- 178/2025
- Critical
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed one zero-day vulnerability.
Microsoft has fixed (107) vulnerabilities, with (5) classified as critical, as they could allow the attacker to gain elevated privileges, perform denial of service attacks, perform spoofing over a network, or execute arbitrary code, and gain access to the affected systems.
August’s Patch Tuesday was released to fix security flaws in several Microsoft products such as Desktop Windows Manager, Microsoft Brokering File System, Microsoft Exchange Server, Microsoft Graphics Component, Remote Access Pointto- Point Protocol (PPP) EAP-TLS, Remote Desktop Server, Role: Windows Hyper-V, SQL Server, Windows File Explorer, Windows Installer, Windows Kerberos, Windows Kernel, Windows Local Security Authority Subsystem Service (LSASS), Windows Remote Desktop Services, Microsoft Office, Microsoft Office Excel, Microsoft Office PowerPoint, Microsoft Office Word, and Microsoft Teams.
The publicly disclosed zero-day vulnerability in August’s Patch is Windows Kerberos Elevation of Privilege Vulnerability “CVE-2025-53779” that allows the attacker to gain domain administrator privileges.
Sample of the addressed vulnerabilities:
1. Microsoft Azure OpenAI Elevation of Privilege Vulnerability (CVE-2025- 53767):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Privileges
2. Windows Graphics Component Remote Code Execution Vulnerability (CVE-2025-50165):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.