“`html

Microsoft Corp. today released security patches to address over 80 vulnerabilities in its Windows operating systems and applications. There are no identified “zero-day” or actively targeted vulnerabilities in this month’s update from Redmond, which nonetheless features fixes for 13 flaws that received Microsoft’s most severe “critical” designation. Concurrently, both Apple and Google have recently launched updates to resolve zero-day issues in their devices.

Microsoft categorizes security vulnerabilities as “critical” when malicious software or bad actors can exploit them to gain remote access to a Windows system with minimal or no user intervention. Among the more alarming critical vulnerabilities resolved this month is CVE-2025-54918. This issue pertains to Windows NTLM, or NT LAN Manager, a set of protocols for managing authentication in a Windows network environment.

Redmond classifies this flaw as “Exploitation More Likely,” and although it is marked as a privilege escalation vulnerability, Kev Breen at Immersive indicates that this particular flaw is indeed exploitable over the network or Internet.

“From Microsoft’s brief account, it seems that if an assailant can dispatch specially crafted packets over the network to the target device, they would have the potential to acquire SYSTEM-level privileges on that machine,” Breen stated. “The patch details for this vulnerability indicate that ‘Improper authentication in Windows NTLM permits an authorized attacker to escalate privileges over a network,’ implying that an attacker may already need to possess access to the NTLM hash or user credentials.”

Breen also mentioned another patch — CVE-2025-55234, a flaw scoring 8.8 on the CVSS that impacts the Windows SMB client for file sharing over a network — which is similarly labeled as a privilege escalation bug but is also remotely exploitable. This vulnerability was publicly reported before this month.

“Microsoft asserts that an attacker with network access could execute a replay attack against a targeted host, potentially allowing the attacker to obtain additional privileges that may enable code execution,” Breen remarked.

CVE-2025-54916 is an “important” vulnerability in Windows NTFS — the standard filesystem for all contemporary versions of Windows — that can lead to remote code execution. Microsoft also believes that exploitation of this flaw is likely to occur soon: The last time Microsoft addressed an NTFS vulnerability was in March 2025, and it was already being exploited in the wild as a zero-day.

“While the designation of the CVE indicates ‘Remote Code Execution,’ this exploit cannot be remotely exploited over the network, but instead requires an attacker to either execute code on the host or persuade a user to run a file that triggers the exploit,” Breen clarified. “This scenario is commonly seen in social engineering attacks, where a user receives a file to open as an attachment or a link to download and execute a file.”

Critical and remote code execution flaws often capture significant attention, but Tenable Senior Staff Research Engineer Satnam Narang points out that nearly half of all vulnerabilities addressed by Microsoft this month are privilege escalation issues that necessitate an attacker to have previously gained access to a target system before attempting to raise privileges.

“For the third instance this year, Microsoft has patched more elevation of privilege vulnerabilities than remote code execution flaws,” Narang noted.

On Sept. 3, Google rectified two flaws recognized as being exploited in zero-day attacks, including CVE-2025-38352, an elevation of privilege within the Android kernel, and CVE-2025-48543, also an elevation of privilege issue in the Android Runtime component.

Additionally, Apple has recently fixed its seventh zero-day (CVE-2025-43300) of the year. This vulnerability was part of an exploit chain used alongside a vulnerability in the WhatsApp (CVE-2025-55177) instant messenger to compromise Apple devices. Amnesty International reports that the two zero-days have been leveraged in “an advanced spyware campaign” over the previous 90 days. The issue has been resolved in iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.

The SANS Internet Storm Center provides a clickable summary of each individual fix from Microsoft, organized by severity and CVSS rating. Enterprise Windows administrators involved in evaluating patches prior to deployment should monitor askwoody.com, which frequently offers insights on problematic updates.

AskWoody also reminds us that we are now merely two months away from Microsoft ceasing free security updates for Windows 10 systems. For those keen to safely prolong the lifespan and utility of these older devices, check out last month’s Patch Tuesday coverage for some tips.

As always, please remember to back up your data (if not your complete system) at regular intervals, and do not hesitate to comment if you encounter issues while installing any of these updates.

“`