10. September 2025
Microsoft hat am Patch Tuesday im September 2025 insgesamt 81 Sicherheitslücken in verschiedenen Produkten behoben. Darunter befinden sich zwei Zero-Day-Schwachstellen, die bereits öffentlich bekannt waren und aktiv ausgenutzt wurden. Zehn der Schwachstellen stuft Microsoft als „kritisch“ ein, die übrigen 71 als „wichtig“.
Die Updates betreffen eine breite Palette von Produkten, darunter Windows, Microsoft Office, Azure, SQL Server und Windows Defender. Im Detail entfallen die Schwachstellen auf folgende Kategorien:
-
41 Rechteerweiterungen
-
2 Umgehungen von Sicherheitsfunktionen
-
22 Remote-Code-Ausführungen
-
16 Informationslecks
-
3 Denial-of-Service-Schwachstellen
-
1 Spoofing-Angriff
Zwei Zero-Day-Schwachstellen geschlossen
Besonders im Fokus stehen zwei Schwachstellen, die bereits vor Veröffentlichung der Patches bekannt waren:
-
CVE-2025-55234 (Windows SMB Server) – Eine Rechteerweiterungslücke, die durch Relay-Angriffe ausgenutzt werden kann. Microsoft empfiehlt die Aktivierung von SMB Server Signing und Extended Protection for Authentication, weist jedoch auf mögliche Kompatibilitätsprobleme mit älteren Systemen hin.
-
CVE-2024-21907 (Newtonsoft.Json in SQL Server) – Eine Schwachstelle in der JSON-Bibliothek, die durch fehlerhafte Ausnahmebehandlung zu einem Denial-of-Service führen kann. Sie wurde durch ein Update in SQL Server geschlossen.
Weitere kritische Schwachstellen
Neben den Zero-Day-Lücken behebt Microsoft zehn weitere kritische Fehler. Mehrere davon betreffen Race-Conditions im Windows Graphics Kernel (CVE-2025-55226, CVE-2025-55228, CVE-2025-55236), die eine Remote-Code-Ausführung ermöglichen. Auch in Microsoft Office (CVE-2025-54910) und Windows Hyper-V (CVE-2025-55224) wurden kritische Lücken geschlossen.
Eine weitere schwerwiegende Schwachstelle betrifft NTLM (CVE-2025-54918), die Angreifern eine unrechtmäßige Rechteausweitung über das Netzwerk ermöglichen könnte.
Breiter Umfang der Patches
Die große Zahl an als „wichtig“ eingestuften Schwachstellen betrifft zahlreiche Produkte – von Excel und SharePoint über den Windows-Kernel bis hin zu PowerShell. Insgesamt unterstreicht die September-Veröffentlichung den hohen Stellenwert des Patch Tuesday für die Sicherheit im Microsoft-Ökosystem.
| CVE | Vulnerability Details | Actively Exploited | Type | Severity |
|---|---|---|---|---|
| Critical Vulnerabilities | ||||
| CVE-2025-54918 | Improper authentication in Windows NTLM allows for network-based privilege elevation. | No | Elevation of Privilege | Critical |
| CVE-2025-55226 | A race condition in the Graphics Kernel can be exploited for local code execution. | No | Remote Code Execution | Critical |
| CVE-2025-55228 | A race condition in the Windows Graphics Component allows local code execution. | No | Remote Code Execution | Critical |
| CVE-2025-55236 | A race condition in the Graphics Kernel could lead to local code execution. | No | Remote Code Execution | Critical |
| CVE-2025-53799 | Use of an uninitialized resource in the Windows Imaging Component leads to information disclosure. | No | Information Disclosure | Critical |
| CVE-2025-53800 | A flaw in the Microsoft Graphics Component can be used for local privilege elevation. | No | Elevation of Privilege | Critical |
| CVE-2025-54910 | A heap-based buffer overflow in Microsoft Office allows for local remote code execution. | No | Remote Code Execution | Critical |
| CVE-2025-55224 | A race condition in Windows Hyper-V can be used for local code execution. | No | Remote Code Execution | Critical |
| Important Vulnerabilities | ||||
| CVE-2024-21907 | A flaw in Newtonsoft.Json used by SQL Server can lead to a denial-of-service condition. | No | Denial of Service | Important |
| CVE-2025-49734 | A flaw in PowerShell Direct allows for local privilege escalation. | No | Elevation of Privilege | Important |
| CVE-2025-53797 | A buffer over-read in RRAS allows for information disclosure over a network. | No | Information Disclosure | Important |
| CVE-2025-53798 | A buffer over-read in RRAS allows for information disclosure over a network. | No | Information Disclosure | Important |
| CVE-2025-54095 | An out-of-bounds read in RRAS allows for network-based information disclosure. | No | Information Disclosure | Important |
| CVE-2025-54096 | An out-of-bounds read in RRAS allows for network-based information disclosure. | No | Information Disclosure | Important |
| CVE-2025-54097 | An out-of-bounds read in RRAS allows for network-based information disclosure. | No | Information Disclosure | Important |
| CVE-2025-54099 | A stack-based buffer overflow in the Ancillary Function Driver for WinSock allows privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54101 | A use-after-free flaw in the Windows SMBv3 Client allows for remote code execution. | No | Remote Code Execution | Important |
| CVE-2025-54102 | A use-after-free flaw in the Connected Devices Platform Service can be used for privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54106 | An integer overflow in RRAS could allow an attacker to execute code over the network. | No | Remote Code Execution | Important |
