Microsoft released 86 patches this week with updates for Office, Windows, and SQL Server. But there were no zero-days, so theres no patch now recommendation from the Readiness team this month. This is an incredible sign of success for the Microsoft update group.To reinforce this fact, we have patches for Microsofts browser platform that have (perhaps for the first time) been rated at a much lower moderate security rating (as opposed to critical or important). More detail has been added to Septembers testing recommendations, given the reduced urgency (and therefore extra time) to deploy this months patches.To help navigate these changes, Readiness has crafted a helpfulinfographic detailing the risks of deploying updates to each platform. (More information aboutrecent Patch Tuesday releases is available here.)Known issuesMicrosoft reported an edge case affecting hot patched devices that have the September 2025 Hotpatch update (KB5065306) or the September 2025 security update (KB5065432). These devices might experience failures with PowerShell Direct (PSDirect)connections when the host and guest virtual machines (VMs) are both not fully updated. (Microsoft is investigating the problem.) Amajor issuewith last months update caused some of our clients unwarranted UAC promptson MSI Installer package repair. Thats been resolved now and our testing confirmed thatMSIInstallerrepairs work as intended. Thank you (Microsoft) for the quick fix.Major revisions and mitigationsThe following revisions to previous Microsoft updates require administrator attention and possibly additional actions on top of this months release:CVE-2025-48807: Windows Hyper-V Remote Code Execution Vulnerability. To comprehensively address this vulnerability, Microsoft released September 2025 security updates for Windows Server 2016, Windows 11, and newer x64-based editions of Windows 10.CVE-2025-21293: Active Directory Domain Services Elevation of Privilege Vulnerability: To comprehensively address CVE-2025-21293, Microsoft has released \security update KB5065426 for Windows Server 2025 and Windows 11 systems. Customers who install Microsoft (in-memory) HotPatchupdates should install KB5065474to be protected.CVE-2025-49734: PowerShell Direct Elevation of Privilege Vulnerability. Microsoft updated its affected products table, asPowerShell 7.4and now 7.5 are affected. Additional information can be found in thisGitHub posting.Also, this month Microsoft made two information only changes to how two vulnerabilities (CVE-2025-29833and CVE-2025-29954) were addressed in August.Windows lifecycle and enforcement updatesMicrosoft did not publish any enforcement updates. However, Secure Bootcertificates used by most Windows devices will be set to expire by Microsoft starting in June 2026. To avoid disruption, review Microsoftsguidanceand update these certificates in advance.Each month, Readiness analyzes the newest Patch Tuesday updates and provides detailed, actionable testing guidance. This guidance is based on assessing a large app portfolio and a comprehensive analysis of the Microsoft patches and their potential impact on Windows platforms and application deployments.This months updates require focused testing across network infrastructure, graphics subsystems, and authentication components. There are significant updates to core networking protocols,DirectXgraphics functionality, andBluetooth connectivity that demand immediate validation. These updates affect both client and server environments, with particular attention needed for organizations using Routing and Remote Access Services (RRAS)and those with complexBluetoothdevice management requirements.Network infrastructure and connectivityMicrosoft updated core network communication components, including socket handling andIPv6functionality. These low-level network changes can significantly affect enterprise connectivity and require comprehensive validation across different network scenarios:Send and receive packets over the network using bothIPv4andIPv6protocols.Test large file transfers overIPv6networks to validate performance and stability.Validate various network traffic conditions, including file transmission, remote desktop connections, and web browsing.Test messaging applications like Microsoft Teams or Skype with connect/disconnect/reconnect cycles.Graphics, DirectX and Application GuardThis month sees substantial updates to graphics subsystems and security isolation components that require testing to ensure graphics applications render correctly without screen corruption or performance degradation:Validate the critical updates forDirectXfunctionality andWindows Defender Application Guard.Execute applications andUWPapps that useDirectCompositionfunctionality to ensuretheresno flickering or display anomalies.TestDirectXAPI usage onHyper-Vguests with GPU-PV enabled across multi-threaded scenarios.ValidateWindows Defender Application Guardfunctionality with Office apps and Microsoft Edge.Authentication and Directory ServicesCritical updates to authentication components require thorough testing of domain and workstation authentication scenarios:UseNTLMandKerberosprotocols to authenticate users on both workstation-joined and domain-joined machines.Exercise theLogonUserEx APIfrom client applications to ensure programmatic authentication works correctly.Test secondary logon (RunAs) scenarios across different user contexts.ValidateCredSSP (Credential Security Support Provider)functionality.TestActive