Microsoft has already issued security patches to cover 81 vulnerabilities affecting Windows, Office, SQL Server, and other Microsoft-based products, including two zero-day holes known publicly, with an immediate effect on the security of organizations worldwide, and administrators are being encouraged to plan high-priority patches as soon as possible.
Two zero-day vulnerabilities that should be addressed are in existence
According to BleepingComputer, it is September 2025, and today, the Patch Tuesday of Microsoft brings security patches against 81 bugs, with two of them being publicly disclosed zero-day vulnerabilities. They all contain nine Critical vulnerabilities patches, five remote code execution, 1 information disclosure, and 2 elevation of privileges.
More patches with 81 vulnerabilities in Windows, Office, SQL Server, and other Microsoft products will be provided by Microsoft at Microsoft Patch Tuesday in September 2025 (Splashtop). One of them (Windows SMB vulnerability) has two publicly disclosed, zero-day vulnerabilities that it fixes (the former can cause relay attacks), and another issue (vulnerability in Newtonsoft.Json) used by SQL Server can cause a denial-of-service.
In the Windows SMB vulnerability, relay attacks can occur
CVE-2025-55234 Windows SMB Elevation of Privilege Vulnerability Windows SMB Server is also susceptible to a relay attack. Depending on the setup, the SMB Server can be subject to a relay attack. Microsoft says that someone who has succeeded in such vulnerabilities would be able to relay attacks and introduce the users to elevation of privilege attacks.
Windows, according to Microsoft, has a default configuration that can be used to protect against relay attacks, including SMB Server Signing and SMB Server Extended Protection of Authentication (EPA) options. However, the very fact of the activation of these features can cause incompatibility with the old devices and implementations. Microsoft recommends activating auditing of SMB servers to determine whether they can identify any problems.
SQL Server Newtonsoft.Json vulnerability gives rise to a denial-of-service
CVE-2024-21907 – VulnCheck: CVE-2024-21907 Exceptional Conditions Mismanagement in Newtonsoft.Json is known to affect the Microsoft SQL Server. The vulnerability described by Microsoft is CVE-2024-21907, which spans a mishandling of an exceptional condition threat in Newtonsoft.Json up to 13.0.1. A potential source of a stack overflow exception resulting in a denial of service error is a constructed data that is passed to the mechanism of JsonConvert.DeserializeObject.
It contains nine critically rated issues, with one of them being five remote code execution bugs. The main concern of organizations should be the implementation of Windows 10/11 cumulative updates, the SQL server patch, and the survey of SMB hardening settings so that they can be a bit less exposed. The by category vulnerabilities include 41 Elevation of Privilege, 2 Security Feature Bypass, 22 Remote Code Execution, 16 Information Disclosure, 3 Denial of Service, and 1 Spoofing vulnerabilities.
The vulnerabilities were critical across several Microsoft products
Microsoft has patched products such as Windows 10 and Windows 11 (KB5065426, KB5065431, KB5065429), Microsoft Office and Office applications (Excel, Word, Visio, PowerPoint), Microsoft graphics and Hyper-V and SQL server (through Newtonsoft.Json patch), Azure service, HPC Pack, and Microsoft AutoUpdate today.
The patches are extremely proliferated in the enterprise environment and have many components, which need to be implemented as soon as possible. The IT departments are also expected to employ zero-day-but-not-minutes, Windows cumulative updates, high-risk-exploit issues, and high-risk-privilege elevation alarms, and even review some of the updates of the CISA KEV Catalog.
In September 2025, Microsoft Patch Tuesday represents the extent of cybersecurity dangers that are currently present in organizations, and the introduction of zero-day SMB and SQL server vulnerabilities that will have to be fixed either immediately or as soon as possible. It is one of the most critical information that an IT administrator cannot overlook to prevent active exploitation, and, at the same time, must have relevant testing and deployment packages that will ensure the stability of the system.