Microsoft’s August Patch Tuesday has unveiled a comprehensive suite of updates addressing 111 vulnerabilities across its product lineup. Among these, a dozen flaws have been classified as critical, alongside one moderate-severity issue that is publicly known. Fortunately, Microsoft has indicated that none of the vulnerabilities disclosed this month are currently being exploited in the wild. However, caution is advised, as past experiences—such as the recent SharePoint incident—serve as a reminder that vulnerabilities can quickly become targets.
Details on the Known Bug
The known vulnerability in question is an elevation of privilege flaw within the Windows Kerberos network authentication protocol, tracked as CVE-2025-53779. This flaw has been assigned a CVSS score of 7.2, with Microsoft assessing that “exploitation is less likely.” This is largely due to the requirement for an attacker to first gain authenticated access to the delegated Managed Service Account (dMSA). The specific attributes involved include:
- msds-groupMSAMembership: This attribute permits the user to utilize the dMSA.
- msds-ManagedAccountPrecededByLink: An attacker must possess write access to this attribute to specify a user that the dMSA can impersonate.
If an attacker were to successfully exploit this vulnerability, they could potentially gain domain administrator privileges, a scenario that Microsoft has cautioned against. The discovery of this flaw is credited to Akamai researcher Yuval Gordon.
Microsoft Critical Flaws
Turning to the critical vulnerabilities, two notable flaws—CVE-2025-50165 and CVE-2025-53766—both present risks of remote code execution (RCE) and have been rated at a staggering 9.8 out of 10. CVE-2025-53766 arises from a heap-based buffer overflow in the Windows Graphics Device Interface (GDI+), allowing unauthorized attackers to execute code over a network. This vulnerability was identified by Check Point Research’s Gábor Selján.
Although Microsoft has categorized the likelihood of exploitation as “less likely,” the flaw does not require any privileges on the systems hosting the affected web services. As noted by Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative (ZDI), “it allows for code execution just by browsing to a malicious webpage.” In a worst-case scenario, an attacker could exploit this vulnerability by embedding a malicious metafile into a document, tricking users into downloading and opening it.
CVE-2025-50165, another RCE flaw, exists within the Windows Graphics Component and can also be exploited without user intervention—merely by viewing a specially crafted JPEG image embedded in Office and third-party files. While Microsoft similarly rates this vulnerability as “less likely” to be exploited, the disclosure of the flaw raises concerns about its potential misuse. This vulnerability was discovered by Zscaler’s Arjun G U.
Remember SharePoint?
In a familiar echo of past vulnerabilities, SharePoint has its own RCE bug, tracked as CVE-2025-49712. This critical flaw, with a severity score of 8.8, allows any authenticated user to trigger the vulnerability remotely. Although it is not currently under active attack, it mirrors the type of bug utilized in the second stage of existing exploits. Childs emphasizes the importance of ensuring that all SharePoint patches are current and suggests reconsidering the necessity of public internet access for the application.
A brief overview of other critical flaws addressed this month includes:
- CVE-2025-50177 – A Microsoft Message Queuing RCE
- CVE-2025-53731 and CVE-2025-53740 – A pair of Office RCEs
- CVE-2025-53733 and CVE-2025-53784 – Windows RCEs
- CVE-2025-53781 – A Hyper-V information disclosure vulnerability
- CVE-2025-49707 – A Hyper-V spoofing flaw
- CVE-2025-48807 – A Hyper-V RCE
- CVE-2025-53778 – A Windows NTLM elevation of privilege vulnerability
- CVE-2025-53793 – An Azure Stack Hub information disclosure bug
Adobe Fixes 68 CVEs
In parallel patching efforts, Adobe has released fixes for 68 CVEs this month. The updates for InCopy are particularly noteworthy, addressing eight critical bugs that permit RCE. Additionally, six critical and important bug fixes are included in the Commerce patch collection, while 12 of the 14 patches for InDesign are deemed critical.
Updates for Substance 3D Modeler rectify 13 critical and important CVEs, and the Substance 3D Painter addresses nine critical and important flaws. The Substance 3D Stager update resolves two bugs, one of which is critical, while the Substance 3D Sampler fixes one important-rated flaw. Furthermore, two critical CVEs have been patched in the Substance 3D Viewer update. Adobe also addressed two bugs in Animate, one of which is critical, and four in Illustrator, two of which are critical RCEs. Photoshop and FrameMaker updates include fixes for one critical flaw and five critical and important bugs, respectively, while Dimension sees a fix for a single important-rated flaw.
Patching SIG
Shifting focus to other tech giants, SAP has released 15 new security notes along with four updates to previously issued notes. Among these, three critical vulnerabilities rated at 9.9 warrant immediate attention. CVE-2025-42957 is a new code injection vulnerability affecting SAP S/4HANA, applicable to both private cloud and on-premises versions. CVE-2025-42950 is another code injection vulnerability in SAP’s Landscape Transformation analysis platform, while the third critical issue pertains to an update for a previously released security note addressing a code injection vulnerability in SAP S/4HANA.
Intel has also joined the patching initiative this month, issuing 34 advisories that address 66 vulnerabilities across its firmware, hardware, and software products. Notably, high-severity vulnerabilities affecting some Xeon 6 processors may allow for privilege escalation, alongside high-severity bugs in certain Intel Ethernet Drivers for Linux that could lead to privilege escalation, information disclosure, or denial of service.
Finally, Google has rolled out security updates for Android, addressing several flaws, including two actively exploited Qualcomm vulnerabilities: CVE-2025-27038 and CVE-2025-21479, which were disclosed in June and warned to be under limited, targeted exploitation.
