Article Details
Scrape Timestamp (UTC): 2025-08-12 17:45:08.122
Original Article Text
Click to Toggle View
Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws. Today is Microsoft's August 2025 Patch Tuesday, which includes security updates for 107 flaws, including one publicly disclosed zero-day vulnerability in Windows Kerberos. This Patch Tuesday also fixes thirteen "Critical" vulnerabilities, nine of which are remote code execution vulnerabilities, three are information disclosure, and one is elevation of privileges. The number of bugs in each vulnerability category is listed below: When BleepingComputer reports on the Patch Tuesday security updates, we only count those released on Patch Tuesday. Therefore, the number of flaws does not include Mariner, Azure, and Microsoft Edge bugs fixed earlier this month. To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5063878 & KB5063875 cumulative updates and the Windows 10 KB5063709 cumulative update. One publicly disclosed zero-day fixed This month's Patch Tuesday fixes one publicly disclosed zero-day in Microsoft SQL Server. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available. The publicly disclosed zero-day is: CVE-2025-53779 - Windows Kerberos Elevation of Privilege Vulnerability Microsoft fixes a flaw in Windows Kerberos that allows an authenticated attacker to gain domain administrator privileges. "Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network," explains Microsoft. Microsoft says that an attacker would need to have elevated access to the following dMSA attributes to exploit the flaw: Microsoft attributes the discovery of this flaw to Yuval Gordon of Akamai, who published a technical report on the flaw in May. Recent updates from other companies Other vendors who released updates or advisories in July 2025 include: The August 2025 Patch Tuesday Security Updates Below is the complete list of resolved vulnerabilities in the July 2025 Patch Tuesday updates. To access the full description of each vulnerability and the systems it affects, you can view the full report here. Picus Blue Report 2025 is Here: 2X increase in password cracking 46% of environments had passwords cracked, nearly doubling from 25% last year. Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
Daily Brief Summary
Microsoft released updates for 107 security vulnerabilities in its August 2025 Patch Tuesday, including a critical zero-day in Windows Kerberos.
The zero-day, CVE-2025-53779, allows authenticated attackers to elevate privileges, potentially gaining domain administrator access.
Thirteen vulnerabilities are classified as "Critical," with nine enabling remote code execution, posing significant risks to network security.
Microsoft credited Yuval Gordon of Akamai for discovering the zero-day, initially disclosed in a May technical report.
Organizations are urged to apply the patches promptly to mitigate potential exploitation and secure their systems against these critical vulnerabilities.
This update cycle does not include fixes for Mariner, Azure, and Microsoft Edge, which were addressed earlier in the month.
The release emphasizes the ongoing need for robust patch management strategies to protect against evolving threats.