Security Update Review for Microsoft and Adobe's September 2025 Patch Tuesday
In the latest Patch Tuesday update, technology giants Microsoft and Qualys have addressed numerous security vulnerabilities across various software and platforms.
Microsoft's September Patch Tuesday
Microsoft's September Patch Tuesday addressed a total of 86 vulnerabilities, four of which were critical in Microsoft Edge. Notably, the critical CVE-2025-10585 was fixed to address significant security risks in the browser. Additionally, the update resolved other issues such as a transparent overlay in the IE mode address bar, thereby improving the browser's security and stability.
Two zero-day vulnerabilities were also addressed in this month's update. Among these, CVE-2025-55228 is a Windows Graphics Component Remote Code Execution Vulnerability, while CVE-2025-55234 is a Windows SMB Elevation of Privilege Vulnerability.
Microsoft has also fixed a previously known vulnerability in Newtonsoft.Json (CVE-2024-21907). Four vulnerabilities were addressed in Microsoft Edge (Chromium-based), and updates were provided for vulnerabilities in Windows Hyper-V, SQL Server, Windows Kernel, Windows NTLM, Windows PowerShell, Windows TCP/IP, Windows NTFS, and more.
Critical Vulnerabilities and Qualys Mitigations
Qualys has introduced mitigations for 18 critical and 72 important severity vulnerabilities. These include CVE-2025-54110, an elevation of privilege vulnerability in the Windows Kernel, CVE-2025-54916, a remote code execution vulnerability in Windows NTFS, and CVE-2025-54098, an elevation of privilege vulnerability in Windows Hyper-V.
Adobe's September Updates
Adobe has released 9 security advisories to address 22 vulnerabilities in various Adobe products.
Automating Patch Tuesday Risk Elimination
Agent Sara, a powerful Agentic AI agent, has been introduced to automate the entire Patch Tuesday risk elimination lifecycle. Qualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledgebase (KB).
The Qualys Research team hosts a monthly webinar series to help customers leverage the integration between Qualys Vulnerability Management Detection Response (VMDR) and Qualys Patch Management.
Notable Vulnerabilities
- CVE-2025-53800 is a Windows Graphics Component Elevation of Privilege Vulnerability.
- CVE-2025-53799 is a Windows Imaging Component Information Disclosure Vulnerability.
- CVE-2025-53803 is an information disclosure vulnerability in Windows Kernel Memory.
- CVE-2025-53804 is an information disclosure vulnerability in the Windows Kernel-Mode Driver.
- CVE-2025-54918 is a Windows NTLM Elevation of Privilege Vulnerability.
- CVE-2025-55226 is a Graphics Kernel Remote Code Execution Vulnerability.
- CVE-2025-55236 is a DirectX Graphics Kernel Remote Code Execution Vulnerability.
- CVE-2025-54093 is an elevation of privilege vulnerability in the Windows TCP/IP Driver.
As always, it is crucial to keep software updated to protect against potential security risks. Stay safe and secure!
Read also:
- Exploring Harry Potter's Lineage: Decoding the Enigma of His Half-Blood Ancestry
- Elon Musk Acquires 26,400 Megawatt Gas Turbines for Powering His AI Project, Overlooks Necessary Permits for Operation!
- U Power's strategic collaborator UNEX EV has inked a Letter of Intent with Didi Mobility to deploy UOTTA(TM) battery-swapping electric vehicles in Mexico.
- Global Gaming Company, LINEUP Games, Moves Into Extensive Global Web3 Multi-Platform Gaming Network
