Microsoft on Tuesday addressed a set of 80 security flaws in its software program, together with one vulnerability that has been disclosed as publicly recognized on the time of launch.
Of the 80 vulnerabilities, eight are rated Important and 72 are rated Vital in severity. Not one of the shortcomings has been exploited within the wild as a zero-day. Like final month, 38 of the disclosed flaws are associated to privilege escalation, adopted by distant code execution (22), info disclosure (14), and denial-of-service (3).
“For the third time this 12 months, Microsoft patched extra elevation of privilege vulnerabilities than distant code execution flaws,” Satnam Narang, senior workers analysis engineer at Tenable, stated. “Almost 50% (47.5%) of all bugs this month are privilege escalation vulnerabilities.”
The patches are along with 12 vulnerabilities addressed in Microsoft’s Chromium-based Edge browser for the reason that launch of August 2025’s Patch Tuesday replace, together with a security bypass bug (CVE-2025-53791, CVSS rating: 4.7) that has been patched in model 140.0.3485.54 of the browser.
The vulnerability that has been flagged as publicly recognized is CVE-2025-55234 (CVSS rating: 8.8), a case of privilege escalation in Home windows SMB.
“SMB Server is likely to be prone to relay assaults relying on the configuration,” Microsoft stated. “An attacker who efficiently exploited these vulnerabilities may carry out relay assaults and make the customers topic to elevation of privilege assaults.”
The Home windows maker stated the replace allows help for auditing SMB consumer compatibility for SMB Server signing in addition to SMB Server EPA, permitting clients to evaluate their surroundings and detect any potential gadget or software program incompatibility points earlier than deploying applicable hardening measures.
“The important thing takeaway from the CVE-2025-55234 advisory, apart from the reason of the well-known assault floor round SMB authentication, is that that is a type of occasions the place merely patching is not sufficient; in truth, the patches present directors with extra auditing choices to find out whether or not their SMB Server is interacting with shoppers that will not help the really useful hardening choices,” Adam Barnett, lead software program engineer at Rapid7, stated.
Mike Walters, president and co-founder of Motion, stated the vulnerability stems from the truth that SMB classes will be established with out correctly validating the authentication context when key hardening measures, resembling SMB signing and Prolonged Safety for Authentication, aren’t in place.
“This hole opens the door to man-in-the-middle relay assaults, the place attackers can seize and ahead authentication materials to realize unauthorized entry,” Walters added. “It may well simply change into half of a bigger marketing campaign, shifting from phishing to SMB relay, credential theft, lateral motion, and finally information exfiltration.”
The CVE with the very best CVSS rating for this month, however not listed within the Launch Notes, is CVE-2025-54914 (CVSS rating: 10.0), a crucial flaw impacting Azure Networking that would end in privilege escalation. It requires no buyer motion, provided that it is a cloud-related vulnerability.
Two different shortcomings that advantage consideration embody a distant code execution flaw in Microsoft Excessive Efficiency Compute (HPC) Pack (CVE-2025-55232, CVSS rating: 9.8) and an elevation of privilege difficulty affecting Home windows NTLM (CVE-2025-54918, CVSS rating: 8.8) that would enable an attacker to realize SYSTEM privileges.
“From Microsoft’s restricted description, it seems that if an attacker is ready to ship specifically crafted packets over the community to the goal gadget, they’d have the flexibility to realize SYSTEM-level privileges on the goal machine,” Kev Breen, senior director of menace analysis at Immersive, stated.
“The patch notes for this vulnerability state that ‘Improper authentication in Home windows NTLM permits a certified attacker to raise privileges over a community,’ suggesting an attacker could already must have entry to the NTLM hash or the consumer’s credentials.”
Lastly, the replace additionally remediates a security flaw (CVE-2024-21907, CVSS rating: 7.5) in Newtonsoft.Json, a third-party element utilized in SQL Server, that might be exploited to set off a denial-of-service situation, in addition to two privilege escalation vulnerabilities in Home windows BitLocker (CVE-2025-54911, CVSS rating: 7.3, and CVE-2025-54912, CVSS rating: 7.8).
