Microsoft’s latest Patch Tuesday drop for August 2025 delivers fixes for 119 security issues spanning its product lineup. Of these, 13 carry a Critical severity rating, 91 are classified as Important, and one is a zero-day vulnerability that had already been publicly disclosed before receiving a fix.
This month’s security release touches nearly every corner of Microsoft’s ecosystem, with fixes for Windows, Microsoft Office, Azure-based services, Exchange Server, Hyper-V, SQL Server, and the Edge browser. The flaws addressed break down into 44 that could allow attackers to escalate privileges, 35 enabling remote code execution, 18 tied to information leaks, as well as a smaller set involving four denial-of-service issues, nine spoofing, and one tampering vulnerability.
One of the most pressing item on the list is CVE-2025-53779, a Windows Kerberos privilege escalation vulnerability. The issue arises from a relative path traversal error in how the authentication service processes delegated Managed Service Accounts, specifically the msds-groupMSAMembership and msds-ManagedAccountPrecededByLink attributes, opening the door to domain-level compromise in the right conditions.
Discovered by Yuval Gordon of Akamai and detailed publicly in May under the name “BadSuccessor,” the flaw could enable an attacker with specific permissions on delegated Managed Service Accounts (dMSA) to gain domain administrator privileges. While exploitation requires prior control of key account attributes, security researchers warn it could be chained with other exploits, including Kerberoasting or Silver Ticket attacks, to fully compromise an Active Directory environment. At the time of disclosure, only 0.7% of Active Directory domains were found to meet the prerequisites for exploitation, suggesting limited but serious impact for affected organizations.
Other notable Critical-rated patches include:
- CVE-2025-53793 — Azure Stack Hub Information Disclosure
Flaw in Azure Stack Hub could leak sensitive deployment or tenant data to an unauthorized party.
- CVE-2025-49707 — Azure Virtual Machines Spoofing
Weakness in Azure VM authentication could let attackers impersonate services or systems.
- CVE-2025-53781 — Azure Virtual Machines Information Disclosure
Misconfiguration risk in Azure VMs could reveal environment or configuration details to outsiders.
- CVE-2025-50176 — DirectX Graphics Kernel RCE
Malicious graphics calls can trigger remote code execution in DirectX.
- CVE-2025-50165 — Windows Graphics Component RCE
Crafted images can execute code via the Windows graphics engine.
- CVE-2025-53740 — Microsoft Office Remote Code Execution
Specially built Office files could run attacker code when opened or previewed.
- CVE-2025-53731 — Microsoft Office RCE
A memory management issue in Office allows code execution through specially crafted files.
- CVE-2025-53784 — Microsoft Word RCE
The preview pane in Word can be exploited to run code without fully opening the file.
- CVE-2025-53733 — Microsoft Word RCE
A use-after-free flaw in Word permits embedded code execution with minimal interaction.
- CVE-2025-48807 — Windows Hyper-V RCE
Malicious virtual machines can exploit Hyper-V bugs to execute code on the host.
- CVE-2025-53766 — GDI+ RCE
A heap overflow in GDI+ enables crafted images to trigger arbitrary code execution.
- CVE-2025-50177 — Microsoft MSMQ RCE
A race condition in MSMQ lets remote attackers execute code on targeted systems.
- CVE-2025-53778 — Windows NTLM Privilege Escalation
Weakness in NTLM authentication can be used to escalate to SYSTEM privileges.
Microsoft noted that several flaws impacting its cloud offerings, among them Azure OpenAI, the Azure Portal, and Microsoft 365 Copilot BizChat, have already been corrected on the server side, eliminating the need for customer intervention.
Patch activity this month extended well beyond Redmond. Adobe, Cisco, Fortinet, Google, SAP, and Trend Micro all released their own security updates. Adobe’s rollout alone tackled 68 vulnerabilities spread across its creative and enterprise software lines, with 38 of those flaws rated Critical.
According to security analysts, certain vulnerabilities demand intricate attack setups, but others notably the Kerberos zero-day and the MSMQ-related weaknesses, pose a significant exploitation risk. Systems left without these fixes could be leveraged for privilege escalation, lateral movement within networks, data theft, or service disruption.
Experts recommend giving immediate attention to updates affecting internet-facing assets, identity management components, and messaging platforms, as these are more exposed to threat activity. The following Patch Tuesday release is slated for September 9, 2025.
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn and Instagram to keep the spark alive.
