- August 2025 Patch Tuesday Update addresses 111 faults
- These include several faults of critical severity and a zero day problem
- Users must apply the fix immediately or risk attacking
Microsoft published its patch package Tuesday in August 2025, a cumulative set of updates bearing more than 100 vulnerabilities on a multitude of its products.
Among them, there was a known vulnerability of zero-day in Windows Kerberos, the implementation by the company of the Kerberos authentication protocol, which safely checks user identities in a Windows network using tickets instead of sending passwords to the network.
Kerberos has proven to contain a defect in a relative trajectory course which allows an authorized threat player to raise privileges on a network.
Critical severity defects
In addition to the day zero, Microsoft corrected 106 other faults, including 13 bugs labeled “critical”.
Among these, nine are remote code execution defects (RCE) which can be abused in the attacks on the control of devices, information disclosure defects which can be used in data exfiltration attacks and an elevation of the privilege bug.
Some of the most notable vulnerabilities set in the press release include a 10/10, a critical flaw in Azure Openai, followed as CVE-2025-53767, which could allow non-authenticated threat actors to remotely access sensitive information in AI environments.
Another notable mention is a distant code execution bug in the Microsoft graphic component which can be used via files or malicious images. It is followed as CVE-2025-50165 and received a gravity score of 9.8 / 10 (criticism).
There is also CVE-2025-53766, CVE-50171 and CVE-2025-53792, which all have a gravity score of 9.1 and more, which makes them critical.
In total, 111 vulnerabilities were discussed by Microsoft, and although none is marked as actively exploited in the wild, the administrators would be wise to apply the fix without delay.
Via Bleeping Compompute
