MS Family September 2025 Secondary Security Update Advisory

Overview

 

Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.

 

Affected Products

 

 

Azure Family

Microsoft Entra ID

 

Windows Family

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows 11 Version 24H2 for ARM64-based Systems

Windows 11 Version 24H2 for x64-based Systems

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022, 23H2 Edition (Server Core installation)

Windows Server 2025

Windows Server 2025 (Server Core installation)

 

Resolved Vulnerabilities

 

One Critical and three Important vulnerabilities were found.

 

Azure family

Emergency-rated privilege escalation vulnerability in Azure Entra (CVE-2025-55241)

 

Windows family

Critical elevation of privilege vulnerabilities in Microsoft Graphics Component (CVE-2025-59215, CVE-2025-59216)

Critical elevation of privilege vulnerability in the Windows Bluetooth Service (CVE-2025-59220)

 

Vulnerability Patches

 

The following product-specific vulnerability patches were made available in the September 18, 2025 Update Please use the Windows Update feature for automatic installation or refer to the URLs in the product information below to download and install.