Directorycomponents including Active Directory Certificate ServicesandLDAPoperations.Bluetooth device managementThis months updates toBluetoothrequire device pairing and management testing that includes:Simultaneous Device Management: Pair and unpair multipleBluetoothdevices (earbuds, keyboards, speakers) simultaneously viaSwiftPairor Settings to stress-test concurrent operations.Multiple Adapter Support: Connect both internal and externalBluetoothadapters and test device pairing using each adapter independently.PIN and Consent Flow: UseBluetoothkeyboards requiring PIN entry, test pairing with correct and incorrect PINs, and verify graceful error handling and retry mechanisms.Monitor for UI hangs, pairing failures, or stale device entries during intensiveBluetoothoperations.Routing and Remote Access Services (RRAS)Significant updates to RRAScomponents require comprehensive testing for organizations using routing and remote access functionality:Perform configuration and viewing operations using the Routing and Remote Access management console for both local and remote installations.Test different property pages (DHCP,NAT,RIP,IGMP,and BOOTP) to ensure they display correct information for valid configurations.Ensure that invalid configurations are handled correctly by showing appropriate error dialogs or preventing access to misconfigured sections.Exercise remoteRRASserver management tasks to ensure remote administration capabilities remain functional.HTTP services and web infrastructureUpdates to core HTTP handling components require validation of modern web protocols and caching mechanisms:EnableBranch Cacheand configure HTTP server applications to cache responses.SendHTTP/2andHTTP/3requests to validate next-generation protocol support.Ensure request-response cycles complete without system crashes or bug-checks.Filesystem and storage operationsCore filesystem components that got patches and updates affecting file operations and virtual disk management will require the following tests:UsePowerShellsMount-DiskImagecmdlet to attachVHDfiles toNTFSvolumes.TestApp Silosfunctionality with applications that perform filesystem access.Additional app testingPrivacy and capability management components require testing to ensure user privacy controls work correctly:Validate that privacy permission changes take effect immediately and persist across system reboot.ValidateVPNconnection scenarios across differentVPNproviders and protocols.Test applications usingXAMLUI frameworks including Microsoft Photos and modernUWPapplications.Verify RemotePowerShellfunctionality usingInvoke-CommandandNew-PSSessioncmdlets.This months updates emphasize network reliability, graphics performance and security isolation. Organizations should prioritize testing in network-intensive environments and those with complex authentication requirements. Pay particular attention toBluetoothdevice management if your environment relies heavily on wireless peripherals, and ensure RRASfunctionality is thoroughly validated before deploying to production routing infrastructure.Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings:Browsers (Microsoft IE and Edge)Microsoft Windows (both desktop and server)Microsoft OfficeMicrosoft Exchange and SQL ServerMicrosoft Developer Tools (Visual Studio and .NET)Adobe (if you get this far)BrowsersMicrosoft published five internal updates (rated moderate) to its browser platform and four updates to the Chromium engineCVE-2025-9864,CVE-2025-9865,CVE-2025-9866andCVE-2025-9867). These low-profile changes can be added to your standard release calendar.Microsoft WindowsThe following areas have been updated with seven critical patches and 29 rated important. Thecritical patches update vulnerabilities found in the following features within the Windows platform:Graphics, Win32 (GRFX) and GDI and Kernel driversWindows NTLM authenticationWindows Imaging (Windows sub-system)Unusually, and given the absence of reports of public disclosure or exploits, the Readiness team recommends a standard release schedule for Windows. There is plenty to test, so use this extra time to our advantage.Microsoft OfficeMicrosoft released two critical updates to the Microsoft platform (CVE-2025-54910and CVE-2025-53799) that address vulnerabilities in Office (not specific to Word or Excel). There are also 15 patches rated important. None of these issues include preview pane attacks and can be added to your standard update release cycle.Microsoft Exchange and SQL ServerMicrosoft published two updates rated important (CVE-2025-47997and CVE-2024-21907). Neither SQL patch is reported as publicly disclosed or as exploited in the wild. As there are no Microsoft Exchange updates, add these SQL Server patches to your standard server update schedule. It goes without saying that the SQL Server patches will require a reboot.Developer ToolsThere were no updates to Microsoft developer tools and platforms (Visual Studio and Microsoft .NET) this cycle.Adobe (and third-party updates)Microsoft released a single update for third-party products. TheNewtonsoftvulnerability (CVE-2024-21907) addresses a mishandling of exceptional conditions vulnerability in Newtonsoft.Json before version 13.0.1. Crafted data that is passed to the JsonConvert.DeserializeObject method could trigger a StackOverflow exception, resulting in denial of service. Since there are no Adobe updates from Microsoft this month, I continue to promise to retire this sectionmaybe.