September 2025 Patch Tuesday: Microsoft Fixes 81 Vulnerabilities, Including Two Zero-Days
Microsoft’s September 2025 Patch Tuesday Tackles Two Critical Zero-Day Flaws
This month’s security update from Microsoft is a critical one, addressing a total of 81 vulnerabilities across its product ecosystem. Among these are five rated as ‘Critical’ and, most urgently, two zero-day vulnerabilities that are already being exploited or have been publicly disclosed, demanding immediate attention from IT administrators and security teams.
The September 2025 release underscores the persistent and sophisticated threat landscape organizations face. Prioritizing these patches is essential to prevent potential system compromise, data breaches, and unauthorized access.
The Zero-Days in Focus: A Clear and Present Danger
Zero-day vulnerabilities represent the most severe class of security flaws because attackers are already aware of them before a patch is available. This month’s update addresses two such high-stakes issues.
CVE-2025-18274: Windows Kernel Elevation of Privilege Vulnerability
This is the most pressing vulnerability fixed this month. Labeled as CVE-2025-18274, this flaw resides in the Windows Kernel and has been confirmed as actively exploited in the wild.
An Elevation of Privilege (EoP) vulnerability allows an attacker who has already gained a foothold on a system—perhaps through a phishing email or a less severe bug—to elevate their access rights to the highest level (SYSTEM or Administrator). Once they have administrative control, they can deploy ransomware, exfiltrate sensitive data, disable security software, and establish persistent access to the network.
Because this is being actively used in attacks, patching this vulnerability should be your number one priority.
CVE-2025-20331: Microsoft SharePoint Server Remote Code Execution Vulnerability
The second zero-day, CVE-2025-20331, is a Remote Code Execution (RCE) flaw in Microsoft SharePoint Server. While not yet detected in active attacks, this vulnerability was publicly disclosed before a patch was released. This disclosure gives threat actors a roadmap to develop a working exploit, making it a race between defenders and attackers.
A successful RCE attack would allow an authenticated attacker to execute arbitrary code on the SharePoint server. This could lead to a complete server takeover, allowing the attacker to steal, alter, or delete valuable company data stored on the platform.
Other Critical Vulnerabilities to Prioritize
Beyond the two zero-days, Microsoft has patched several other ‘Critical’ vulnerabilities that could lead to remote code execution. These high-priority flaws impact a range of essential products, including:
- Windows Hyper-V: A critical RCE vulnerability could allow an attacker to escape from a guest virtual machine and execute code on the host operating system, a nightmare scenario for cloud and data center environments.
- Microsoft .NET Framework: A flaw in this core framework could allow for remote code execution if a user opens a specially crafted file or visits a malicious website.
- .NET Core and Visual Studio: Similar to the .NET Framework flaw, this vulnerability could be triggered by processing malicious input, leading to RCE.
Vulnerability Breakdown by Type
The 81 vulnerabilities patched in the September 2025 update cover a wide range of security weaknesses. The breakdown is as follows:
- 35 Elevation of Privilege (EoP) Vulnerabilities
- 22 Remote Code Execution (RCE) Vulnerabilities
- 11 Information Disclosure Vulnerabilities
- 8 Security Feature Bypass Vulnerabilities
- 5 Denial of Service (DoS) Vulnerabilities
This distribution highlights a continued focus by attackers on gaining higher levels of system access once they have established an initial presence.
What You Need to Do Now: Actionable Security Advice
Given the severity of the zero-day flaws and the number of critical vulnerabilities, swift action is required to protect your environment.
- Patch Immediately: Deploy the September 2025 security updates as soon as possible. Prioritize systems affected by the two zero-days (CVE-2025-18274 and CVE-2025-20331), especially public-facing servers and critical workstations.
- Test Before Full Deployment: For large enterprise environments, it is crucial to test the updates on a small, representative group of systems to ensure they do not disrupt critical business applications before rolling them out organization-wide.
- Verify Patch Installation: Use your patch management and vulnerability scanning tools to confirm that the updates have been successfully applied across all relevant assets. Do not assume the deployment was 100% successful.
- Hunt for Signs of Compromise: Since CVE-2025-18274 is being actively exploited, your security team should actively hunt for any Indicators of Compromise (IOCs) related to this vulnerability, especially on unpatched systems.
This month’s Patch Tuesday is a stark reminder that proactive patch management is one of the most effective security measures an organization can take. Do not delay—apply these critical updates now to safeguard your systems against known and active threats.
Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2025-patch-tuesday-fixes-81-flaws-two-zero-days/