| CVE-2025-54110 | An integer overflow in the Windows Kernel can be used for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54111 | A use-after-free flaw in Windows UI XAML allows for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54894 | A vulnerability in the Local Security Authority Subsystem Service leads to privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54895 | An integer overflow in SPNEGO NEGOEX allows for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54896 | A use-after-free vulnerability in Microsoft Excel allows for local code execution. | No | Remote Code Execution | Important |
| CVE-2025-54897 | Deserialization of untrusted data in SharePoint can lead to remote code execution. | No | Remote Code Execution | Important |
| CVE-2025-54898 | An out-of-bounds read in Microsoft Excel can be used for local code execution. | No | Remote Code Execution | Important |
| CVE-2025-54899 | Freeing memory not on the heap in Microsoft Excel can lead to local code execution. | No | Remote Code Execution | Important |
| CVE-2025-54902 | An out-of-bounds read in Microsoft Excel allows for local code execution. | No | Remote Code Execution | Important |
| CVE-2025-54903 | A use-after-free vulnerability in Microsoft Excel allows for local code execution. | No | Remote Code Execution | Important |
| CVE-2025-54904 | A use-after-free vulnerability in Microsoft Excel allows for local code execution. | No | Remote Code Execution | Important |
| CVE-2025-54905 | An untrusted pointer dereference in Microsoft Word can lead to information disclosure. | No | Information Disclosure | Important |
| CVE-2025-54906 | Freeing memory not on the heap in Microsoft Office can lead to local code execution. | No | Remote Code Execution | Important |
| CVE-2025-54907 | A heap-based buffer overflow in Microsoft Visio allows for local code execution. | No | Remote Code Execution | Important |
| CVE-2025-54908 | A use-after-free vulnerability in Microsoft PowerPoint allows for local code execution. | No | Remote Code Execution | Important |
| CVE-2025-54913 | A race condition in Windows UI XAML Maps can be used for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54916 | A stack-based buffer overflow in Windows NTFS allows for local code execution. | No | Remote Code Execution | Important |
| CVE-2025-54919 | A race condition in the Windows Graphics Component leads to local code execution. | No | Remote Code Execution | Important |
| CVE-2025-55223 | A race condition in the DirectX Graphics Kernel allows for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-55225 | An out-of-bounds read in RRAS allows for network-based information disclosure. | No | Information Disclosure | Important |
| CVE-2025-55232 | Deserialization of untrusted data in HPC Pack can lead to remote code execution. | No | Remote Code Execution | Important |
| CVE-2025-55245 | Improper link resolution in Xbox Gaming Services can lead to local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-55243 | Exposure of sensitive information in Microsoft OfficePlus can lead to spoofing. | No | Spoofing | Important |
| CVE-2025-55316 | External control of a file name or path in Azure Arc allows for privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-55317 | Improper link resolution in Microsoft AutoUpdate can be used for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-49692 | Improper access control in the Azure Connected Machine Agent allows local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-47997 | A race condition in SQL Server can lead to network-based information disclosure. | No | Information Disclosure | Important |
| CVE-2025-53796 | A buffer over-read in RRAS allows for information disclosure over a network. | No | Information Disclosure | Important |
| CVE-2025-53801 | An untrusted pointer dereference in the DWM Core Library can lead to local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-53802 | A use-after-free flaw in the Windows Bluetooth Service can be used for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-53803 | An error message in the Windows Kernel could disclose sensitive information locally. | No | Information Disclosure | Important |
| CVE-2025-53804 | Exposure of sensitive information in a Windows Kernel-Mode Driver can lead to local information disclosure. | No | Information Disclosure | Important |
| CVE-2025-53805 | An out-of-bounds read in HTTP.sys can lead to a denial of service. | No | Denial of Service | Important |
| CVE-2025-53806 | A buffer over-read in RRAS allows for information disclosure over a network. | No | Information Disclosure | Important |
| CVE-2025-53807 | A race condition in the Microsoft Graphics Component allows for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-53808 | A type confusion flaw in the Windows Defender Firewall Service can lead to local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-53809 | Improper input validation in LSASS can lead to a denial of service. | No | Denial of Service | Important |
