Microsoft Fixes 107 Vulnerabilities, Including 13 RCE Flaws

Microsoft Fixes 107 Vulnerabilities, Including 13 RCE Flaws

Microsoft’s August Patch Tuesday fixes 107 vulnerabilities, including 13 critical RCE flaws, impacting Windows, Office, Azure, and more, urging fast updates.

Microsoft delivered patches for 107 vulnerabilities as per of its Patch Tuesday security updates. Of the identified vulnerabilities, 13 are classified as Critical, demanding immediate attention due to their severe potential impact.

Critical Vulnerabilities

This month’s updates feature 13 critical vulnerabilities, representing the most severe threats to systems. These flaws carry the potential for attackers to gain complete control, disclose sensitive information, or disrupt services, often without requiring any user interaction.

Many of the critical fixes target Remote Code Execution (RCE) flaws, which are among the most dangerous as they allow an attacker to execute arbitrary code on a compromised system. Notable RCE vulnerabilities include:

Windows Graphics Component (CVE-2025-50165)

This critical RCE vulnerability could allow unauthorized attackers to execute code over a network via untrusted pointer dereferences. Its impact on a fundamental Windows component makes it particularly concerning.

DirectX Graphics Kernel (CVE-2025-50176)

This is a type confusion vulnerability in the Graphics Kernel that enables local code execution by an authenticated attacker, potentially without requiring elevated privileges.

Microsoft Message Queuing (MSMQ) (CVE-2025-50177)

This use-after-free vulnerability allows an unauthenticated attacker to achieve remote code execution, although successful exploitation requires winning a race condition. The persistence of MSMQ vulnerabilities highlights an ongoing area of concern for system administrators.

Microsoft Office & Word (CVE-2025-53731, CVE-2025-53740, CVE-2025-53733, CVE-2025-53784)

Multiple use-after-free and other flaws in Microsoft Office and Word could allow unauthenticated attackers to achieve remote code execution. Often, these vulnerabilities can be triggered simply by a user opening a malicious file, underscoring the ongoing risk associated with document-based attacks.

GDI+ (CVE-2025-53766)

This is a heap-based buffer overflow vulnerability in Windows GDI+ that may allow an unauthenticated attacker to achieve remote code execution.

Windows Hyper-V (CVE-2025-48807)

In this vulnerability, an improper restriction of communication channels in Hyper-V could allow an authenticated attacker to achieve remote code execution. This is an important concern for organizations relying on virtualized environments, as it could lead to the compromise of virtual machines.

According to Microsoft’s security update guide, patches for Critical Elevation of Privilege (EoP) vulnerabilities have also been released. These vulnerabilities allow attackers to gain higher access levels on a system.

One such example is Windows NTLM (CVE-2025-53778), an improper authentication flaw that may allow an authenticated attacker to elevate privileges over a network, potentially gaining SYSTEM privileges. This poses a serious threat to network security and domain integrity.

Another vulnerability fixed in this update includes a Critical Information Disclosure vulnerability that could lead to the leakage of sensitive data. This includes Azure Virtual Machines (CVE-2025-53781), where a flaw could allow an attacker to disclose sensitive information.

Similarly, Azure Stack Hub (CVE-2025-53793) is affected by another critical information disclosure vulnerability, which could leak sensitive data to unauthorized actors. Finally, a critical Spoofing vulnerability was addressed.

For a quick overview of the most severe threats, the following table summarizes the critical vulnerabilities:

CVE ID Affected Product/Component Vulnerability Type Potential Impact
CVE-2025-53781 Azure Virtual Machines Information Disclosure Leakage of sensitive data
CVE-2025-50176 DirectX Graphics Kernel Remote Code Execution Local code execution, system compromise
CVE-2025-50177 Microsoft Message Queuing Remote Code Execution Remote code execution, system compromise
CVE-2025-53731 Microsoft Office Remote Code Execution Remote code execution, system compromise
CVE-2025-53740 Microsoft Office Remote Code Execution Remote code execution, system compromise
CVE-2025-53733 Microsoft Word Remote Code Execution Remote code execution, system compromise
CVE-2025-53766 GDI+ Remote Code Execution Remote code execution, system compromise
CVE-2025-53778 Windows NTLM Elevation of Privilege Gain SYSTEM privileges, network compromise
CVE-2025-53784 Microsoft Word Remote Code Execution Remote code execution, system compromise
CVE-2025-49707 Azure Virtual Machines Spoofing Local impersonation, unauthorized actions
CVE-2025-48807 Windows Hyper-V Remote Code Execution Local code execution, virtual environment compromise
CVE-2025-50165 Windows Graphics Component Remote Code Execution Remote code execution, system compromise
CVE-2025-53793 Azure Stack Hub Information Disclosure Leakage of sensitive data

Important Fixes and Security Patterns

Apart from the critical issues, Microsoft addressed 76 “Important” severity vulnerabilities. While these are not as immediately threatening as critical flaws, they can still lead to compromise, including privilege escalation, denial of service, information disclosure, and spoofing.

