Skip to content
BLOG

Patch Tuesday September 2025

Tara Sinquefield
Tara Sinquefield|September 9, 2025
Orange themed Patch Tuesday banner image
Orange themed Patch Tuesday banner image
Sections

Another month, another round of patches that will either fix vulnerabilities or break stuff trying. If you’re confused, let me catch you up to speed. August patches left us with Autodesk permission issues, MSI installation shenanigans, NDI performance problems, and reports of disappearing SSDs. Now, I don’t want to point any fingers (Microsoft says up to 30% of code is written by AI), but hopefully September’s patches are heavy on the fixes and light on the issues, unless you have an on-prem Exchange server, because you’re gonna have a bad day. Let’s get into the details! 

Severity 

  • Total exploits patched: 80 

  • Critical patches: 8 

  • Important: 72 

  • Moderate: 0 

  • Low: 0 

Impact 

  • Remote code execution: 22 

  • Elevation of privilege: 38 

  • Information disclosure: 14 

  • Spoofing: 1 

  • Tampering: 0 

  • Denial of service: 3 

Exposure 

  • Publicly disclosed: 1 

  • Actively exploited: None 

Some highlights (or lowlights)

  • CVE-2025-54910: Coming in at an 8.4, this Microsoft Office remote code execution vulnerability allows bad actors to run code by tricking someone into opening a file. It can be accessed via the preview pane, and it also affects the Mac version.

  • CVE-2025-55224: With a 7.8 rating, this Windows Hyper-V remote code execution vulnerability uses shared resource involving a race condition (two processes trying to read/write to a database getting all wild, creating an unstable condition). In other words, successful exploitation could allow an attacker to escape the virtual machine environment and execute arbitrary code on the Hyper-V host, which may in turn put other guest VMs at risk.

  • CVE-2025-54918: At an 8.8, this Windows NTLM elevation of privilege vulnerability allows an attacker with access to a low-privileged account to gain system-level access by crafting a specific NTLM request.

Wrapping up

The biggest takeaway from Microsoft’s recent patch stumbles? Testing matters. Rolling updates straight into production is asking for trouble, but building a test-and-verify process doesn’t have to slow you down. PDQ Connect makes it easy to stage, test, and then deploy Windows updates across your fleet so you can stay secure without breaking your environment.

Loading...

Tara Sinquefield
Tara Sinquefield

Tara used to work in IT. She loves animals. She kinda likes humans. Now she does theoretical IT and teaches other nerds how to do stuff.

Related articles

Dog drooling while reading content on laptop

IT vs. InfoSec: War stories and ways to work better together

GENERAL IT

Illustration of mail with letter with check marks

PDQ acquires ISL Online for seamless remote desktop

NEWS

Illustration of computer desk and monitor with PDQ logo

The invisible line between IT and InfoSec (and why it keeps getting crossed)

GENERAL IT