Security Update Review for Microsoft and Adobe's September 2025 Patch Tuesday, detailingfixes for various vulnerabilities in their software systems
In the tech world, September 2025 was a significant month as both Microsoft and Adobe released updates to address numerous vulnerabilities in their products.
Microsoft's September Patch Tuesday addressed 86 vulnerabilities, including nine critical and 72 important severity vulnerabilities. The affected products ranged from Azure Windows Virtual Machine Agent to Microsoft 365 (Chromium-based), Windows Routing and Remote Access Service (RRAS), and more.
Two zero-day vulnerabilities were addressed in this month's updates. CVE-2025-54910, a Microsoft Office Remote Code Execution Vulnerability, and CVE-2025-54918, a Windows NTLM Elevation of Privilege Vulnerability, were both fixed.
Other vulnerabilities highlighted include CVE-2025-54110 (Windows Kernel Elevation of Privilege), CVE-2025-54916 (Windows NTFS Remote Code Execution), CVE-2025-53800 (Windows Graphics Component Elevation of Privilege), CVE-2025-53803 (Windows Kernel Memory Information Disclosure), CVE-2025-53804 (Windows Kernel-Mode Driver Information Disclosure), CVE-2025-54093 (Windows TCP/IP Driver Elevation of Privilege), and CVE-2025-54098 (Windows Hyper-V Elevation of Privilege).
Microsoft recommends applying the latest security updates promptly while using compensatory measures such as disabling or avoiding the use of deprecated protocols like SMBv1, which is affected by recent patches causing connectivity issues. For critical vulnerabilities, Microsoft advises implementing workarounds detailed in their security update guides and maintaining updated antivirus and endpoint protections.
Adobe also released nine security advisories to address 22 vulnerabilities in various Adobe products, with 12 of these vulnerabilities given critical severity ratings.
To help customers manage these updates, Qualys introduced Agent Sara, an AI agent engineered to automate the entire Patch Tuesday risk elimination lifecycle. Qualys also hosts a monthly webinar series to help customers leverage the integration between Qualys Vulnerability Management Detection Response (VMDR) and Qualys Patch Management.
Moreover, Qualys has created mitigations for 18 vulnerabilities, including CVE-2025-54114, CVE-2025-54102, CVE-2025-54095, and more. The company also hosts a webinar titled "This Month in Vulnerabilities & Patches" to discuss high-impact vulnerabilities and necessary steps to address them using Qualys VMDR and Qualys Patch Management.
For those interested in tracking the impact of these vulnerabilities, the following QQL query can be used:
TruRisku2122 Eliminate enables security teams to apply mitigation controls that immediately lower exposure and reduce the Qualys Detection Score (QDS).
As we look forward, the next Patch Tuesday falls on October 14, and Qualys will be back with details and patch analysis. Stay tuned for more updates!
Read also:
- Linde Wins Major Engineering Design Contract for Equinor's Low Carbon Hydrogen Project at H2H Saltend, Progressing Towards a Greener Future
- Stock markets in Asia experience a surge following a record-breaking rally in U.S. stocks, fueled by optimism towards potential interest rate reductions.
- Dazzling Accomplishment: Constructing a £5m Venture by Age 25
- Transportation via roads plays a critical role in India's shift towards clean energy.
