On September 10, 2025, Microsoft rolled out its monthly Patch Tuesday updates, addressing a total of 86 vulnerabilities across its products. Among these, three significant flaws in the Windows kernel have been classified as high-risk, prompting urgent attention from users and system administrators alike.
This month’s updates included corrections for eight vulnerabilities deemed high risk, as well as five non-Microsoft vulnerabilities affecting Chromium-based Edge and SQL Server (notably CVE-2024-21907 in Newtonsoft.Json).
Significant Windows Kernel Vulnerabilities
The most pressing of the vulnerabilities patched is CVE-2025-54110, which carries an 8.8 rating on the CVSS 3.1 scale. This “Elevation of Privilege” flaw has been flagged by Microsoft as having a higher likelihood of exploitation.
CVE-2025-54110 stems from an integer overflow or wraparound issue (CWE-190) within the Windows kernel. If exploited, an attacker with local access could exploit this flaw by sending specially crafted input from a sandboxed user mode process. This could trigger an integer overflow, leading to a buffer overflow in the kernel and allowing for privilege escalation or escape from the sandbox. A successful exploitation could grant the attacker SYSTEM privileges, as noted by Microsoft. The discovery of this vulnerability has been credited to an anonymous researcher on Mastodon.
Additionally, two more vulnerabilities rated at 5.5 have been acknowledged as high-risk. The first, CVE-2025-53804, is characterized as an “Information Disclosure” vulnerability within a Windows kernel-mode driver. Microsoft warns that this flaw might allow disclosure of specific memory addresses within kernel space. This could potentially enable an attacker to carry out further malicious activities as knowledge of kernel memory addresses would be advantageous for exploiting other system weaknesses. The discovery of this vulnerability is attributed to Lewis Lee.
The second of these vulnerabilities, CVE-2025-53803, is credited to Lee alongside three other researchers. This “Information Disclosure” issue could lead to the leak of memory addresses when error messages divulge sensitive information.
Other High-Risk Vulnerabilities Addressed
In addition to the kernel-related issues, the September 2025 Patch Tuesday updates tackled CVE-2025-54918, another high-stakes vulnerability rated 8.8. This one affects Windows NTLM and offers an elevation of privilege that can be exploited remotely and with low complexity. Here, improper authentication within Windows NTLM might permit an authorized attacker to elevate their privileges over a network. This particular flaw was reported by Brian De Houwer of Crimson7.
Moreover, CVE-2025-55234, another severe vulnerability rated at 8.8, pertains to the Windows SMB (Server Message Block) protocol. This elevation of privilege and improper authentication vulnerability suggests that certain configurations may make the SMB server susceptible to relay attacks. Microsoft has advised users to implement hardening measures for SMB Server to mitigate this risk.
Among the other notable vulnerabilities included in this month’s updates are:
- CVE-2025-54916: A 7.8-rated Remote Code Execution vulnerability within Windows NTFS.
- CVE-2025-54098: A 7.8-rated Elevation of Privilege vulnerability involving Windows Hyper-V.
- CVE-2025-54093: A 7.0-rated Elevation of Privilege vulnerability affecting the Windows TCP/IP Driver.
In addition to Microsoft’s updates, various other IT vendors, including Adobe, SAP, and Ivanti, also released critical updates today, highlighting the broad landscape of vulnerabilities being addressed in the industry.
