Microsoft corp. Today security updates were issued to fix more than 80 weaknesses Stretch Operating system and software. The bundle of this month from Redmond does not address any known “zero-day” or actively exploited weaknesses, yet patch for 13 flaws that earned the most-dyer “critical” label of Microsoft. Meanwhile, both Apple And Google Updated updates recently to fix zero-day insects in their devices.
Microsoft provides safety defects a “important” rating when malaware or rogue can exploit them to get remote access to Windows systems with much less or no help from users. This month is more important for the important bugs Cve-2025-54918Stays here with problems Windows NTLMOr NT LAN manager, a suit of code for managing certification in the Windows network environment.
Redmund has given this defect as “more likely to exploit”, and although it is listed as a privilege increase, Kev burn But Immersive It is said that it is actually an exploiter on the network or the Internet.
“From limited details of Microsoft, it appears that if an attacker is able to send specially prepared packets on the network on the target device, they will have the ability to obtain a system-level privilege on the target machine,” Burn said. “Patch notes for this vulnerability stated that ‘the inappropriate certification in Windows NTLM allows an authorized attacker to elevate privileges on a network,’ an attacker suggests that NTLM may have already required access to the hash or user’s credentials.”
Breen said another patch – Cve-2025-55234A 8.8 CVSS-Schor affects the defect Windows SMB Client to share files in a network – also listed as the privilege ascastion bug, but is similarly exploitative from far away. This vulnerability was publicly revealed before this month.
“Microsoft says that an attacker with network access will be able to attack a replete against a target host, resulting in an additional privilege, which could lead to code execution,” Burn said.
Cve-2025-54916 There is a “important” vulnerability in Windows NTFS – Default file system for all modern versions of Windows – which can lead to distance code execution. Microsoft thinks that we are more than the possibility of seeing this bug soon: Microsoft had a NTFS bug patching in March 2025 and it was already being exploited as zero-day in the wild.
“While the title of CVE says’ remote code execution ‘says,’ This exploitation is not exploited from far away on the network, but instead an attacker is required, either the ability to have the ability to run the code on the host or to run a file to the user to run a file that will trigger exploitation,” Burn said. “It is usually seen in social engineering attacks, where they send a file to the user to open as an an attachment or open a file link to download and run.”
Important and remote code execution bugs steal all limelight, but Worthy Senior employee research engineer Satam Narang Notes that are about half of all the weaknesses fixed by Microsoft this month are the defects that increase privileges, which requires an attacker to achieve access to the target system before trying to elevate the privileges.
“This year for the third time, Microsoft patch the higher height of privilege weaknesses than distant code execution defects,” Narang saw.
On September 3, Google Fixed two flaws It was found as exploitation in zero-day attacks, including CVE-2025–38352, height of privilege in Android kernel, and CVE-2025–48543, a height of privilege problem in Android runtime components.
In addition, Apple recently packed its seventh zero-day (CVE-2025-43300) of this year. It was part of it An exploitation chain Used with a vulnerability in WhatsApp (CVE-2025-55177) Apple device to hack Instant Messenger. Amnesty International Reports In the last 90 days, two zero-days have been used in “an advanced spyware campaign”. The issue has been fixed in iOS 18.6.2, iPados 18.6.2, iPados 17.7.10, Macos Sequoia 15.6.1, Macos Sonoma 14.7.8, and Macos Ventura 13.7.8.
Sans Internet Storm Center One Clicker Every person from Microsoft was fixed by fixing, severity and CVSS score. Enterprise Windows Admins must be involved in testing the patch before testing askwoody.comWhich is often diluted on the winner update.
Askwood also reminded us that we are now shutting off the free security updates for Windows 10 computer just two months before Microsoft. For those interested in securely expanding the lifetime and utility of these old machines, see the patch Tuesday coverage of the previous month for some pointers.
As usual, please do not ignore taking backup of your data (if not your entire system) at regular intervals, and if you experience problems in installing any of these fixes, feel free to shut down the sound in the comments.
