"September's Patch Tuesday won't require Microsoft users to rapidly repair rancid software, but SAP users need to move fast to address extremely dangerous bugs. Microsoft did find two bugs worthy of urgent attention. CVE-2025-55234 allows relay attacks and escalation of privileges against SMB Server. Admins can ameliorate these by using Server signing and the Extended Protection for Authentication (EPA) but it's better to patch and be safe than sorry."
"SAP NetWeaver customers need to get busy as the vendor's latest update addresses four critical vulnerabilities in the application, one of them scoring a perfect 10 on the CVSS scale. That perfectly poisonous problem involves deserialization ( CVE-2025-42944) that means an unauthenticated attacker can abuse authentication privileges in the RMI-P4 module used to distribute Java objects. The slightly less serious CVE-2025-42922 - only a CVSS 9.9 flaw - allows file uploads that would, to q"
September Patch Tuesday contains some important Microsoft fixes but does not require immediate widespread emergency updates for most users. Two Microsoft vulnerabilities warrant urgent attention: CVE-2025-55234 enabling relay attacks and privilege escalation against SMB Server, and CVE-2024-21907 affecting older Newtonsoft.Json versions that can be abused for denial-of-service. Microsoft also fixed a 9.8-rated remote code execution flaw in High Performance Compute (CVE-2025-55232) and warned administrators to watch for suspicious traffic on TCP port 5999. Multiple patches affect Office Preview pane, Excel, Defender Firewall, Hyper-V, and RRAS. SAP NetWeaver includes four critical flaws, including a CVSS 10.0 deserialization issue (CVE-2025-42944) enabling unauthenticated RMI-P4 abuse.
#microsoft-patches #smb-relayprivilege-escalation #sap-netweaver-deserialization #high-performance-compute-rce
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]