Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days

Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Apr 24, 2016
7,757
6
82,470
8,389
54
The Netherlands
Content source
https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2025-patch-tuesday-fixes-81-flaws-two-zero-days/
Today is Microsoft's September 2025 Patch Tuesday, which includes security updates for 81 flaws, including two publicly disclosed zero-day vulnerabilities.

This Patch Tuesday also fixes nine "Critical" vulnerabilities, five of which are remote code execution vulnerabilities, 1 is information disclosure, and 2 are elevation of privileges.

The number of bugs in each vulnerability category is listed below:
  • 41 Elevation of Privilege Vulnerabilities
  • 2 Security Feature Bypass Vulnerabilities
  • 22 Remote Code Execution Vulnerabilities
  • 16 Information Disclosure Vulnerabilities
  • 3 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerabilities
When BleepingComputer reports on the Patch Tuesday security updates, we only count those released on Patch Tuesday.

Therefore, the number of flaws does not include three Azure, one Dynamics 365 FastTrack Implementation Assets, two Mariner, five Microsoft Edge, and 1 Xbox vulnerabilities fixed earlier this month.

To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5065426 & KB5065431 cumulative updates and the Windows 10 KB5065429 update.
Click to expand...
www.bleepingcomputer.com

Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days

Today is Microsoft's September 2025 Patch Tuesday, which includes security updates for 81 flaws, including two publicly disclosed zero-day vulnerabilities.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: Andrew999, Nevi, Sorrento and 11 others
ZDI: The September 2025 Security Update Review
There’s a crispness in the air – at least here in North America – and with it comes the latest security patches from Adobe and Microsoft. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release.
Click to expand...
Adobe Patches for September 2025

For September, Adobe released nine bulletins addressing 22 unique CVEs in Adobe Acrobat Reader, After Effects, Premiere Pro, Commerce, Substance 3D Viewer, Experience Manager, Dreamweaver, Adobe 3D Substance Modeler, and ColdFusion. Of these, the ColdFusion update is the only Priority 1 patch, although Adobe notes no exploitation has been detected. The patch for Commerce addresses a single, Critical-rated bug that is rated a priority 2. Again, no exploitation is noted. Also of note is the update for Acrobat, which fixes one Critical and one Moderate-rated bugs.

The patch for After Effects fixes three Important-rated bug fixes three Important-rated bugs. There’s a single bug in Premiere Pro that could lead to code execution. The fix for Substance 3D Viewer addresses three separate code execution bugs. That’s the same for the patch for Substance 3D Modeler. The fix for Experience Manager is the largest patch this month, with seven fixes. However, only one of these is rated Critical. The bug is Dreamweaver corrects a single Cross-Site Request Forgery (CSRF) bug.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Besides the patches for ColdFusion and Commerce, all updates are listed as deployment priority 3.
Click to expand...
Microsoft Patches for September 2025

This month, Microsoft released 80 new CVEs in Windows and Windows Components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, Hyper-V, SQL Server, Defender Firewall Service, and Xbox (yup – Xbox!). Of the patches released today, eight are rated Critical, and the rest are rated Important in severity. This puts Microsoft about 100 CVEs ahead of where they were last year in terms of volume. We’ll see if this level of patches remains high throughout the rest of the year.

Microsoft lists one bug as being publicly known at the time of release, but nothing is noted as being under active attack.
Click to expand...
Looking Ahead

The next Patch Tuesday of 2025 will be on October 14, and I’ll be back then with my analysis and thoughts about the release. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!
Click to expand...
www.zerodayinitiative.com

Zero Day Initiative — The September 2025 Security Update Review

There’s a crispness in the air – at least here in North America – and with it comes the latest security patches from Adobe and Microsoft. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap cover
www.zerodayinitiative.com www.zerodayinitiative.com
 
  • Like
  • Hundred Points
Reactions: Victor M, Nevi, Sorrento and 4 others
You must log in or register to reply here.

You may also like...