Microsoft’s Hussein Alrubaye has been credited with discovering and reporting each the BitLocker flaws. The 2 defects add to 4 different vulnerabilities within the full-disk encryption characteristic (collectively known as BitUnlocker) that had been patched by Microsoft in July 2025 –
- CVE-2025-48003 (CVSS rating: 6.8) – BitLocker Safety Characteristic Bypass Vulnerability through WinRE Apps Scheduled Operation
- CVE-2025-48800 (CVSS rating: 6.8) – BitLocker Safety Characteristic Bypass Vulnerability by Concentrating on ReAgent.xml Parsing
- CVE-2025-48804 (CVSS rating: 6.8) – BitLocker Safety Characteristic Bypass Vulnerability by Concentrating on Boot.sdi Parsing
- CVE-2025-48818 (CVSS rating: 6.8) – BitLocker Safety Characteristic Bypass Vulnerability by Concentrating on Boot Configuration Data (BCD) Parsing
Profitable exploitation of any of the above 4 flaws may enable an attacker with bodily entry to the goal to bypass BitLocker protections and achieve entry to encrypted information.
“To additional improve the security of BitLocker, we suggest enabling TPM+PIN for pre-boot authentication,” Safety Testing and Offensive Analysis at Microsoft (STORM) researchers Netanel Ben Simon and Alon Leviev stated in a report final month. “This considerably reduces the BitLocker assault surfaces by limiting publicity to solely the TPM.”
“To mitigate BitLocker downgrade assaults, we advise enabling the REVISE mitigation. This mechanism enforces safe versioning throughout crucial boot elements, stopping downgrades that would reintroduce recognized vulnerabilities in BitLocker and Safe Boot.”
The disclosure comes as Purple Crew detailed a brand new lateral motion method dubbed BitLockMove that includes the distant manipulation of BitLocker registry keys through Home windows Administration Instrumentation (WMI) to hijack particular COM objects of BitLocker.
BitLockMove, developed by security researcher Fabian Mosch, works by initiating a distant connection to the goal host via WMI and copying a malicious DLL to the goal over SMB. Within the subsequent part, the attacker writes a brand new registry key that specifies the DLL path, in the end inflicting BitLocker to load the copied DLL by hijacking its COM objects.
“The aim of the BitLocker COM Hijacking is to execute code underneath the context of the interactive consumer on a goal host,” Purple Crew stated. “Within the occasion that the interactive consumer has extreme privileges (i.e., area administrator), this might additionally result in area escalation.”
Software program Patches from Different Distributors
Along with Microsoft, security updates have additionally been launched by different distributors over the previous a number of weeks to rectify a number of vulnerabilities, together with —
- Adobe
- Arm
- Broadcom (together with VMware)
- Cisco
- Commvault
- Dell
- Drupal
- F5
- Fortra
- FUJIFILM
- Gigabyte
- GitLab
- Google Android and Pixel
- Google Chrome
- Google Cloud
- Google Put on OS
- Fortinet
- Hikvision
- Hitachi Vitality
- HP
- HP Enterprise (together with Aruba Networking)
- IBM
- Ivanti
- Jenkins
- Juniper Networks
- Lenovo
- Linux distributions AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Crimson Hat, Rocky Linux, SUSE, and Ubuntu
- MediaTek
- Mitsubishi Electrical
- Moxa
- Mozilla Firefox, Firefox ESR, and Thunderbird
- NVIDIA
- QNAP
- Qualcomm
- Rockwell Automation
- Salesforce
- Samsung
- SAP
- Schneider Electrical
- Siemens
- Sitecore
- Sophos
- Spring Framework
- Supermicro
- Synology
- TP-Hyperlink, and
- Zoom
