Microsoft has released a set of critical security updates addressing 86 Microsoft CVEs and 5 non-Microsoft CVEs, including fixes for various products such as SQL Server, Azure Windows Virtual Machine Agent, and Windows Routing and Remote Access Service (RRAS). The update also includes defense-in-depth updates to improve security-related features.
Microsoft Releases September 2025 Security Updates
As part of its ongoing commitment to ensuring user safety and security, Microsoft has released a set of critical security updates for various products. This release includes fixes for a total of 86 Microsoft CVEs and 5 non-Microsoft CVEs.
Key Highlights:
- The update addresses vulnerabilities in several key areas, including:
- SQL Server
- Azure Windows Virtual Machine Agent
- Windows PowerShell
- Microsoft Edge (Chromium-based)
- Windows Routing and Remote Access Service (RRAS)
- Windows Imaging Component
- Microsoft Graphics Component
- Windows DWM
- Windows Bluetooth Service
- Windows Kernel
- Windows Internet Information Services
- Windows Defender Firewall Service
- Role: Windows Hyper-V
- Windows TCP/IP
- Windows Connected Devices Platform Service
- Windows Management Services
- Microsoft Brokering File System
- Windows Routing and Remote Access Service (RRAS)
- Windows MapUrlToZone
- Capability Access Management Service (camsvc)
- Windows SPNEGO Extended Negotiation
- The update also includes defense-in-depth updates to help improve security-related features.
- 5 non-Microsoft CVEs have been republished, including:
- SQL Server: CVE-2024-21907
- Microsoft Edge (Chromium-based): CVE-2025-9864, CVE-2025-9865, CVE-2025-9866, and CVE-2025-9867
Security Update Guide Blog Posts:
- Toward greater transparency: Publishing machine-readable CSAF files (November 12, 2024)
- Toward greater transparency: Unveiling Cloud Service CVEs (June 27, 2024)
- Toward greater transparency: Security Update Guide now shares CWEs for CVEs (April 9, 2024)
- Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API (January 6, 2023)
- Coming Soon: New Security Update Guide Notification System (January 11, 2022)
- Continuing to Listen: Good News about the Security Update Guide API (February 9, 2021)
- Security Update Guide Supports CVEs Assigned by Industry Partners (January 13, 2021)
- Security Update Guide: Let’s keep the conversation going (December 8, 2020)
- Vulnerability Descriptions in the New Version of the Security Update Guide (November 9, 2020)
Relevant Resources:
- The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
- Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates.
- For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
- Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
Recommendation:
It is highly recommended that all users install these updates as soon as possible to ensure their systems are protected against potential vulnerabilities and exploits.
Security Update Guide - Microsoft Security Response Center
