Microsoft Addresses 107 Critical Vulnerabilities in August 2025 Patch Tuesday Update
Microsoft rolled out its August 2025 Patch Tuesday security update this Tuesday, rectifying 107 critical vulnerabilities across its software suite. This includes a publicly disclosed zero-day vulnerability in the Windows Kerberos authentication system.
Out of the total patches, 13 vulnerabilities were given Microsoft’s highest critical rating. Additionally, 35 were classified as remote code execution flaws, which could potentially allow attackers to seize control of Windows systems. The zero-day flaw, identified as CVE-2025-53779, impacts Windows Kerberos and could permit an unauthenticated attacker to gain domain administrator privileges via a method termed “BadSuccessor” by security experts.
Adam Barnett, lead software engineer at Rapid7, clarified, “The good news here is that successful exploitation of CVE-2025-53779 requires an attacker to have pre-existing control of two attributes of the hopefully well protected dMSA.” The update also comprises critical fixes for vulnerabilities in the Windows Graphics Component, Microsoft Office, and SharePoint that could result in remote code execution.
Microsoft has assured that none of the vulnerabilities are currently being exploited in the wild, offering some respite for IT administrators managing enterprise systems. Organizations are strongly recommended to prioritize the installation of these patches without delay.
Source: www.bleepingcomputer.com