This month’s updates also saw several Elevation of Privilege (EoP) and Remote Code Execution (RCE) vulnerabilities covering all levels of seriousness. There were 40 EoP flaws in total, with 38 classified as Important.

RCE vulnerabilities totaled 35, with 26 rated as Important. This constant focus on RCE and EoP shows their importance as the main attack vectors for adversaries seeking to gain control and expand their reach within networks.

Some examples of Important RCEs include those affecting Microsoft Excel (CVE-2025-53741, CVE-2025-53759, CVE-2025-53737, CVE-2025-53739) with heap-based buffer overflows and use-after-free issues.

The Windows Routing and Remote Access Service (RRAS) also saw multiple heap-based buffer overflows (e.g., CVE-2025-49757, CVE-2025-50160, CVE-2025-50162, CVE-2025-50163, CVE-2025-50164, CVE-2025-53720).

Microsoft PowerPoint also had an Important RCE (CVE-2025-53761). Important EoPs include several SQL Server bugs like CVE-2025-49758, stemming from SQL injection weaknesses, and Microsoft SharePoint (CVE-2025-53760).

Lower severity

Lower severity issues also received attention. Two Moderate vulnerabilities were patched, including CVE-2025-53779 in Windows Kerberos, which involves relative path traversal for EoP.

Additionally, one Low severity spoofing flaw was fixed in Microsoft Edge for Android (CVE-2025-49755). While less urgent, these still contribute to the overall security and should not be overlooked, as they can be exploited with other vulnerabilities to further attacks.

A notable pattern emerging from this month’s patches involves the recurrence of common vulnerability types such as use-after-free errors, heap overflows, and improper input validation. These issues frequently appear, particularly in legacy components like Win32k and Ancillary Function Drivers.

This indicates continued challenges in managing the security of older, foundational codebases within Windows, which often predate modern secure coding practices. The continuous presence of these memory corruption flaws in such deep-seated components suggests a systemic challenge for Microsoft.

The Zero-Day Watch

Microsoft’s August 2025 Patch Tuesday includes one publicly disclosed zero-day vulnerability. Organizations need to understand the distinction here that while this vulnerability is known to the public, Microsoft reports that none of the patched vulnerabilities, including this zero-day, are currently listed as actively exploited in the wild as of August 12, 2025.

The distinction between “publicly disclosed” and “actively exploited” is important for understanding immediate risk. “Publicly disclosed” means the vulnerability’s details are available in the public domain, potentially giving threat actors a blueprint to develop their own exploits.

On the other hand, “actively exploited” means that attackers are already using the vulnerability in real-world attacks. The current “not actively exploited” status provides a critical, although temporary, window for organizations to apply patches.

Updates Across Microsoft’s Products

The August 2025 Patch Tuesday updates covers several Microsoft products and services. This includes core Windows components, popular Microsoft Office applications, Azure cloud services, Exchange Server, SQL Server, Windows Hyper-V, and even Microsoft Edge (Chromium-based).

Specifically, 10 vulnerabilities were addressed in Microsoft Edge (Chromium-based). These include multiple “use after free” issues in components like Cast and Extensions (CVE-2025-8578, CVE-2025-8576), and “inappropriate implementation” flaws in Picture In Picture and Filesystems (CVE-2025-8577, CVE-2025-8579, CVE-2025-8580).

Vulnerability Breakdown by Category and Severity (August 2025)

Vulnerability Type Critical Count Important Count Moderate Count Low Count Total
Remote Code Execution (RCE) 9 26 0 0 35
Elevation of Privilege (EoP) 1 38 1 0 40
Information Disclosure 2 14 0 0 16
Spoofing 1 7 1 1 10
Denial of Service (DoS) 0 5 0 0 5
Tampering 0 1 0 0 1
Total 13 91 2 1 107

PowerShell 2.0 Removal

Windows PowerShell 2.0 is being removed from Windows 11, version 24H2, starting with the August 2025 non-security update. It will also be removed from Windows Server 2025 with the September 2025 security update.

“Patch Tuesday after Black Hat is always spicy, and these patches (like all others) need to move with a sense of purpose, and the Kerberos vulnerability from Yuval Gordon is of particular interest as it appears this will be presented in detail at SecTor at the end of September 2025,” said Trey Ford, Chief Strategy and Trust Officer at Bugcrowd.

“Vulnerabilities like the Kerberos finding only goes to show the importance of diverse perspectives and testing in feature design and release – the power of the global security community can help confirm that new features, especially security features, are both effective and resilient,” he added.

If you run Windows, you’ll probably see updates in Windows Update later today or tomorrow, and it’s usually a good idea to install them promptly since many address security flaws actively targeted by attackers.





Source link