Microsoft’s August 2025 Patch Tuesday updates handle greater than 100 vulnerabilities throughout the tech large’s merchandise.
Not one of the safety holes patched this month seem to have been exploited within the wild. One vulnerability, a Home windows privilege escalation tracked as CVE-2025-53779, has been flagged as publicly disclosed.
A dozen vulnerabilities have been assigned a ‘vital severity’ score. Most of them are literally ‘excessive severity’ primarily based on their CVSS rating, aside from CVE-2025-53766, a distant code execution flaw in Home windows’ GDI+ part that has a CVSS rating of 9.8.
In line with Development Micro’s Zero Day Initiative (ZDI), which has summarized the patches, CVE-2025-53766 will be exploited by getting the focused person to go to a malicious web site or to open a malicious doc.
“A worst-case state of affairs could be an attacker importing one thing via an advert community that’s served as much as customers. Advert blockers are simply to take away annoyances; in addition they shield in opposition to malicious advertisements,” ZDI’s Dustin Childs defined. “They’re uncommon, however they’ve occurred prior to now. Since GDI+ touches so many various parts (and customers are inclined to click on on something), check and deploy this one shortly.”
One other vulnerability that’s ‘vital’ primarily based on its CVSS rating is CVE-2025-50165, which impacts Home windows’ graphics part and which additionally permits distant code execution. Exploitation requires the person to view a specifically crafted picture. Microsoft has assigned the problem an ‘essential’ severity score.
Different vulnerabilities permitting distant code execution are CVE-2025-53740 and CVE-2025-53731, which influence Workplace and will be exploited via the Preview Pane.
One other flaw value highlighting is CVE-2025-49712, a distant code execution bug affecting SharePoint. ZDI famous that it’s just like a vulnerability exploited just lately as a part of the ToolShell exploit chain. Commercial. Scroll to proceed studying.
The checklist of vulnerabilities flagged as ‘vital’ by Microsoft additionally contains a number of Hyper-V points (data disclosure, spoofing, and distant code execution), and an Azure Stack Hub data disclosure bug.
Microsoft’s exploitability evaluation for all of those points is ‘exploitation much less doubtless’ or ‘exploitation unlikely’, which signifies that the tech large doesn’t anticipate them to be exploited within the wild.
Adobe has additionally launched its Patch Tuesday updates, addressing almost 70 CVEs throughout over a dozen merchandise.
Associated: Microsoft Presents $5 Million at Zero Day Quest Hacking Contest
Associated: Organizations Warned of Vulnerability in Microsoft Alternate Hybrid Deployment
Associated: Microsoft Paid Out $17 Million in Bug Bounties in Previous Yr
