The majority of concerns for September Patch Tuesday occurred prior to Patch Tuesday. In the few weeks prior to Patch Tuesday a pair of actively exploited Android CVEs (CVE-2025-38352, CVE-2025-48543), a zero-day in WhatsApp (CVE-2025-55177), and another zero-day in WinRAR (CVE-2025-8088) were resolved. Ensure you are responding to those vulnerabilities.
Microsoft only has a pair of publicly disclosed vulnerabilities (CVE-2025-55234, CVE-2024-21907) out of 81 total CVEs resolved this month making this about as close to a calm Patch Tuesday as we can hope for. The Windows OS and Office updates are rated Critical this month putting those as the highest priority, but with no zero-day exploits this month focus on routine maintenance from a Microsoft perspective.