Resources

Microsoft Patch Tuesday August 2025

Written by Admin | Aug 13, 2025 7:36:16 AM

Microsoft has released this month’s Patch Tuesday updates, delivering fixes for 107 security flaws including one publicly disclosed zero-day vulnerability affecting Windows Kerberos.

This month’s update also addresses 13 issues rated as “Critical.” Of these, nine could allow remote code execution, three involve information disclosure, and one could be used for privilege escalation.

Here’s the breakdown of the vulnerabilities by category:

  1. 44 Elevation of Privilege

  2. 35 Remote Code Execution

  3. 18 Information Disclosure

  4. 4 Denial of Service

  5. 9 Spoofing

It’s worth noting that these figures only cover vulnerabilities patched on Patch Tuesday itself. Fixes for issues in Mariner, Azure, and Microsoft Edge released earlier in the month aren’t included in these totals.

The Zero-Day in Focus

The standout flaw this month is a Windows Kerberos elevation of privilege vulnerability (CVE-2025-53779) that was already publicly disclosed before this update.

If exploited, it could allow an authenticated attacker to gain domain administrator privileges, a serious risk for any organisation. According to Microsoft, the flaw involves a relative path traversal issue in Windows Kerberos that could be abused over a network.

Exploitation would require the attacker to have elevated access to certain directory attributes, including:

  1. msds-groupMSAMembership – which lets a user utilise the dMSA.
  2. msds-ManagedAccountPrecededByLink – which allows specifying a user that the dMSA can act on behalf of.

Wider Security Landscape

August’s Microsoft updates land alongside patches from other major vendors over the past month, including:

  1. 7-Zip – Update for a path traversal flaw leading to potential remote code execution.

  2. Adobe – Emergency patches for zero-days in AEM Forms.

  3. Cisco – Fixes for WebEx and Identity Services Engine.

  4. Fortinet – Updates for multiple products including FortiOS and FortiManager.

  5. Google – Android updates addressing two actively exploited Qualcomm vulnerabilities.

  6. Proton – Patch for its Authenticator app on iOS to stop logging sensitive TOTP secrets in plaintext.

  7. SAP – July updates for multiple products, including critical vulnerabilities rated 9.9.

  8. Trend Micro – Interim “fix tool” for an actively exploited RCE flaw in Apex One.

  9. WinRAR – Patch for an actively exploited path traversal bug that could lead to remote code execution.

For full technical details on each resolved vulnerability in this month’s Microsoft release, organisations should review Microsoft’s official security update guide and apply the relevant patches without delay.
View full post