{"id":2812,"date":"2025-09-14T16:52:45","date_gmt":"2025-09-14T16:52:45","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/09\/14\/two-zero-days-among-patch-tuesday-cves-this-month\/"},"modified":"2025-09-14T16:52:45","modified_gmt":"2025-09-14T16:52:45","slug":"two-zero-days-among-patch-tuesday-cves-this-month","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/09\/14\/two-zero-days-among-patch-tuesday-cves-this-month\/","title":{"rendered":"Two Zero-Days Among Patch Tuesday CVEs This Month"},"content":{"rendered":"
\n

\"Photo<\/p>\n<\/div>\n

\n
\n

Microsoft issued updates to fix 81 vulnerabilities in this month\u2019s Patch Tuesday yesterday, including two classed as zero-days which have been disclosed but not yet exploited.<\/p>\n

The first is CVE-2024-21907, which relates to improper handling of exceptional conditions in Newtonsoft.Json \u2013 a part of SQL server. The bug was originally made public in January 2024, although it may have been flagged as far back as 2018, according to Adam Barnett, lead software engineer at Rapid7.<\/p>\n

\u201cWhat happens if you ask SQL Server to deserialize a JSON object with thousands of levels of nested objects? If you guessed denial of service, then you are good at guessing, because that\u2019s what\u00a0CVE-2024-21907\u00a0describes,\u201d he explained.<\/p>\n

\u201cAs zero-day vulnerabilities go, it doesn\u2019t seem particularly terrifying, since presumably the worst an attacker can do is knock down a service, which can then be picked up again. Of course, that\u2019s all relative, since some SQL Server instances are doing very important work: think hospitals, airports\u00a0and other critical infrastructure.\u201d<\/p>\n

Read more on Patch Tuesday:\u00a0Read more on Patch Tuesday: Microsoft Fixes Seven Zero-Days in May Patch Tuesday<\/em><\/p>\n

The second zero-day is CVE-2025-55234, a Windows SMB elevation of privilege (EoP) vulnerability that can be exploited remotely.<\/p>\n

\u201cMicrosoft says that an attacker with network access would be able to perform a replay attack against a target host, which could result in the attacker gaining additional privileges, which could lead to code execution,\u201d explained Immersive senior director of threat research, Kev Breen. \u00a0<\/p>\n

\u201cIt is noted that the SMB Server already has the ability to harden against replay attacks by enabling features like SMB Server Signing and Extended Protection for Authentication. Before turning on these additional security features, organizations should check the potential impact, as enabling these features may adversely affect some third-party integrations or network configurations.\u201d<\/p>\n

Microsoft is also offering users audit capabilities to help them assess any compatibility issues before turning on the additional security features.<\/p>\n

Exploitation More Likely<\/h2>\n

Breen flagged several other EoP vulnerabilities fixed this Patch Tuesday which are labelled \u201cexploitation more likely\u201d by Microsoft. These include:<\/p>\n