HomeNews

Microsoft Patched 81 Security Flaws, Including 0-day

2025-09-10 by Chemtable Software

In September 2025, Microsoft released security updates that fixed a total of 81 vulnerabilities in its Windows operating systems and server solutions. This update is of immense importance for all users, as many of these issues could potentially have been exploited by attackers to gain unauthorized access to computers, cause data loss, or disrupt system operation.

Let’s take a closer look at what these updates mean for regular users.

A brief summary of the issues fixed on the current Patch Tuesday:

  • 41 Elevation of Privilege vulnerabilities
  • 2 Security Feature Bypass vulnerabilities
  • 22 Remote Code Execution vulnerabilities
  • 16 Information Disclosure vulnerabilities
  • 3 Denial of Service vulnerabilities
  • 1 Spoofing vulnerability

The patched issues include a wide variety of vulnerabilities. Some of them allow attackers to gain administrator privileges. This means they could run any programs on the computer, change important settings, and even take control of the system. Other vulnerabilities are related to remote code execution. For instance, malware could get onto your computer via the internet or a local network and start operating without your knowledge.

There are also vulnerabilities related to information disclosure. This means that attackers could gain access to a user’s confidential data—such as passwords, personal files, or information about program operations. Some issues cause denial of service—when the system stops responding and requires a reboot.

Microsoft addressed all these security flaws in one major update, significantly enhancing the protection of Windows 11 and Windows 10 operating systems, as well as Windows Server solutions.

“Zero-day” Vulnerabilities

Particular attention should be paid to the fact that the update fixes two “zero-day” vulnerabilities. This is a term meaning that the issue was known to the public or attackers and could have been exploited prior to an official fix being available. Such vulnerabilities pose the greatest threat because users have no time to protect themselves.

The first one (CVE-2025-55234) is related to the SMB Server component. This component is responsible for file and data sharing between computers on a network. If it is vulnerable, an attacker can exploit the flaw to perform a credential relay attack or elevate their privileges in the system. As a result, they gain capabilities typically unavailable to a regular user.

To protect against such attacks, Microsoft recommends enabling specific security features on the SMB server itself: message signing and extended protection for authentication. However, this is usually not relevant for home users, while for organizations it is a complex process that requires careful testing, as the new settings may cause compatibility issues with some older devices or programs.

The second vulnerability (CVE-2024-21907) concerns the Newtonsoft.Json library, which is often used in Microsoft SQL Server—a database management system that powers many websites and applications. The problem was the incorrect processing of certain special data, which could lead to a crash and denial of service. For users, this means that a website or application could become unavailable.

After the update, the Newtonsoft.Json library has been fixed, improving the stability and security of SQL Server.

Instead of a Conclusion

For regular users, it’s important to remember a simple rule: never delay installing security updates. Even if the computer seems to be working fine, the installed patches protect against potential future attacks and improve overall security. For convenience, it’s best to enable automatic Windows updates to receive all necessary fixes immediately after they are released. This is especially important for those who don’t follow security news and don’t want to manually check for updates.

Microsoft provides updates for different versions of Windows and update channels. For Windows 11 and Windows 10 (although support for Windows 10 is ending soon), they are released regularly and include not only new features but also critical security fixes.

Support for Windows Server also remains high. Security updates provide protection for businesses and organizations that use servers for data storage, application operation, and network organization.

It is also worth noting that security updates not only affect protection against direct attacks but also help the system run more stably. For example, fixes for denial of service and application crash issues reduce the number of unexpected reboots and failures, improving the comfort of using the computer.

For those who use a computer at home, it’s important to know that regularly updating the system is one of the best habits for maintaining your equipment. It’s like timely car maintenance: if you don’t change the oil and check the engine’s condition, the car wears out and breaks down faster. Similarly, Windows updates help prevent virus infections, hacker attacks, and protect personal data.

If the computer supports automatic updates, it should be enabled to avoid worrying about security and to receive necessary updates without additional intervention.

Related posts:
  1. Microsoft updates: over 70 vulnerabilities fixed
  2. Patch Tuesday, March 2025: updates addressing 57 vulnerabilities
  3. Microsoft Fixed 107 Vulnerabilities – Check Your PC
  4. Important Windows updates (December 2024): 71 vulnerabilities fixed
  5. Windows 11 Update Cleared: Phison Investigation Finds No SSD Issues
Back to Top ↑