Cyber999 Advisories

Overview Contact Advisories Incident Statistics
Share this page :
1 October 2025     Advisory

MA-1395.102025: MyCERT Advisory - Security Updates - Microsoft

1.0 Introduction

Recently, Microsoft has released security updates to address multiple vulnerabilities across Windows, Office, Hyper-V, SMB, NTLM, and related components. The updates include two publicly disclosed zero-day vulnerabilities and eight critical vulnerabilities.

2.0 Impact

Successful exploitation of these vulnerabilities could allow attackers to perform remote code execution (RCE), elevation of privilege (EoP), denial of service (DoS), or security feature bypass. The publicly disclosed vulnerabilities increase the risk of exploitation, particularly in unpatched systems. An attacker could leverage these flaws to gain unauthorized access, execute arbitrary code, disrupt services, or escape from guest virtual machines to the host environment, impacting the confidentiality, integrity, and availability of affected systems.

3.0 Affected Products

Publicly Disclosed Zero-Days vulnerabilities

  • CVE-2025-55234 – Windows SMB EoP
  • CVE-2024-21907 – Newtonsoft.Json DoS in SQL Server

Critical Vulnerabilities

  • CVE-2025-54916 – Windows NTFS RCE 
  • CVE-2025-54910 – Microsoft Office RCE 
  • CVE-2025-54918 – Windows NTLM EoP 
  • CVE-2025-54101 – Windows SMB v3 Client/Server RCE 
  • CVE-2025-55228 – Graphics/Win32K Kernel
  • CVE-2025-53800 – Graphics/Win32K Kernel
  • CVE-2025-55236 – Graphics/Win32K Kernel 
  • CVE-2025-55224 – Hyper-V RCE 


4.0 Recommendations

CyberSecurity Malaysia encourages users and administrators to review the  Microsoft MSRC Security Update Guide  and apply the necessary updates.

Kindly refer to the following URL:  https://msrc.microsoft.com/update-guide/releaseNote/2025-Sep

Generally, we advise users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 08:30 -17:30 MYT 
Web:  https://www.cybersecurity.my
 
5.0 References

Search
Type
Archives
logo
CyberSecurity Malaysia is the national cyber security specialist agency under the purview of the Ministry of Digital (KD)
 
Select User Category
Contact Us

  • CyberSecurity Malaysia,
    Level 7 Tower 1, Menara Cyber Axis, Jalan Impact,
    63000 Cyberjaya, Selangor Darul Ehsan, Malaysia.

  • enquiry@cybersecurity.my

  • +603 - 8800 7999

  • +603 - 8008 7000

COPYRIGHT © CYBERSECURITY MALAYSIA

CONTACT US | DISCLAIMER | PERSONAL DATA PROTECTION NOTICE | SITEMAP

TOP
ASK Byte
Chatbot Portal

Hi, I am ASK Byte. Please submit your questions about the portal and I will try to get answers from online knowledge stores.

Hi, Saya Admin Chatbot. Saya sedia chat dengan anda secara terus. Bagaimana saya boleh membantu anda?

Click the button below to interact with the CSM chatbot

Proceed