Microsoft August 2025 Patch

Microsoft August 2025 Patch Tuesday: 107 Vulnerabilities Fixed, Including One Zero-Day

ByMd Ariful Islam Updated on News
Microsoft August 2025 Patch

Microsoft has released its August 2025 Patch Tuesday updates, addressing a staggering 107 security vulnerabilities across its ecosystem, including Windows, Microsoft Office, Edge (Chromium-based), Azure, SQL Server, Hyper-V, and more. Among these, 13 critical vulnerabilities and one publicly disclosed zero-day in Windows Kerberos (CVE-2025-53779) stand out, urging immediate action for IT administrators and users to secure their systems. This article breaks down the key updates, their implications, and actionable steps to stay protected.

Key Highlights of August 2025 Patch Tuesday

1. Zero-Day Vulnerability in Windows Kerberos

The most pressing issue is CVE-2025-53779, an elevation of privilege (EoP) vulnerability in Windows Kerberos, affecting Windows Server 2025. This flaw, discovered by Akamai researcher Yuval Gordon and dubbed “BadSuccessor,” allows an attacker with control over specific attributes to gain domain administrator privileges. While no active exploitation has been reported, its public disclosure increases the urgency for patching, especially for organizations relying on Active Directory.

2. Critical Remote Code Execution (RCE) Flaws

Microsoft patched nine critical RCE vulnerabilities, with high CVSS scores ranging from 9.0 to 9.8. Notable issues include:

  • CVE-2025-50165: A Windows Graphics Component flaw that allows unauthenticated attackers to execute code via a malicious JPEG file, potentially embedded in Office documents or websites. This affects Windows 11 24H2 and Server 2025.
  • CVE-2025-53766: A heap-based buffer overflow in Windows GDI+ enables RCE through malicious metafiles, impacting a wide range of Windows versions, including Server 2008.
  • CVE-2025-53733 and CVE-2025-53784: Microsoft Word vulnerabilities that allow RCE via the Preview Pane, posing risks to users opening malicious documents.

These vulnerabilities are rated as “less likely” to be exploited but demand attention due to their potential for remote system compromise without user interaction.

3. Exchange Server Hybrid Deployment Vulnerability

Microsoft addressed CVE-2025-53786, an elevation of privilege flaw in Microsoft Exchange Server (2016, 2019, and Subscription Edition). This vulnerability could allow attackers to pivot from an on-premises breach to a cloud environment, compromising Exchange Online and Office 365 services. Approximately 29,000 unpatched Exchange servers remain vulnerable, according to the Shadowserver Foundation, emphasizing the need for immediate updates and manual configuration of hybrid connection services.

4. Windows 11 and 10 Updates: New Features and Security

The KB5063878 and KB5063875 updates for Windows 11 (24H2, 23H2, and 22H2) and KB5063709 for Windows 10 bring critical security fixes alongside new features:

  • Windows 11 24H2 (KB5063878): Introduces AI-powered features like Recall for Copilot+ PCs in the EU, a new black screen replacing the Blue Screen of Death (BSoD), and improved Snap layouts.
  • Windows 10 (KB5063709): Prepares systems for extended security updates as support ends on October 14, 2025.
  • Servicing Stack Update (KB5062686): Enhances the reliability of update installations for Windows 11 versions 22H2 and 23H2.

Microsoft also fixed an authentication issue causing sign-in delays on new devices, improving system performance.

5. Other High-Risk Vulnerabilities

Among the 91 important vulnerabilities, several are flagged as “more likely” to be exploited:

  • CVE-2025-53778: A Windows NTLM flaw allowing attackers with low-level network access to escalate to SYSTEM privileges.
  • CVE-2025-50177: A Microsoft Message Queuing (MSMQ) RCE vulnerability requiring a race condition but rated as high risk.
  • CVE-2025-53156: A Windows Storage Port Driver issue that could disclose kernel memory.

Additionally, Microsoft addressed vulnerabilities in Azure, SharePoint, SQL Server, and more, with a total of 42 elevation of privilege, 34 RCE, and 16 information disclosure flaws patched.

Why These Updates Matter

The August 2025 Patch Tuesday underscores the evolving threat landscape, with vulnerabilities spanning core Windows components, cloud services, and productivity tools. The Kerberos zero-day and Exchange Server flaws pose significant risks for enterprises, while critical RCE issues threaten both business and home users. With Windows 10 support ending in October 2025, users are urged to upgrade to Windows 11 or consider alternatives like Linux Mint for older hardware.

Actionable Steps for Users and IT Admins

  1. Apply Updates Immediately: Enable automatic updates via Windows Update or download standalone packages from the Microsoft Update Catalog.
  2. Prioritize Internet-Facing Systems: Patch Exchange Servers and other publicly accessible systems first to mitigate risks like CVE-2025-53786.
  3. Review Hybrid Configurations: Follow Microsoft’s manual instructions for securing Exchange Server hybrid connections.
  4. Upgrade Unsupported Systems: Windows 10 users should plan transitions to Windows 11 or explore Linux options before October 2025.
  5. Monitor for Exploitation: Use tools like Qualys VMDR or Cisco Snort rules to detect attempts to exploit these vulnerabilities.

Stay Informed

Microsoft’s August 2025 Patch Tuesday addresses critical security gaps, but timely patching is essential to stay ahead of attackers. For detailed insights, join webinars like Qualys’ “This Month in Vulnerabilities” or check the Microsoft Security Response Center for advisories.

Sources: BleepingComputer, Krebs on Security, Qualys, Microsoft Support, Shadowserver Foundation, Zero Day Initiative.

Md Ariful Islam

Hi, I’m Arif Rahman — a tech enthusiast, news writer, and curious mind who loves breaking down the latest in technology, gaming, cybersecurity, and digital trends. On The Gamers Mall Blog, I cover everything from major software updates and zero-day vulnerabilities to gaming hardware reviews and industry news.

I believe news should be clear, accurate, and useful. That’s why I take complex topics — whether it’s a Microsoft Patch Tuesday, a new GPU launch, or an emerging AI trend — and turn them into straightforward, easy-to-read articles. My goal is to help readers stay informed and make smarter decisions, whether they’re upgrading their PC, securing their data, or just keeping up with what’s new.

When I’m not writing, I’m usually testing gadgets, exploring new games, or researching the next big tech shift. If you’re looking for timely, well-explained, and trustworthy news, you’re in the right place.

MORE TO READ

Leave a Reply

Your email address will not be published. Required fields are marked *