Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs

September 2025 Patch Tuesday: SMB Relay & Azure Entra

Fortra
03/30/2026
0
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


TL;DR

  • CVE-2025-55234 is an SMB relay attack that Microsoft released to provide audit capabilities, raising questions about whether it should be classified as a CVE since SMB relay attacks are not new.
  • CVE-2025-55232 is a critical unauthenticated remote code execution vulnerability in Microsoft HPC Pack, though exploitation is considered less likely due to limited deployment of the software.
  • CVE-2025-55241 is a no-privileges-required privilege escalation in Azure Entra that has been automatically patched, but organizations should verify if their environments were affected given Entra's critical role.

Summary

Tyler Reguly, Associate Director of Security R&D at Fortra, provides a focused analysis of September 2025's Microsoft Patch Tuesday release, highlighting three vulnerabilities that warrant attention from IT and security teams. The briefing examines CVE-2025-55234, an SMB relay attack that Microsoft released primarily for audit capabilities rather than as a traditional vulnerability disclosure—a decision that raises questions about CVE assignment practices. Reguly also covers CVE-2025-55232, a critical unauthenticated remote code execution vulnerability in Microsoft's High Performance Compute Pack, and CVE-2025-55241, a privilege escalation issue in Azure Entra that requires no user privileges. While the Azure Entra vulnerability has been patched automatically by Microsoft, Reguly recommends organizations verify whether their environments were affected. This concise update helps administrators prioritize patching efforts and understand the strategic implications of Microsoft's security communications.

Chapters

0:00 - Introduction
0:09 - CVE-2025-55234: SMB Relay
0:40 - CVE-2025-55232: HPC Pack RCE
1:15 - CVE-2025-55241: Azure Entra Escalation

Key Quotes

0:18 "Microsoft states that they released the CVE to provide customers with audit capabilities. Now the goal of a CVE should be to define a vulnerability, not to announce new configuration features."
0:54 "The vulnerability allows for unauthenticated remote code execution. Hopefully that risk will be offset by the fact that not everyone runs this software, and that's likely one of the reasons why Microsoft has indicated that exploitation is less likely for this vulnerability."
1:35 "Azure Entra is such a critical component in environments, and it's something that you might want to talk to Microsoft about just to find out a bit more about how this vulnerability was discovered, or to find out if it had ever been exploited in the past in your environment."

Categories:
  • » Cybersecurity » Cloud Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Vulnerability Management
  • Cloud Security
  • Identity & Access
  • Technical Deep Dive
  • Best Practices
  • Patch Tuesday
  • Microsoft Security Updates
  • SMB Relay Attacks
  • Remote Code Execution
  • Azure Entra Security
  • Privilege Escalation
  • CVE Assignment Practices
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: September 2025 Patch Tuesday: SMB Relay & Azure Entra

              Upcoming Webinar Calendar

              • 04/08/2026
                01:00 PM
                04/08/2026
                Managing Configuration at Scale Across Group Policy and Intune
                https://www.truthinit.com/index.php/channel/1865/managing-configuration-at-scale-across-group-policy-and-intune/
              • 04/15/2026
                01:00 PM
                04/15/2026
                Service Account Security in the Age of AI: From Legacy Accounts to Agentic Identities
                https://www.truthinit.com/index.php/channel/1866/service-account-security-in-the-age-of-ai-from-legacy-accounts-to-agentic-identities/
              • 04/30/2026
                10:00 AM
                04/30/2026
                Insights from the 2026 Keepit Annual Data Report on SaaS Data Protection
                https://www.truthinit.com/index.php/channel/1868/insights-from-the-2026-keepit-annual-data-report-on-saas-data-protection/

              Upcoming Events

              • Apr
                08

                Managing Configuration at Scale Across Group Policy and Intune

                04/08/202601:00 PM ET
                • Apr
                  15

                  Service Account Security in the Age of AI: From Legacy Accounts to Agentic Identities

                  04/15/202601:00 PM ET
                  • Apr
                    30

                    Insights from the 2026 Keepit Annual Data Report on SaaS Data Protection

                    04/30/202610:00 AM ET
                    More events
                    Truth in IT
                    • Sponsor
                    • About Us
                    • Terms of Service
                    • Privacy Policy
                    • Contact Us
                    • Preference Management
                    Desktop version
                    Standard version