Warning: Microsoft Patch Tuesday August 2025 patches 107 vulnerabilities (13 Critical, 91 Important, 2 Moderate, 1 Low), patch immediately!!

Image
Decorative image
Published : 13/08/2025
  • Last update: 13/08/2025
  • Affected Microsoft product families:

    ‣ Azure File Sync
    ‣ Azure OpenAI
    ‣ Azure Portal
    ‣ Azure Stack
    ‣ Azure Virtual Machines
    ‣ Desktop Windows Manager
    ‣ GitHub Copilot and Visual Studio
    ‣ Graphics Kernel
    ‣ Kernel Streaming WOW Thunk Service Driver
    ‣ Kernel Transaction Manager
    ‣ Microsoft 365 Copilot's Business Chat
    ‣ Microsoft Brokering File System
    ‣ Microsoft Dynamics 365 (on-premises)
    ‣ Microsoft Edge for Android
    ‣ Microsoft Exchange Server
    ‣ Microsoft Graphics Component
    ‣ Microsoft Office
    ‣ Microsoft Office Excel
    ‣ Microsoft Office PowerPoint
    ‣ Microsoft Office SharePoint
    ‣ Microsoft Office Visio
    ‣ Microsoft Office Word
    ‣ Microsoft Teams
    ‣ Remote Access Point-to-Point Protocol (PPP) EAP-TLS
    ‣ Remote Desktop Server
    ‣ Role: Windows Hyper-V
    ‣ SQL Server
    ‣ Storage Port Driver
    ‣ Web Deploy
    ‣ Windows Ancillary Function Driver for WinSock
    ‣ Windows Cloud Files Mini Filter Driver
    ‣ Windows Connected Devices Platform Service
    ‣ Windows DirectX
    ‣ Windows Distributed Transaction Coordinator
    ‣ Windows File Explorer
    ‣ Windows GDI+
    ‣ Windows Installer
    ‣ Windows Kerberos
    ‣ Windows Kernel
    ‣ Windows Local Security Authority Subsystem Service (LSASS)
    ‣ Windows Media
    ‣ Windows Message Queuing
    ‣ Windows NT OS Kernel
    ‣ Windows NTFS
    ‣ Windows NTLM
    ‣ Windows PrintWorkflowUserSvc
    ‣ Windows Push Notifications
    ‣ Windows Remote Desktop Services
    ‣ Windows Routing and Remote Access Service (RRAS)
    ‣ Windows SMB
    ‣ Windows Security App
    ‣ Windows StateRepository API
    ‣ Windows Subsystem for Linux
    ‣ Windows Win32K GRFX
    ‣ Windows Win32K ICOMP
  • Type: Several types, ranging from Information Disclosure to Remote Code Execution and Privilege Escalation.
  • CVE/CVSS:

    Microsoft patched 107 vulnerabilities in its August 2025 Patch Tuesday release, 13 rated as critical, 91 rated important. Additionally, 15 patches for vulnerabilities are included in the updates that were released at the beginning of the month.
    Number of CVE by type:

    35 Elevation of Privilege vulnerabilities
    42 Remote Code Execution vulnerabilities
    16 Information Disclosure vulnerabilities
    4 Denial of Service vulnerabilities
    9 Spoofing vulnerability
    1 tampering vulnerability

Sources

Microsoft: https://msrc.microsoft.com/update-guide/releaseNote/2025-Aug
Microsoft: Protections for CVE-2025-26647 (Kerberos Authentication)

Risks

Microsoft's August 2025 Patch Tuesday includes 107 vulnerabilities (13 critical, 91 important, 2 moderate and 1 low), for a wide range of Microsoft products, impacting Microsoft Server and Workstations. Microsoft's August 2025 Patch Tuesday does not include any actively exploited vulnerabilities, but according to Microsoft, some vulnerabilities are more likely to be exploited in the future; therefore, urgent patching is advised.

Description

Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software.

The CCB would like to point your attention to following vulnerabilities:

CVE-2025-53779: Windows Kerberos
Elevation of Privilege Vulnerability. Given certain conditions, an attacker can achieve full domain and forest compromise in an Active Directory (AD) environment. The attacker needs to be authenticated and have access to a user account with specific permissions in AD. Additionally, at least one domain controller in the domain needs to run Windows Server 2025. The vulnerability has a score of 7.2 (CVSSv3) and is also known as BadSuccessor after a security researcher at Akamai disclosed it on the 21st of May. Despite the high privileges required, the vulnerability is easy to exploit, since a write-up on the exploit is available, and has a severe impact on the affected systems.

CVE-2025-49712: Microsoft SharePoint
Remote Code Execution Vulnerability. An attacker with Site Owner privileges could either write arbitrary code or use code injection to achieve Remote Code Execution (RCE) on a vulnerable SharePoint Server. The vulnerability has a score of 8.8 (CVSSv3) and is easy to exploit, meaning the attacker requires no significant prior knowledge of the system and can achieve successful exploitation repeatedly, since no special conditions need to be present.

CVE-2025-53778: Windows NTLM
Elevation of Privilege Vulnerability. An attacker with low-level privileges can elevate their privileges to "SYSTEM", the highest level of privilege in Windows. SYSTEM privileges grant an attacker full access to the affected machine, potentially impacting the domain further. The vulnerability has a score of 8.8 (CVSSv3). Microsoft assesses that this vulnerability is more likely to be exploited in the future.

CVE-2025-53733: Microsoft Word
Remote Code Execution Vulnerability. An attacker could launch a remote attack (for example, through phishing) and execute arbitrary code on a local machine. Unlike most Microsoft Word exploits, this exploit requires no user interaction, and can be triggered through the Preview Pane. The vulnerability has a score of 8.4 (CVSSv3).

This month's patch Tuesday also includes a patch for CVE-2025-53786, A vulnerability in Microsoft Exchange Server in Hybrid Deployments. Remediation of this issue is less straightforward. Please visit the following link for more details about the issue: https://ccb.belgium.be/advisories/warning-microsoft-releases-guidance-critical-vulnerability-microsoft-exchange-server.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

Tenable - https://www.tenable.com/blog/microsofts-august-2025-patch-tuesday-addresses-107-cves-cve-2025-53779
KrebsOnSecurity - https://krebsonsecurity.com/2025/08/microsoft-patch-tuesday-august-2025-edition/