Threat Advisories:
Microsoft September 2025 Patch Tuesday Roundup The Gentlemen Ransomware: A Rising Global Cyber Threat MostereRAT: A Deep Dive into an EPL-Backed Phishing Operation Stealerium Changing the Rules of Cyber Espionage s1ngularity Nx Supply Chain Attack: AI-Driven Credential Theft & Mass Exposure GPUGate: Weaponizing Ads and GitHub to Outsmart Sandboxes Cephalus Ransomware a Wake-Up Call for Stronger Endpoint Defense Sitecore Zero-Day Powers Reconnaissance Malware TP-Link Router End-of-Service Models Exploited in Botnet Operation GhostRedirector Targets Windows Servers Globally for SEO Fraud CVE-2025-55177: WhatsApp Zero-Click Flaw Used in Targeted Campaigns Experimental AI Ransomware PromptLock Sparks Security Concerns NightSpire Ransomware Expands Reach with Aggressive Extortion Deadlines Operation HanKook Phantom: APT37’s Stealthy Espionage Campaign Storm-0501’s Shift to Cloud-Native Ransomware Salt Typhoon Cyber Attacks Hit 200 Organizations in the United States CVE-2025-7775: Actively Exploited Critical Flaw in Citrix NetScaler ZipLine Campaign Spins Web Around U.S. Supply Chain Manufacturers with MixShell August 2025 Linux Patch Roundup New SHAMOS Stealer Exploits One-Line Commands on macOS
🎧 Hive Force Labs: Critical Threats Affecting You This Week - 5 Minute Audio Intelligence Report
👥 Play Count: Loading...
Partner Program
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Case Studies
Whitepapers
Press Releases
connect
Webinars & Videos
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoThreat Digest - Subscribe
Platform
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Case Studies
Whitepapers
Press Releases
connect
Webinars & Videos
Company
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoThreat Digest - Subscribe

Microsoft September 2025 Patch Tuesday Roundup

Red | Vulnerability Report
Download PDF

Microsoft September 2025 Patch Tuesday Roundup

Summary

Microsoft’s September 2025 Patch Tuesday addresses a total of 81 vulnerabilities, including 8 critical, 72 important, and 1 moderate severity flaws, plus patches for 5 non-Microsoft CVEs – bringing the total to 86 vulnerabilities resolved this month. These vulnerabilities affect Microsoft SQL Server, Windows Graphics, Windows Update Service, Microsoft Office, Microsoft SharePoint, Microsoft Edge (Chromium-based) and more.

Key risks include 38 elevation of privilege vulnerabilities, 22 remote code execution (RCE) flaws, 14 information disclosure issues, 3 denial-of-service bugs, 3 security feature bypasses, and 1 spoofing vulnerability. Notably, 14 vulnerabilities are flagged as being at risk of exploitation, including the critical Windows SMB (CVE-2025-55234) elevation of privilege flaw and Microsoft Office RCE (CVE-2025-54910), both of which require immediate patching.

Vulnerability Details

  • CVE-2025-55234 – Windows SMB EoP: Allows unauthenticated relay attacks by exploiting improper authentication mechanisms in SMB server configurations. Systems lacking SMB signing or Extended Protection for Authentication (EPA) are most at risk.

  • CVE-2024-21907 – Newtonsoft.Json DoS: Affects Microsoft SQL Server; attackers can trigger a denial-of-service condition via improper exception handling.

  • CVE-2025-54918 – Windows NTLM EoP: Enables attackers to escalate to SYSTEM-level privileges.

  • CVE-2025-54910 – Microsoft Office RCE: A heap-based buffer overflow that allows code execution through the Preview Pane with no user interaction.

  • CVE-2025-53800 & CVE-2025-55228 – Windows Graphics Component: Elevation of privilege and RCE flaws that allow attackers to escalate to SYSTEM or execute code remotely.

  • Other Affected Components: Windows Hyper-V, Kernel, NTFS, RRAS, LSASS, SQL Server, Excel, Word, SharePoint, and Edge (Chromium) with multiple privilege escalation, information disclosure, and spoofing issues.

Recommendations

  • Prioritize Critical Vulnerabilities: Immediate deployment of patches for CVE-2025-55234 (SMB), CVE-2024-21907 (Newtonsoft.Json), CVE-2025-54910 (Office RCE), and CVE-2025-55228 (Graphics Component RCE).

  • Service Exposure Evaluation: Identify publicly accessible services and disable or harden SMB servers lacking signing/EPA.

  • Strengthen Authentication & Access Controls: Migrate away from legacy NTLM where possible, enforce MFA, and enable secure authentication mechanisms.

  • Post-Patch Validation: Conduct rigorous testing to confirm remediation effectiveness and ensure business-critical functions remain unaffected.

  • Continuous Monitoring: Watch for exploitation attempts targeting these CVEs, especially in internet-exposed infrastructure.

MITRE ATT&CK TTPs

  • Initial Access: T1189 (Drive-by Compromise), T1566 (Phishing), T1190 (Exploit Public-Facing Application)

  • Execution: T1204 (User Execution), T1204.002 (Malicious File), T1059 (Command & Scripting Interpreter), T1059.007 (JavaScript), T1203 (Exploitation for Client Execution)

  • Privilege Escalation: T1068 (Exploitation for Privilege Escalation), T1543 (Create or Modify System Process), T1543.003 (Windows Service)

  • Persistence: T1547 (Boot or Logon Autostart Execution), T1133 (External Remote Services)

  • Defense Evasion: T1562 (Impair Defenses), T1562.001 (Disable or Modify Tools), T1112 (Modify Registry)

  • Discovery: T1018 (Remote System Discovery), T1033 (System Owner/User Discovery), T1046 (Network Service Discovery), T1087 (Account Discovery)

  • Lateral Movement: T1021 (Remote Services), T1021.002 (SMB/Windows Admin Shares)

  • Impact: T1498 (Network DoS), T1499 (Endpoint DoS)

References

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox