Microsoft has also offered security patches for 81 categories of vulnerabilities in September 2025 and on Patch Tuesday, two of which are publicly reported zero-day vulnerabilities that are highly dangerous to the corporate environment. The latest security patch will deal with the significant vulnerabilities of the Windows operating systems, Microsoft Office programs, and other server components.
Two zero-day vulnerabilities should be dealt with
September saw it update and respond to two publicly reported zero-day vulnerabilities, which security researchers consider a cause for concern. The latter one works with the interference of Windows SMB Server, and the former one operates on the exploitation of a third-party library to the vulnerability of the Microsoft SQL Server.
CVE-2025-55234 is a privilege vulnerability that is also enabled with the Windows SMB server, and it has a CVSS score of 8.8. According to Microsoft, relay attacks can be vulnerable to the SMB Server depending on the settings. A successful attacker using these loopholes would have been able to do relay (abuse-of) attacks and expose the owners of the users to elevation of privilege attacks.
The remote attackers can use this to cause relay attacks, which take advantage of the improper authentication schemes within the environment of SMB servers over the network. As part of the attempt to eliminate these risks, Microsoft suggests the application of SMB Server Signing in such a way that the Extended Protection to Authentication (EPA) may be employed, which can eradicate the risks at the cost of being compatible with very old hardware.
SQL Server vulnerability is known to cover various versions
The second CVE-2024-21907 is associated with bad programming that involved exceptional handling in the Newtonsoft.Json library that is part of the Microsoft SQL Server. With a CVSS score of 7.5, this weakness offers denial of service attacks through the wastage of manipulated data.
Microsoft states that CVE-2024-21907 is a vulnerability in the Newtonsoft.Json up to version 13.0.1 that is considered to be in exceptional conditions. When given data, which is transmitted to the method, JsonConvert.DeserializeObject can result in a StackOverflow exception, and denial of service is applied. The legacy can be used with different versions of the SQL Server platform, including 2022, 2019, 2017, and 2016. Depending on the use of the library, the conditions of denial of service may be caused by an unauthenticated remote attacker.
Several products are severely vulnerable
Alongside the zero-days, nine severe vulnerabilities on various product lines were also patched by Microsoft. Windows NTLM also addressed a critical elevation of privilege flaw (CVE-2025-54918) that has a CVSS of 8.8 and allows authenticated low-privilege attackers to acquire SYSTEM privileges.
This kind of manipulation of computer-generated software features has placed Microsoft Office under extreme exposure, as CVE-2025-54910 is an 8.4 remote code execution vulnerability that is situated at the CVSS scale. This is what makes unauthenticated local attackers use arbitrary code through executing the exploiting code through the use of the heap-based buffer overflow, and the Preview Pane may be a potential attacker platform.
The graphic elements of the analysis
The other large problem this month is Windows Graphics Component vulnerabilities. Both CVE-2025-53800 and CVE-2025-55228 are assigned the critical severity level because one of them (the first one) provides an opportunity to execute code remotely, and the other one provides an opportunity to raise the level of use to SYSTEM. Several critical patches were also issued on the Graphics Engineering Kernel, including CVE-2025-55236 and CVE-2025-55226, both of which involved race conditions and used as type confusion.
Such security patches, particularly those regarding the already out zero-day attacks, shall be given priority in the organization in the night deployments. The SMB server vulnerabilities or SQL Server problems will be a considerable exposure to the enterprise networks, which are dependent on these basic Microsoft technologies.