On Tuesday, Microsoft addressed a set of 80 security flaws in the software, including one vulnerability revealed to be public at the time of release.
Of the 80 vulnerabilities, eight are rated as important and 72 are rated as important in severity. There are no drawbacks that are not exploited as zero-days in the wild. As in last month, 38 of the defects disclosed are related to privilege escalation, followed by remote code execution (22), disclosure (14), and denial of service (3).
“In the third time this year, Microsoft patched a higher privilege vulnerability than a flaw in remote code execution,” said Satnam Narang, Senior Staff Research Engineer at Tenable. “Nearly 50% (47.5%) of all bugs this month are privilege escalation vulnerabilities.”
The patch will be added to 12 vulnerabilities addressed in Microsoft’s chrome-based edge browser since the release of the patch Tuesday update in August 2025.
A vulnerability flagged as commonly known is CVE-2025-55234 (CVSS score: 8.8), for privilege escalation in Windows SMB.
“SMB servers can be more likely to relay attacks depending on your configuration,” Microsoft said. “Attackers who successfully exploit these vulnerabilities can run relay attacks and impose high privileged attacks on users.”
According to Windows Maker, this update will allow support for SMB client compatibility for SMB server signing and auditing of SMB server EPAs, allowing customers to assess the environment and detect potential device or software incompatibility issues before deploying appropriate cure measurements.
“The key point from the advisory on CVE-2025-55234 is that, with the exception of the well-known attack surface description of SMB authentication, this is one time when simply applying a patch is not enough. In fact, patching is that SMB servers provide administrators with more audit options for interaction with clients that do not support rapid engineers.
Action’s president and co-founder Mike Walters said the vulnerability stems from the fact that SMB hardening countermeasures can establish an SMB session without adequately verifying the authentication context, such as signing the authentication and extending protection for authentication.
“This gap opens the door to an interim relay attack where attackers can capture and forward authentication material to gain unauthorized access,” Walters added. “It can become part of a massive campaign that moves from phishing to SMB relays, qualification theft, lateral movements and ultimately data removal.”
The CVE with the highest CVSS score this month is CVE-2025-54914 (CVSS score: 10.0). It is a cloud-related vulnerability, so no customer action is required.
Two other drawbacks worthy of attention include the defect in remote code execution of the Microsoft High Performance Compute (HPC) Pack (CVE-2025-55232, CVSS score: 9.8) and the height of privilege issues affecting Windows NTLM (CVE-2025-54918, CVSS score: 8.8).
“From Microsoft’s limited explanation, if an attacker can send packets specifically created to a target device on the network, it will allow the target machine to gain system-level privileges,” says Kev Breen, senior director of threat research at Immersive.
“The patch for this vulnerability states that “improper authentication in Windows NTLM allows authorized attackers to increase network privileges.” This suggests that the attacker already needs to access the NTLM hash or the user’s credentials. ”
Finally, this update also fixes security flaws (CVE-2024-21907, CVSS score: 7.5) in Newtonsoft.json, a third-party component used by SQL servers. 7.3, and CVE-2025-54912, CVSS score: 7.8).
It is believed that Microsoft’s Hussein Alrubaye has discovered and reported defects in both Bitlocker. Two flaws will be added to the other four vulnerabilities (collectively referred to as Bitunlocker) in the full disk encryption feature patched by Microsoft in July 2025 –
CVE-2025-48003 (CVSS score: 6.8) – Bypass vulnerability by bitlocker security feature Winre app CVE-2025-48800 (CVSS score: 6.8) – Bypass vulnerability targeting the bitlocker security feature bypass vulnerability boot.sdi parsingcve-2025-48818 (CVSS score: 6.8)
By successfully completing any of the four flaws above, attackers with physical access to the target can bypass bitlocker protection and access encrypted data.
“To further enhance BitLocker security, we recommend enabling TPM+PIN for pre-boot authentication,” Microsoft (Storm) researchers Netanel Ben Simon and Alon Levieviv said in a report last month. “This significantly reduces the bitlocker attack surface by limiting exposure to TPM alone.”
“We recommend enabling fix mitigation to mitigate BitLocker downgrade attacks. This mechanism forces a safe version of the entire critical boot component and prevents downgrades that can reintroduce known vulnerabilities in BitLocker and secure boot.”
This disclosure occurs when a purple team details a new lateral movement technique called BitLockMove, which involves remote manipulation of a BitLocker registry key via Windows Management Instrumentation (WMI), and details hijacking a specific COM object in BitLocker.
Developed by security researcher Fabian Mosch, BitLockMove works by initiating a remote connection to the target host via WMI and copying malicious DLLs to the target via SMB. In the next step, the attacker writes a new registry key specifying the DLL path, and eventually loads the copied DLL by BitLocker hijacking the COM object.
“The purpose of BitLocker Com Hijacking is to run code in the context of the interactive user on the target host,” Purple Team said. “If interactive users have excessive privileges (i.e. domain administrators), this can lead to domain escalation.”
Software patches from other vendors
In addition to Microsoft, security updates have also been released by other vendors over the past few weeks, rectifying some vulnerabilities.
Adobe Arm Broadcom (including VMware) Cisco Commvault Dell Drupal F5 Fortra Fujifilm Gigabyte Gitlab Google Android and Pixel Google Chrome Google Cloud Wear OS HikVision Hp Enterprise (including Aruba Networking) Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Red Hat, Rocky Linux, Suse, and Ubuntu Mediatek Mitsubishi Electric Moxa Mozilla Firefox, Firefox ESR, and Thunderbird Nvidia Qnap Qualcomm Rockwell Autolicas Surmensider Shisemendemen TP-Link, and Zoom
Source link
