Microsoft Releases September 2025 Security Updates

CVE-2025-55234

SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks: Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures.

CVE-2024-21907

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

CVE-2025-54914

Azure Networking Elevation of Privilege Vulnerability

CVE-2025-55244

Azure Bot Service Elevation of Privilege Vulnerability

CVE-2025-55241

Azure Entra Elevation of Privilege Vulnerability

CVE-2025-55238

Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability

CVE-2025-55236

Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.

CVE-2025-55226

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.

CVE-2025-53800

Incorrect initialization of resource in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

CVE-2025-54910

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-53799

Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

CVE-2025-54918

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.

CVE-2025-55224

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

CVE-2025-55228

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.