Initiativen für
    
    Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
      
     
                  
- Last update: 13/08/2025
- Affected Microsoft product families:
‣ Microsoft Office
‣ SQL Server
‣ Windows Kernel
‣ Windows NTLM
‣ Microsoft AutoUpdate (MAU)
‣ Windows SMBv3 Client
‣ Windows Win32K GRFX
‣ Graphics Kernel
‣ Azure Arc
‣ Windows Hyper-V
‣ and other Microsoft-related products.
- Type: Several types, ranging from Information Disclosure to Remote Code Execution and Privilege Escalation.
- CVE/CVSS:
Microsoft patched 80 vulnerabilities in its September 2025 Patch Tuesday release, 8 rated as critical, 72 rated important. including 2 0-day vulnerabilities.Number of CVE by type:
38 Elevation of Privilege vulnerabilities
22 Remote Code Execution vulnerabilities
14 Information Disclosure vulnerabilities
3 Denial of Service vulnerabilities
1 Spoofing vulnerability
2 Security Feature Bypass vulnerabilities
Microsoft: https://msrc.microsoft.com/update-guide/releaseNote/2025-Sep
Microsoft's September 2025 Patch Tuesday includes 80 vulnerabilities (8 critical, 72 important), across a wide range of Microsoft products, primarily impacting Microsoft Server and Workstations. This Patch Tuesday includes 2 0-Days. Some other vulnerabilities are also more likely to be exploited soon; therefore, urgent patching is advised.
Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software.
The CCB would like to point your attention to following vulnerabilities:
CVE-2025-55234: Windows SMB (fixed zero-day)
Elevation of Privilege Vulnerability.To exploit this CVE, an attacker can mount an SMB relay attack if the Windows SMB Server is not hardened with SMB signing or Extended Protection for Authentication (EPA); this improper authentication enables privilege elevation. According to Microsoft’s advisory, this vulnerability was publicly disclosed before a fix, and the September 9, 2025, updates add auditing to help admins assess compatibility before enforcing SMB signing/EPA. Rated Important (CVSS 3.1: 8.8). Guidance and audit events for enabling SMB signing/EPA are provided in Microsoft’s support documentation.
CVE-2024-21907: Newtonsoft.Json
Denial of Service Vulnerability. Remote Code Execution Vulnerability. To exploit this CVE, an unauthenticated attacker can send malicious serialised data to Microsoft HPC Pack, which deserialises untrusted input and executes code over the network. The flaw is rated Critical (CVSS 3.1 score 9.8).
CVE-2025-55232: Microsoft High Performance Compute (HPC) Pack
Elevation of Privilege Vulnerability. An attacker with low-level privileges can elevate their privileges to "SYSTEM", the highest level of privilege in Windows. SYSTEM privileges grant an attacker full access to the affected machine, potentially impacting the domain further. The vulnerability has a score of 8.8 (CVSSv3). Microsoft assesses that this vulnerability is more likely to be exploited in the future.
CVE-2025-54910: Microsoft Office
Heap-based Buffer Overflow Vulnerability. To exploit this CVE, an attacker can deliver a specially crafted Office document that, when opened or previewed in Outlook’s Preview Pane, enables arbitrary code execution on the target system. The flaw is rated Critical (CVSS 3.1 score 8.4) and assessed as “Exploitation Less Likely.”
CVE-2025-54918: Windows NTLM Elevation of Privilege Vulnerability (critical, exploitation more likely)
Elevation of Privilege Vulnerability. To exploit this CVE, an authenticated attacker can abuse flaws in Windows NTLM over a network to escalate privileges to SYSTEM. According to Microsoft’s advisory, this flaw is rated Critical (CVSS 3.1 score 8.8) and assessed as “Exploitation More Likely.” It was addressed in the September 9, 2025, Patch Tuesday updates. This is the third NTLM EoP patched in 2025, following CVE-2025-21311 in January and CVE-2025-53778 in August.
CVE-2025-54897: Microsoft SharePoint Remote Code Execution Vulnerability
Remote Code Execution Vulnerability. To exploit this CVE, an authenticated attacker can submit malicious input to a vulnerable SharePoint Server, allowing arbitrary code execution without requiring admin or elevated privileges. The flaw is rated Important (CVSS 3.1 score 8.8) and assessed as “Exploitation Less Likely.”
CVE-2025-55224: Windows Hyper-V Remote Code Execution Vulnerability
Remote Code Execution Vulnerability. To exploit this CVE, an attacker must win a race condition in Hyper-V to escape the guest security boundary and execute arbitrary code on the host. The flaw is rated Critical (CVSS 3.1 score 7.8) and assessed as “Exploitation Less Likely.”
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
Tenable - <https://www.tenable.com/blog/microsofts-september-2025-patch-tuesday-addresses-80-cves-cve-2025-55234 >