| CVE-2025-53810 | A type confusion flaw in the Windows Defender Firewall Service can lead to local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54091 | An integer overflow in Windows Hyper-V can be used for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54092 | A race condition in Windows Hyper-V can be used for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54093 | A race condition in the Windows TCP/IP Driver allows for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54094 | A type confusion flaw in the Windows Defender Firewall Service can lead to local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54098 | Improper access control in Windows Hyper-V can be used for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54103 | A use-after-free flaw in Windows Management Service can be used for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54104 | A type confusion flaw in the Windows Defender Firewall Service can lead to local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54105 | A race condition in the Brokering File System can be used for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54107 | Improper path resolution in MapUrlToZone can lead to a security feature bypass. | No | Security Feature Bypass | Important |
| CVE-2025-54108 | A race condition in the Capability Access Management Service allows for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54109 | A type confusion flaw in the Windows Defender Firewall Service can lead to local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54112 | A use-after-free flaw in Microsoft Virtual Hard Disk can be used for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54113 | A heap-based buffer overflow in RRAS allows for remote code execution. | No | Remote Code Execution | Important |
| CVE-2025-54114 | A race condition in the Connected Devices Platform Service can lead to a denial of service. | No | Denial of Service | Important |
| CVE-2025-54115 | A race condition in Windows Hyper-V can be used for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54116 | Improper access control in Windows MultiPoint Services allows for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54900 | A heap-based buffer overflow in Microsoft Excel allows for local code execution. | No | Remote Code Execution | Important |
| CVE-2025-54901 | A buffer over-read in Microsoft Excel can lead to local information disclosure. | No | Information Disclosure | Important |
| CVE-2025-54911 | A use-after-free flaw in Windows BitLocker can be used for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54912 | A use-after-free flaw in Windows BitLocker can be used for local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54915 | A type confusion flaw in the Windows Defender Firewall Service can lead to local privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-54917 | A protection mechanism failure in MapUrlToZone can lead to a security feature bypass. | No | Security Feature Bypass | Important |
| CVE-2025-55227 | A command injection vulnerability in SQL Server allows for network-based privilege elevation. | No | Elevation of Privilege | Important |
| CVE-2025-55234 | A flaw in Windows SMB could allow an attacker to perform relay attacks, leading to privilege elevation. | No | Elevation of Privilege | Important |
Außerdem:
Cisco hat Patches für WebEx, Cisco ASA und andere Produkte veröffentlicht.
Entdecken Sie mehr
Bild/Quelle: https://depositphotos.com/de/home.html
Fachartikel
Anwendungsmodernisierung mit KI-Agenten: Erwartungen versus Realität in 2026
Von NGINX Ingress zur Gateway API: Airlock Microgateway als Sicherheitsupgrade für Kubernetes
Nosey Parker: CLI-Werkzeug spürt sensible Informationen in Textdaten und Code-Repositories auf
Cyberkriminelle nutzen Google Tasks für großangelegte Phishing-Angriffe
KI-gestütztes Penetrationstest-Framework NeuroSploit v2 vorgestellt
Studien
![Featured image for “Phishing-Studie deckt auf: [EXTERN]-Markierung schützt Klinikpersonal kaum”](https://www.all-about-security.de/wp-content/uploads/2025/12/phishing-4.jpg)
Phishing-Studie deckt auf: [EXTERN]-Markierung schützt Klinikpersonal kaum
Gartner-Umfrage: Mehrheit der nicht geschäftsführenden Direktoren zweifelt am wirtschaftlichen Wert von Cybersicherheit
49 Prozent der IT-Verantwortlichen in Sicherheitsirrtum
Deutschland im Glasfaserausbau international abgehängt
NIS2 kommt – Proliance-Studie zeigt die Lage im Mittelstand
Whitepaper
NIS2-Richtlinie im Gesundheitswesen: Praxisleitfaden für die Geschäftsführung
Datenschutzkonformer KI-Einsatz in Bundesbehörden: Neue Handreichung gibt Orientierung
NIST aktualisiert Publikationsreihe zur Verbindung von Cybersecurity und Enterprise Risk Management
State of Cloud Security Report 2025: Cloud-Angriffsfläche wächst schnell durch KI
BITMi zum Gutachten zum Datenzugriff von US-Behörden: EU-Unternehmen als Schlüssel zur Datensouveränität
Hamsterrad-Rebell
Platform Security: Warum ERP-Systeme besondere Sicherheitsmaßnahmen erfordern
Daten in eigener Hand: Europas Souveränität im Fokus
Sicherer Remote-Zugriff (SRA) für Operational Technology (OT) und industrielle Steuerungs- und Produktionssysteme (ICS)
Identity und Access Management (IAM) im Zeitalter der KI-Agenten: Sichere Integration von KI in Unternehmenssysteme
