Microsoft has released its September 2025 Patch Tuesday security updates, addressing more than 80 vulnerabilities, including two publicly disclosed flaws, one in Windows SMB Server and another in the Newtonsoft.Json library used by Microsoft SQL Server.
The two vulnerabilities in question are:
CVE-2025-55234: A Windows SMB elevation of privilege vulnerability that could allow attackers to perform relay attacks again.
CVE-2024-21907: Denial of Service in Newtonsoft.Json via SQL Server
The issue affects the popular Newtonsoft.Json library, more specifically versions prior to 13.0.1, which is included with Microsoft SQL Server. The flaw, first disclosed in 2024, involves improper handling of exceptional conditions.
In addition to the above-mentioned vulnerabilities, Microsoft has addressed multiple high-severity flaws in Microsoft PowerPoint, Office Visio, Office, Excel, Microsoft High Performance Compute (HPC) Pack, and other software products.