Today is the monthly 'Windows Update' day.
The monthly Windows Update, which delivers security updates and bug fixes for Windows, has been released, and this time it includes updates for 86 vulnerabilities.
September 2025 Security Updates (Monthly) | MSRC Blog | Microsoft Security Response Center
https://msrc.microsoft.com/blog/2025/09/202509-security-update/
September 2025 Security Updates - Release Notes - Security Update Guide - Microsoft
https://msrc.microsoft.com/update-guide/releaseNote/2025-Sep
The September 2025 Microsoft Monthly Security Updates have been released. Updates are automatically applied by default. For organizations that manage updates, we have published an overview on our blog. Please refer to this and deploy updates as soon as possible. https://t.co/wTH2gIqdDc #Security #Updates … pic.twitter.com/MRZJeu5bzF
— Microsoft Security Team (@JSECTEAM) September 9, 2025
The September 2025 security updates are as follows:
| Target products | maximum severity | The biggest impact | Related knowledge base articles or support web pages |
|---|---|---|---|
| Windows 11 v24H2, v23H2 | emergency | Remote code execution possible | v24H2 5065426 v24H2 Hotpatch 5065474 v23H2 5065431 |
| Windows 10 v22H2 | emergency | Remote code execution possible | 5065429 |
| Windows Server 2025 (including Server Core installation) | emergency | Remote code execution possible | 5065426 Hotpatch 5065474 |
| Windows Server 2022, 23H2 (including Server Core installation) | emergency | Remote code execution possible | Windows Server 2022 5065432 Hotpatch 5065306 Windows Server 23H2 5065425 |
| Windows Server 2019, 2016 (including Server Core installation) | emergency | Remote code execution possible | Windows Server 2019 5065428 Windows Server 2016 5065427 |
| Microsoft Office | emergency | Remote code execution possible | https://learn.microsoft.com/officeupdates |
| Microsoft SharePoint | emergency | Remote code execution possible | https://learn.microsoft.com/officeupdates/sharepoint-updates |
| Microsoft SQL Server | important | Privilege Escalation | https://learn.microsoft.com/sql |
| Microsoft Azure | emergency | Remote code execution possible | https://learn.microsoft.com/azure |
Among the vulnerabilities addressed in this update is a remote code execution vulnerability in Microsoft's High Performance Computing (HPC) Pack, CVE-2025-55232, which has a high Shared Vulnerability Assessment System score of 9.8. Because the vulnerability can be exploited without authentication or user interaction, organizations are encouraged to assess the risk and apply the patch as soon as possible.
Additionally, this update removes the DES algorithm from the Kerberos authentication protocol in Windows Server 2025 and Windows 11 version 24H2.
Windows Update is released on the second Tuesday of every month in the US, and the next update is scheduled to be available on Wednesday, October 15, 2025, Japan time.
in Software, Posted by logc_nt