September 2025 Patch Tuesday updates for Microsoft

On September 9, 2025, Microsoft released security updates for 81 vulnerabilities as part of its monthly Patch Tuesday. Including fixes issued earlier in the month, the total reaches 86, covering products such as Azure, Dynamics 365, Edge, and Xbox.

While none of the vulnerabilities were confirmed as actively exploited, eight were marked as “more likely to be exploited,” affecting core components like Windows kernel, NTFS file system, TCP/IP stack, Hyper-V, NTLM authentication, and Server Message Block (SMB).

CVE-2025-55234

One publicly disclosed issue patched this month is CVE-2025-55234, a privilege escalation flaw in the SMB protocol. It carries a CVSS score of 8.8.

The vulnerability enables NTLM relay attacks, allowing one to elevate privileges by forwarding authentication requests in systems that don’t enforce SMB signing or Extended Protection for Authentication (EPA). Microsoft released audit tools to help organizations assess compatibility before enabling these protections, which are often disabled in legacy environments putting them at higher risk.

CVE-2024-21907

The second publicly disclosed flaw, CVE-2024-21907, is a denial-of-service flaw in a widely used component called Newtonsoft.Json. It affects systems like Microsoft SQL Server and other enterprise applications that rely on this library to process data.

If exploited, a threat actor could crash services by sending malicious data, potentially disrupting business operations.

First disclosed in 2024, it was only officially patched by Microsoft on September 9, 2025. Although no exploitation has been confirmed in the wild, proof-of-concept code has circulated since early 2025.

With a CVSS rating of 7.5, the vulnerability was classified as a zero day due to its public exposure prior to patching. Microsoft remediated the issue by updating the library to version 13.0.1.

CVE-2025-54914

On September 4, a few days before the Patch Tuesday event, Microsoft patched CVE-2025-54914, a critical privilege escalation vulnerability in Azure Networking services.

With a CVSS score of 10.0, it allowed unauthorized access elevation due to improper enforcement of role-based permissions. Microsoft confirmed the fix was automatically applied across affected infrastructure, requiring no user action.

While not exploited, the flaw posed a significant risk to cloud environments, potentially allowing attackers to bypass access controls and manipulate networking configurations.

Stay on top of emerging threats like this.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up

Analyst insight

For CVE-2024-21907, audit applications using Newtonsoft.Json and ensure they are updated to the latest version.

For CVE-2025-55234, review SMB configurations and enable signing and EPA where possible. Use Microsoft’s audit events to identify systems that may be impacted by stricter authentication policies.

These vulnerabilities highlight the need to reduce reliance on NTLM and modernize SMB security across enterprise environments.