Ethical Hacking News
Microsoft's August Patch Tuesday has addressed 111 problems in its products, including a dozen critical security flaws. But is your system secure? Take steps to protect yourself from these vulnerabilities and stay ahead of the threat curve.
Microsoft's August Patch Tuesday has addressed 111 security flaws, including 12 critical and one moderate-severity bug. The known bug is an elevation of privilege flaw in Windows Kerberos network authentication protocol (CVE-2025-53779) with exploitation less likely due to required permissions. Critical flaws include remote code execution (RCE) vulnerabilities in Windows Graphics Device Interface (GDI+), Microsoft Message Queuing, Office, and Hyper-V, among others. Some RCE bugs can be exploited without user intervention, making them a significant threat. A SharePoint bug allows any authenticated user to trigger the vulnerability, which is remotely exploitable.
Microsoft's August Patch Tuesday has arrived, bringing a baker's dozen of critical security flaws to the fore. In this month's update, Microsoft addressed 111 problems in its products, with 12 of them deemed critical and one moderate-severity flaw that is listed as being publicly known.
The good news is that Microsoft says none of the August security holes are under active exploitation. However, before you put your feet up and relax or pop some champagne, remember that the software giant said July's patches didn't address any active exploits, and we all know how that turned out (cough) SharePoint (cough).
Let's start with the known bug, an elevation of privilege flaw in Windows Kerberos network authentication protocol. It's tracked as CVE-2025-53779. Microsoft rates it 7.2 on the ten-point CVSS scale, and the software giant deems "exploitation less likely" because to abuse this vulnerability, an attacker would first need to be authenticated with explicit permissions to the delegated Managed Service Account (dMSA).
This attribute allows the user to utilize the dMSA. The attacker needs write access to this attribute, which allows them to specify a user that the dMSA can act on behalf of. Assuming the stars aligned, someone who "successfully exploited this vulnerability could gain domain administrator privileges," Redmond warned.
Microsoft credited Akamai researcher Yuval Gordon with disclosing this bug. Moving on to the critical flaws: CVE-2025-50165 and CVE-2025-53766 both can lead to remote code execution (RCE) and scored 9.8/10. CVE-2025-53766 is due to a heap-based buffer overflow in Windows Graphics Device Interface (GDI+), which could allow an unauthorized attacker to execute code over a network.
Check Point Research's Gábor Selján found and reported this one to Microsoft. While it's deemed "exploitation less likely," an attacker doesn't require any privileges on the systems hosting the flawed web services. As Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI) noted: "it allows for code execution just by browsing to a malicious webpage."
A worst-case scenario would be an attacker uploading something through an ad network that is served up to users. While that's the worst-case scenario, an attacker could also exploit this bug by embedding a specially crafted metafile into a document and tricking the victim into downloading and opening the document.
CVE-2025-50165 is an RCE flaw in the Windows Graphics Component and can be exploited without any user intervention – simply by viewing a specially crafted JPEG image that's embedded in Office and third-party files. Disclosure of this bug means that advice could be wishful thinking. Zcaler's Arjun G U gets credit for finding this bug.
Speaking of SharePoint, it has an RCE bug tracked as CVE-2025-49712. It's critical, with an 8.8 severity score, and allows any authenticated user to trigger the vulnerability. This one is remotely exploitable, which is a cause for concern.
"While this bug is not listed as under active attack, it is the same type of bug used in the second stage of existing exploits," Trend Micro's Childs wrote. "The first stage is an authentication bypass, as this vulnerability does require authentication. However, several auth bypasses are publicly known (and patched)."
Here's a quick look at the other critical flaws fixed this month:
* CVE-2025-50177 – A Microsoft Message Queuing RCE
* CVE-2025-53731 and CVE-2025-53740 – A pair of Office RCEs
* CVE-2025-53733 and CVE-2025-53784 – Windows RCEs
* CVE-2025-53781 – A Hyper-V information disclosure vulnerability
* CVE-2025-49707 – A Hyper-V spoofing flaw
* CVE-2025-48807 – A Hyper-V RCE
* CVE-2025-53778 – A Windows New Technology LAN Manager (NTLM) elevation of privilege vulnerability
* CVE-2025-53793 – An Azure Stack Hub information disclosure bug
In other patching news, Adobe published fixes for 68 CVEs this month. The patches for InCopy seem a good place to start as they address eight bugs, all deemed critical and all allowing RCE. There are also six critical and important bug fixes in the Commerce patch collection.
Adobe considers 12 of the 14 patches InDesign to be critical. Meanwhile, updates to Substance 3D Modeler fix 13 critical and important CVEs and the Substance 3D Painter addresses nine critical and important flaws.
Microsoft has released a number of security advisories in recent days, including one for an Exchange server bug that can lead to 'total domain compromise.' The company is also warning about the risks associated with using public Wi-Fi networks.
The patching efforts highlight the importance of keeping software up-to-date and being vigilant about potential security threats. As the saying goes: "an ounce of prevention is worth a pound of cure."
Related Information:
https://www.ethicalhackingnews.com/articles/MICROSOFTS-AUGUST-PATCH-TUESDAY-A-BAKERS-DOZEN-OF-CRITICAL-FLAWS-FIXED-BUT-IS-YOUR-SYSTEM-SECURE-ehn.shtml
Published: Tue Aug 12 19:35:33 2025 by llama3.2 3B Q4_K_M
