Compute Pack (HPC)CVE-2025-552329.8Exploitation Less LikelyYesNoYesWindows SMBCVE-2025-552348.8Exploitation More LikelyYesNoNoGraphics KernelCVE-2025-552367.3Exploitation Less LikelyYesNoNoMicrosoft OfficeCVE-2025-552437.5Exploitation Less LikelyNoNoNoXboxCVE-2025-552457.8Exploitation Less LikelyYesNoNoAzure ArcCVE-2025-553167.8Exploitation UnlikelyYesNoNoMicrosoft AutoUpdate (MAU)CVE-2025-553177.8Exploitation UnlikelyYesNoNo

Quality and experience updates

Microsoft has released the KB5065431 and KB5065426 updates for Windows 11 versions 23H2 and 24H2, respectively. The KB5065431 patch brings several new capabilities for Copilot+ PCs, including Windows Recall enhancements, Click to Do improvements, and support for Agent in Settings for AMD and Intel-powered Copilot+ PCs.

Additionally, Microsoft has fixed an issue that caused non-admin users to encounter unexpected User Account Control (UAC) prompts when MSI installers perform certain custom actions. These updates also add auditing capabilities to help organizations detect devices or software that may not be compatible with SMB Server signing or Extended Protection for Authentication (EPA).

On Windows 10, the KB5065429 patch brings stability fixes, accessibility improvements, and two new features for enterprise customers. Microsoft has added a new networking control that lets organizations block outbound traffic for the keyless Commercial ESU solution. This capability allows administrators to enhance security and compliance in managed environments. This update also introduces Windows Backup for Organizations, which is a cloud-based enterprise feature designed to simplify device transitions.

Windows Update testing and best practices

Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.

A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.

There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.

网址：Microsoft Releases September 2025 Patch Tuesday Updates https://www.yuejiaxmz.com/news/view/1302973

相关内容

You can now get Microsoft Office for life, and it costs less than a single year of Microsoft 365
Microsoft Start
Microsoft confirms another round of layoffs in Redmond
教你用英语说时间、星期几、月份、季节和重要节假日！
推荐一款超实用的开源待办任务清单工具：Super Productivity
Mono Releases
What Time is Sunrise and Sunset in London, United Kingdom?
Microsoft Remote Desktop 10
Microsoft Office
探索 Microsoft 产品、应用和设备

随便看看