Microsoft, Adobe, and SAP Release Essential Updates for September 2025 Patch Tuesday

ByAdmin September 10, 2025

On September 2025 Patch Tuesday, Microsoft released patches for over 80 vulnerabilities across its software products, with the reassuring news that none are currently being exploited. Among the critical vulnerabilities addressed is CVE-2025-54918, a remotely exploitable Windows NTLM elevation of privilege vulnerability. Microsoft highlighted that the attack complexity is low, as attackers do not require significant prior knowledge of the system to successfully exploit the vulnerability. Additionally, Satnam Narang, a senior staff research engineer at Tenable, emphasised the importance of patching CVE-2025-54916, a stack-based buffer overflow in Windows NTFS that could lead to remote code execution. Although this vulnerability has not been exploited, it warrants attention due to NTFS being the primary file system for Windows.

Another significant vulnerability, CVE-2025-55232, affects the Microsoft High Performance Compute (HPC) Pack, which coordinates Windows Server machines into a cluster. This flaw could enable remote, unauthenticated attackers to execute code on affected systems without user interaction, making it potentially wormable. Users are advised to update to HPC Pack 2019 Update 3 (Build 6.3.8328) and apply the quick fix (Build 6.3.8352). For those unable to update, it is recommended to run HPC Pack clusters within a trusted network secured by firewall rules, particularly for TCP port 5999. Furthermore, Jacob Ashdown, a Cyber Security Engineer at Immersive, urged organisations with remote or frequently travelling employees to address CVE-2025-54912, which affects BitLocker. This vulnerability could allow attackers to bypass BitLocker protections through physical access, granting unauthorised access to encrypted data without user interaction or prior privileges.

Categories: Vulnerability Types, Exploitability, Software Patches

Tags: Patches, Vulnerabilities, Microsoft, NTLM, Elevation of Privilege, Buffer Overflow, Remote Code Execution, HPC Pack, BitLocker, Exploitation

Don't miss | Hot stuff | News

Attackers exploit “Contact Us” forms and counterfeit NDAs to phish industrial manufacturing companies in order to enhance their SEO.

Don't miss | Hot stuff | News

Attackers exploit “Contact Us” forms and counterfeit NDAs to phish industrial manufacturing companies in order to enhance their SEO.

Don't miss | Hot stuff | News

Week in Review: Two threat actors take advantage of a WinRAR zero-day vulnerability, while Microsoft addresses the “BadSuccessor” Kerberos flaw to enhance security.

Microsoft, Adobe, and SAP Release Essential Updates for September 2025 Patch Tuesday

Attackers exploit “Contact Us” forms and counterfeit NDAs to phish industrial manufacturing companies in order to enhance their SEO.

Attackers exploit “Contact Us” forms and counterfeit NDAs to phish industrial manufacturing companies in order to enhance their SEO.

Croatian Research Institute Confirms Ransomware Attack Exploiting ToolShell Vulnerabilities

Murky Panda, a China-related entity, strategically navigates through cloud services with lateral movements.

Energy companies overlook numerous exposed services.

Week in Review: Two threat actors take advantage of a WinRAR zero-day vulnerability, while Microsoft addresses the “BadSuccessor” Kerberos flaw to enhance security.

Leave a Reply Cancel reply

Similar Posts

Leave a Reply Cancel reply