September’s Patch Tuesday won’t require Microsoft users to rapidly repair rancid software, but SAP users need to move fast to address extremely dangerous bugs.

Microsoft did find two bugs worthy of urgent attention. CVE-2025-55234 allows relay attacks and escalation of privileges against SMB Server. Admins can ameliorate these by using Server signing and the Extended Protection for Authentication (EPA) but it's better to patch and be safe than sorry.

The second, CVE-2024-21907 , isn't too much of an issue unless you're running a version of Newtonsoft.Json prior to the 13.0.1 build. This flaw emerged last year, so if you're vulnerable you may already face a problem with denial-of-service attacks exploiting the errors in its use of libraries.

Microsoft’s fixed-flaw manifesto includes the

See Full Page