Tyler Reguly, Associate Director, Security R&D, Fortra
Today, we have to start with the CVE that made me do a double take. A CVE that I feel should be rejected by MITRE – CVE-2025-55234. We know that relay attacks are possible against SMB and we know that there are hardening mechanisms available to assist with this. So, why is Microsoft releasing a CVE where they state, “Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks.” (https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55234)
As far as I’m concerned, Microsoft told us they have assigned a CVE not because of a vulnerability but to raise awareness to new auditing capabilities that they’ve added to assist with protective measures. If that is the case, that is a misuse of the CVE system. If that is not the case, then Microsoft needs to provide clarification very quickly.
This month there is a single CVE with a CVSS score in the critical range, CVE-2025-55232 (https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55232), a vulnerability in the Microsoft High Performance Compute (HPC) Pack that could allow unauthorized attackers to execute code over the network. That makes this a CVSS 9.8 vulnerability and one that people need to pay attention to. Microsoft has provided mitigation steps for those that cannot update immediately. This is important as the update for HPC Pack 2016 is to migrate to HPC Pack 2019 as there is no fix for HPC Pack 2016. Thankfully, Microsoft has labeled this as exploitation less likely with a severity of important, but it is still something that you’ll want to pay attention to if you have the High Performance Compute Pack deployed in your environment.
While Microsoft has identified 11 vulnerabilities as critical this month, only one of those is identified as exploitation more likely. A vulnerability in NTLM that could allow an authorized attacker to gain SYSTEM level privileges via a network-based attack. This is what you’ll want to pay attention to until you have patches deployed. Since this is a privilege escalation for an authenticated user, this is one of those, “the call is coming from inside the house” type situations and a great way for attackers to potentially move laterally in your network.
For CSOs paying attention this month, I would have a couple of questions that I’d ask my team to take back to my Microsoft reps.
First, are they confident that there was no exploitation or disclosure related to CVE-2025-55241(https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55241), a vulnerability in Azure Entra that allowed for privilege elevation without the need for privileges… something I would typically think of as code execution rather than privilege escalation. This is a no customer action required vulnerability and has already been resolved by Microsoft, but knowing more about the scenario and having a guarantee that there was no past exploitation would be important to me.
Second, I would want to know more about CVE-2025-55234 and whether there truly is a vulnerability associated with it. If this is a vendor using a CVE simply to add a feature, that is something that CSOs everywhere need to push back against. There are enough legitimate CVEs being issued, that we shouldn’t have to worry about CVEs without new vulnerabilities. This just adds complexity to an already complex situation.
Related
This entry was posted on September 9, 2025 at 4:10 pm and is filed under Commentary with tags Fortra. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
September Patch Tuesday Commentary From Fortra
Tyler Reguly, Associate Director, Security R&D, Fortra
Today, we have to start with the CVE that made me do a double take. A CVE that I feel should be rejected by MITRE – CVE-2025-55234. We know that relay attacks are possible against SMB and we know that there are hardening mechanisms available to assist with this. So, why is Microsoft releasing a CVE where they state, “Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks.” (https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55234)
As far as I’m concerned, Microsoft told us they have assigned a CVE not because of a vulnerability but to raise awareness to new auditing capabilities that they’ve added to assist with protective measures. If that is the case, that is a misuse of the CVE system. If that is not the case, then Microsoft needs to provide clarification very quickly.
This month there is a single CVE with a CVSS score in the critical range, CVE-2025-55232 (https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55232), a vulnerability in the Microsoft High Performance Compute (HPC) Pack that could allow unauthorized attackers to execute code over the network. That makes this a CVSS 9.8 vulnerability and one that people need to pay attention to. Microsoft has provided mitigation steps for those that cannot update immediately. This is important as the update for HPC Pack 2016 is to migrate to HPC Pack 2019 as there is no fix for HPC Pack 2016. Thankfully, Microsoft has labeled this as exploitation less likely with a severity of important, but it is still something that you’ll want to pay attention to if you have the High Performance Compute Pack deployed in your environment.
While Microsoft has identified 11 vulnerabilities as critical this month, only one of those is identified as exploitation more likely. A vulnerability in NTLM that could allow an authorized attacker to gain SYSTEM level privileges via a network-based attack. This is what you’ll want to pay attention to until you have patches deployed. Since this is a privilege escalation for an authenticated user, this is one of those, “the call is coming from inside the house” type situations and a great way for attackers to potentially move laterally in your network.
For CSOs paying attention this month, I would have a couple of questions that I’d ask my team to take back to my Microsoft reps.
First, are they confident that there was no exploitation or disclosure related to CVE-2025-55241(https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55241), a vulnerability in Azure Entra that allowed for privilege elevation without the need for privileges… something I would typically think of as code execution rather than privilege escalation. This is a no customer action required vulnerability and has already been resolved by Microsoft, but knowing more about the scenario and having a guarantee that there was no past exploitation would be important to me.
Second, I would want to know more about CVE-2025-55234 and whether there truly is a vulnerability associated with it. If this is a vendor using a CVE simply to add a feature, that is something that CSOs everywhere need to push back against. There are enough legitimate CVEs being issued, that we shouldn’t have to worry about CVEs without new vulnerabilities. This just adds complexity to an already complex situation.
Share this:
Like this:
Related
This entry was posted on September 9, 2025 at 4:10 pm and is filed under Commentary with tags Fortra. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.