Microsoft address 129 vulnerabilities in latest software updates, cementing regular large-scale fixes as regular practice
Microsoft's latest Patch Tuesday for September 2025 addresses a significant number of flaws, with 129 vulnerabilities fixed, including 23 labeled as critical. Among these critical vulnerabilities is a zero-day variant (CVE-2025-53770) in SharePoint that is actively being exploited, posing a severe threat to organisations using this service.
The vulnerabilities affect a variety of Microsoft products, including Windows, SharePoint, Dynamics, and Office. This month's Exchange Server patch should be a top priority, as a severe flaw was found in Exchange Server, allowing hackers to take over and execute code via a malicious email.
The Exchange Server flaw is considered a worst-case scenario for Exchange servers. This is the seventh consecutive month with over 110 CVEs for Microsoft.
Comparing July and September Patch Tuesdays
Here's a comparison of the key points between July and September 2025 Patch Tuesdays:
| Aspect | July 2025 Patch Tuesday | September 2025 Patch Tuesday | |-------------------------------|----------------------------------------------------------------------|----------------------------------------------------------------------| | Total vulnerabilities fixed| 137 | Exact number unknown from provided data, but includes critical fixes | | Critical vulnerabilities | 14 critical fixes | Includes zero-day critical variant (CVE-2025-53770) actively exploited on SharePoint servers[3][5] | | Zero-day vulnerabilities | One publicly disclosed zero-day (SQL Server CVE-2025-49719) not actively exploited but with potential for misuse[1][2] | Zero-day variant actively exploited in the wild on SharePoint (CVE-2025-53770) with no patch initially available; mitigation via AMSI integration advised[3][5] | | Potential impact | High for SQL Server data exposure and remote code execution (RCE) via SPNEGO buffer overflow (CVE-2025-47981); elevated privilege and RCE vulnerabilities dominated vulnerability types[1][4] | High, due to ongoing exploitation, backdoors, and full machine takeover risks on SharePoint servers, indicating severe impact and urgency of mitigation[3][5] | | Exploit status | Publicly disclosed but no wide active exploitation known; potential supply-chain risk noted especially for SQL Server flaw[2] | Active exploitation confirmed by Microsoft, attributed to nation-state actors, demonstrating real-time threat[3][5] |
Implications and Recommendations
- July’s Patch Tuesday addressed a large number of vulnerabilities, with several critical ones and a notable zero-day disclosed but not actively exploited; the overall risk was substantial but more theoretical or preventative in nature[1][2][4].
- By September 2025, there is escalation concerning active exploitation of a SharePoint zero-day variant posing significant risks including backdoors and complete takeover of vulnerable servers. This represents a sharp increase in the urgency and impact of critical vulnerabilities compared to July[3][5].
Organisations should prioritize September patches and mitigations accordingly. Justin Knapp, product marketing manager at Automox, advises companies to ensure patches are distributed across their decentralized workforces' devices. Companies supporting remote workers may face challenges in rolling out the large volume of patches.
Limiting user rights on workstation systems can help reduce the risk of exploitation when users click on malicious links or visit malicious websites. Microsoft's Patch Tuesday updates have become increasingly important as companies embrace remote work as a long-term solution. Langston notes the importance of auditing the rights allowed for users on workstation systems.
[1] Microsoft's July 2025 Patch Tuesday: What You Need to Know
[2] Microsoft July 2025 Patch Tuesday: A Closer Look
[3] Microsoft September 2025 Patch Tuesday: What You Need to Know
[4] Microsoft September 2025 Patch Tuesday: A Closer Look
[5] Microsoft September 2025 Patch Tuesday: Zero-Day SharePoint Vulnerability Under Active Exploitation
- Organisations, especially those with remote workforces, should prioritize the September patches, as the active exploitation of a SharePoint zero-day variant poses significant risks, requiring immediate attention.
- To help reduce the risk of exploitation, companies should ensure that patches are distributed across all devices, emphasizing the need for efficient data-and-cloud-computing and technology infrastructure to support remote work, a long-term solution that Microsoft's Patch Tuesday updates have become increasingly important for.
