Service Notices
Microsoft Releases September 2025 Security Updates
Sep 12, 2025 GMT+08:00
I. Overview
Huawei Cloud noticed that Microsoft has released its September 2025 Security Updates. A total of 80 security vulnerabilities have been disclosed, among which 8 are marked as important vulnerabilities. Attackers can leverage these vulnerabilities to execute remote code, escalate privileges, and breach information. The affected applications include components such as Microsoft Windows, Microsoft Office, Hyper-V, and SQL Server.
For details, visit the Microsoft official website:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Sep
The following vulnerabilities require close attention as their details have been disclosed or they have already been exploited by attackers:
Windows SMB privilege escalation vulnerability (CVE-2025-55234): SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The vulnerability has been disclosed, and the risk is high.
8 vulnerabilities (such as CVE-2025-55234, CVE-2025-54918, and CVE-2025-54110) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Office, Hyper-V, SQL Server, and other products.
IV. Vulnerability Details
|
CVE ID |
Vulnerability Name |
Severity |
Vulnerability Description |
|
CVE-2025-54910 |
Microsoft Office Remote Code Execution Vulnerability |
Important |
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. |
|
CVE-2025-55224 |
Windows Hyper-V Remote Code Execution Vulnerability |
Important |
An attacker can send a specially crafted file and induce a victim to open it to trigger the vulnerability. Successful exploitation of this vulnerability allows the attacker to execute arbitrary code locally on the affected system. |
|
CVE-2025-55226 |
Graphics Kernel Remote Code Execution Vulnerability |
Important |
An authenticated attacker can exploit this vulnerability by enticing victims to download and open a specially crafted file from a website through social engineering. Successful exploitation could result in remote code execution on the target system. |
|
CVE-2025-54918 |
Windows NTLM Elevation of Privilege Vulnerability |
Important |
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. |
|
CVE-2025-53799 |
Windows Imaging Component Information Disclosure Vulnerability |
Important |
An attacker can send a specially crafted file and induce a victim to open it to trigger the vulnerability. Successful exploitation of this vulnerability allows the attacker to read a small portion of the heap memory. |
|
CVE-2025-55228 |
Windows Graphics Component Remote Code Execution Vulnerability |
Important |
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. |
|
CVE-2025-55236 |
Graphics Kernel Remote Code Execution Vulnerability |
Important |
Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally. |
|
CVE-2025-53800 |
Windows Graphics Component Elevation of Privilege Vulnerability |
Important |
Incorrect resource initialization in the Microsoft Graphics component allows authorized attackers to escalate privileges locally. |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://msrc.microsoft.com/update-guide
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.