This Tuesday, Microsoft released security updates for 111 vulnerabilities in its software portfolio, known as August 2025 Patch Tuesday. 16 critical, 92 Important, two moderate, and one low severity flaw were mentioned in the flaws breakdown. These come into the following categories: denial-of-service (4), spoofing (8), information disclosure (18), remote code execution (35), and privilege escalation (44).
The last month's release had resolved 16 bugs in the Chromium-based Edge browser, which includes two spoofing bugs that affected Edge for Android.
Windows Kerberos EoP Vulnerability
In this month, the single vulnerability made public is CVE-2025-5377, also referred to as โBadSuccessor,โ a Windows Kerberos elevation of privilege flaw (CVSS 7.2). This issue was first reported by Akamai in 2025, impacting Windows Server 2025 Delegated Managed Service Account (dMSA) configurations.
Moreover, the point is that two sensitive dMSA attributes should be controlled before the exploitation:
-
- Users allowed to use the account credentials are identified by the msds-groupMSAMembership attribute.
- Users for whom the dMSA can act are mentioned in the MSDS-ManagedAccountPrecededByLink.
Hereโs a statement regarding the Badsuccessor from Satnam Narang, Senior Staff Research Engineer at Tenable. According to Narang, โThe immediate impact of BadSuccessor is limited and is just 0.7% of Active Directory domains that had met the prerequisite during the disclosure. To exploit BadSuccessor, an attacker needs to have at least one domain controller thatโs running Windows Server 2025 to achieve domain compromise,โ he further stated.
The List of Some Critical Microsoft August 2025 Patch Vulnerabilities
The following are some of the high-severity flaws in the Microsoft August 2025 Patch Tuesday release:
-
- CVE-2025-53767 (CVSS 10.0) โ Azure OpenAI elevation of privilege access, fixed by Microsoft already.
- CVE-2025-53766 (CVSS 9.8) โ Windows GDI+ RCE through malicious metafiles is exploitable without user privileges or interaction.
- CVE-2025-50165 (CVSS 9.8) โ Windows Graphics Component RCE via malicious JPEG files. There is no need for user interaction in this case.
- CVE-2025-53792 (CVSS 9.1) โ Azure Portal elevation of privilege. The tech giant has already remediated this issue.
- CVE-2025-50176 (CVSS 7.8) โ DirectX Graphics Kernel RCE. This vulnerability exploits type confusion that impacts the SYSTEM-level.
Check out some of the other vulnerabilities patched:
-
- Microsoft 365 Copilot Business Chat: CVE-2025-53774
- Windows Kerberos: CVE-2025-53779
- Azure Virtual Machines: CVE-2025-53781
- Microsoft Teams: CVE-2025-5783
Exploitation Related to Graphics
Regarding graphics-related vulnerabilities, Windows Graphics, GDI+, and DirectX can be exploited via malicious images or files uploaded to susceptible services and then transmitted over email or the web. The GDI+ bug is critical for apps that manage the uploading of vector graphics files.
An attacker must first compromise a privileged account to utilize the Kerberos zero-day exploit. Moreover, when combined with Kerberoasting or Silver Ticket, it can help further expand privileges.
The Mitigation:
Microsoft has focused on server-side fixes for the CVEs in its cloud services that affect Azure Portal, Microsoft 365 Copilot BizChat, Azure OpenAI, and more. According to the company, no customer action is required.
To end exploitation, quick patching is recommended for on-premises vulnerabilities, particularly those related to Kerberos EoP and graphics-related RCEs. Another point is that admins need to address the GDI+ and Graphics Component vulnerabilities as they pose a risk of remote, unauthenticated exploitation.
How is the Vulnerability Scenario?
-
- Publicly disclosed: 1 (Kerberos EoP, CVE-2025-53779)
- Exploited: Not reported during the release time
- Critical RCEs published: 9
- Browser related vulnerabilities: 8 have been fixed earlier this month
The Microsoft August 2025 Patch Tuesday provides a clear scope for keeping cloud and on-premises services secure. Alongside, provide privilege escalation and smartly identify flaws that result in a foundation for attack chains.
Hereโs what organizations should do:
-
- Prioritize patching Kerberos zero-day (CVE-2025-53779) in Server 2025 environments.
- Ensure that systems running Azure services are updated regularly.
- Keep a close check on Active Directory configurations for suspicious dMSA attribute changes.
The recent patch update by Microsoft highlights the importance of timely updates, strong defense, and vigilance against privilege escalation paths that could give attackers complete control of enterprise systems, as it addresses 111 vulnerabilities.
Here at SITW, we publish all cybersecurity-related news to keep you informed in the cybersecurity landscape. Visit us now:
Recommended For You:
