Microsoft Addresses 107 Security Issues Including a Critical Zero-Day Flaw
In its August 2025 Patch Tuesday, Microsoft has released security updates addressing a total of 107 vulnerabilities. This includes a publicly disclosed zero-day flaw and 13 critical vulnerabilities that demand immediate attention.
The zero-day, identified as CVE-2025-53779, impacts Windows Kerberos authentication. It provides attackers with elevated privileges the opportunity to gain domain administrator access.
Among the critical fixes is CVE-2025-53786, a vulnerability found in Microsoft Exchange Server. This flaw allows attackers to pivot from compromised on-premises servers directly into cloud environments. As a result, they could potentially gain control over Exchange Online and Office 365 services.
Security researchers estimate that approximately 29,000 Exchange servers are publicly vulnerable to this flaw.
The update also addresses CVE-2025-53766, a heap-based buffer overflow in Windows Graphics Device Interface (GDI+). This vulnerability could allow remote code execution through malicious webpages or documents.
Microsoft emphasized that none of the vulnerabilities are currently being exploited in the wild. However, they urged immediate patching given the severity of the issues.
Source: KrebsonSecurity