Microsoft’s September 2025 Patch Tuesday updates resolve a total of 86 vulnerabilities across Windows and other products.

The tech giant’s release notes indicate that none of the security holes patched this month have been exploited in the wild.

However, eight of them have an ‘exploitation more likely’ rating, including information disclosure and privilege escalation issues in the Windows kernel, a remote code execution vulnerability in Windows NTFS, and privilege escalation bugs in the Windows TCP/IP driver, Windows Hyper-V, Windows NTLM, and Windows SMB.

A majority of these vulnerabilities have a ‘high severity’ rating, and the NTLM and SMB issues have the highest CVSS score, 8.8/10. 

Based on CVSS score, the most important security hole patched by Microsoft this month is CVE-2025-55232, described as a remote code execution issue in the High Performance Compute (HPC) pack. CVE-2025-55232 has a CVSS score of 9.8.

“Customers should make sure the HPC Pack clusters are running in a trusted network secured by firewall rules especially for the TCP port 5999,” Microsoft tells customers.

Other issues with a CVSS score exceeding 8.0 are CVE-2025-54106 and CVE-2025-54113 (both remote code execution flaws in Routing and Remote Access Service), CVE-2025-54897 (remote code execution in SharePoint), CVE-2025-54910 (remote code execution in Office), and CVE-2025-55227 (privilege escalation in SQL Server).

However, all of these vulnerabilities, including the critical HPC pack issue, have an exploitability assessment of ‘exploitation less likely’ or ‘exploitation unlikely’.

Adobe’s Patch Tuesday updates for September 2025 address nearly two dozen vulnerabilities across nine products, including critical ColdFusion and Commerce flaws.