📅 Aug 13, 2025 ✍️ Cybernoz 📁 Securityaffairs 💬 0 ⏱️ 2 min

August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

Pierluigi Paganini
August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day August 12, 2025

August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

Microsoft Patch Tuesday security updates for August 2025 fixed 107 flaws, including a publicly disclosed Windows Kerberos zero-day.

Microsoft Patch Tuesday security updates for August 2025 fixed 107 vulnerabilities in Windows and Windows Components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, GitHub Copilot, Dynamics 365, SQL Server, and Hyper-V Server.

12 vulnerabilities are rated Critical, 93 are rated Important, one is rated Moderate, one is rated Low in severity.

One of the flaws, tracked as CVE-2025-53779 (CVSS score 7.2), is a Windows Kerberos zero-day that was publicly disclosed. An authenticated attacker can trigger the vulnerability to gain domain admin rights via relative path traversal.

“An attacker who successfully exploited this vulnerability could gain domain administrator privileges.” reads the advisory. “To successfully exploit this vulnerability, an attacker would need to have elevated access to certain attributes of the dMSA, specifically:

  • msds-ManagedAccountPrecededByLink: The attacker needs write access to this attribute, which allows them to specify a user that the dMSA can act on behalf of.”
  • msds-groupMSAMembership: This attribute allows the user to utilize the dMSA.”

The most severe vulnerability addressed by Microsoft is a heap-based buffer overflow in Windows GDI+, tracked as CVE-2025-53766 (CVSS score of 9.8), that allows an unauthorized attacker to execute code over a network.

The flaw can be exploited via a crafted metafile in a document, potentially even through web uploads without user interaction, posing high-risk scenarios.

“An attacker doesn’t require any privileges on the systems hosting the web services. Successful exploitation of this vulnerability could cause Remote Code Execution or Information Disclosure on web services that are parsing documents that contain a specially crafted metafile, without the involvement of a victim user.” reads the advisory.

The full list of CVEs addressed by Microsoft with the release of Patch Tuesday security updates for August 2025 is available here.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Patch Tuesday)




Source link

About Cybernoz

Security researcher and threat analyst with expertise in malware analysis and incident response.