هفته گذشته آپدیت امنیتی سپتامبر 2025 مایکروسافت منتشر و 81 حفره امنیتی از جمله دو آسیب پذیری Zero-day را رفع شد. در این آپدیت، 9 آسیب پذیری حیاتی وصله شده است.
دسته بندی آسیب پذیری ها به شرح زیر است:
• 41 Elevation of Privilege Vulnerabilities
• 2 Security Feature Bypass Vulnerabilities
• 22 Remote Code Execution Vulnerabilities
• 16 Information Disclosure Vulnerabilities
• 3 Denial of Service Vulnerabilities
• 1 Spoofing Vulnerabilities
دو آسیب پذیری Zero-day به صورت عمومی افشا شده
CVE-2025-55234 – Windows SMB Elevation of Privilege Vulnerability
مایکروسافت این آسیب پذیری ارتقا سطح امتیاز در سرور SMB را که در حملات محدودی مورد استفاده قرار گرفته بود را رفع کرده است.
CVE-2024-21907 – VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json
این آسیب پذیری از قبل شناخته شده در Newtonsoft.Json (بخشی از SQL سرور) نیز رفع شده است.
لیست آپدیت امنیتی سپتامبر 2025 مایکروسافت
| Tag | CVE ID | CVE Title | Severity |
| Azure – Networking | CVE-2025-54914 | Azure Networking Elevation of Privilege Vulnerability | Critical |
| Azure Arc | CVE-2025-55316 | Azure Arc Elevation of Privilege Vulnerability | Important |
| Azure Bot Service | CVE-2025-55244 | Azure Bot Service Elevation of Privilege Vulnerability | Critical |
| Azure Entra | CVE-2025-55241 | Azure Entra Elevation of Privilege Vulnerability | Critical |
| Azure Windows Virtual Machine Agent | CVE-2025-49692 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important |
| Capability Access Management Service (camsvc) | CVE-2025-54108 | Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability | Important |
| Dynamics 365 FastTrack Implementation Assets | CVE-2025-55238 | Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability | Critical |
| Graphics Kernel | CVE-2025-55236 | Graphics Kernel Remote Code Execution Vulnerability | Critical |
| Graphics Kernel | CVE-2025-55223 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important |
| Graphics Kernel | CVE-2025-55226 | Graphics Kernel Remote Code Execution Vulnerability | Critical |
| Microsoft AutoUpdate (MAU) | CVE-2025-55317 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-54105 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2025-9866 | Chromium: CVE-2025-9866 Inappropriate implementation in Extensions | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-9867 | Chromium: CVE-2025-9867 Inappropriate implementation in Downloads | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-53791 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2025-9864 | Chromium: CVE-2025-9864 Use after free in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-9865 | Chromium: CVE-2025-9865 Inappropriate implementation in Toolbar | Unknown |
| Microsoft Graphics Component | CVE-2025-53807 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-53800 | Windows Graphics Component Elevation of Privilege Vulnerability | Critical |
| Microsoft High Performance Compute Pack (HPC) | CVE-2025-55232 | Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-54910 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-55243 | Microsoft OfficePlus Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2025-54906 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-54902 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-54899 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-54904 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-54903 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-54898 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-54896 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-54900 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-54901 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office PowerPoint | CVE-2025-54908 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-54897 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2025-54907 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-54905 | Microsoft Word Information Disclosure Vulnerability | Important |
| Microsoft Virtual Hard Drive | CVE-2025-54112 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-54092 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-54091 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-54115 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-54098 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2025-47997 | Microsoft SQL Server Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2025-55227 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2024-21907 | VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json | Unknown |
| Windows Ancillary Function Driver for WinSock | CVE-2025-54099 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows BitLocker | CVE-2025-54911 | Windows BitLocker Elevation of Privilege Vulnerability | Important |
| Windows BitLocker | CVE-2025-54912 | Windows BitLocker Elevation of Privilege Vulnerability | Important |
| Windows Bluetooth Service | CVE-2025-53802 | Windows Bluetooth Service Elevation of Privilege Vulnerability | Important |
| Windows Connected Devices Platform Service | CVE-2025-54102 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| Windows Connected Devices Platform Service | CVE-2025-54114 | Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability | Important |
| Windows Defender Firewall Service | CVE-2025-53810 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important |
| Windows Defender Firewall Service | CVE-2025-53808 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important |
| Windows Defender Firewall Service | CVE-2025-54094 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important |
| Windows Defender Firewall Service | CVE-2025-54915 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important |
| Windows Defender Firewall Service | CVE-2025-54109 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important |
| Windows Defender Firewall Service | CVE-2025-54104 | Windows Defender Firewall Service Elevation of Privilege Vulnerability | Important |
| Windows DWM | CVE-2025-53801 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows Imaging Component | CVE-2025-53799 | Windows Imaging Component Information Disclosure Vulnerability | Critical |
| Windows Internet Information Services | CVE-2025-53805 | HTTP.sys Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2025-53803 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2025-53804 | Windows Kernel-Mode Driver Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2025-54110 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Local Security Authority Subsystem Service (LSASS) | CVE-2025-54894 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | Important |
| Windows Local Security Authority Subsystem Service (LSASS) | CVE-2025-53809 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Important |
| Windows Management Services | CVE-2025-54103 | Windows Management Service Elevation of Privilege Vulnerability | Important |
| Windows MapUrlToZone | CVE-2025-54107 | MapUrlToZone Security Feature Bypass Vulnerability | Important |
| Windows MapUrlToZone | CVE-2025-54917 | MapUrlToZone Security Feature Bypass Vulnerability | Important |
| Windows MultiPoint Services | CVE-2025-54116 | Windows MultiPoint Services Elevation of Privilege Vulnerability | Important |
| Windows NTFS | CVE-2025-54916 | Windows NTFS Remote Code Execution Vulnerability | Important |
| Windows NTLM | CVE-2025-54918 | Windows NTLM Elevation of Privilege Vulnerability | Critical |
| Windows PowerShell | CVE-2025-49734 | PowerShell Direct Elevation of Privilege Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-54095 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-54096 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-53797 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-53796 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-54106 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-54097 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-53798 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-54113 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-55225 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-53806 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows SMB | CVE-2025-55234 | Windows SMB Elevation of Privilege Vulnerability | Important |
منبع:
