Analysis of Microsoft Patch Tuesday updates - August 2025
Executive Summary
On Tuesday, 12.08.2025, Microsoft released its monthly security update, addressing 111 vulnerabilities across its products.
By severity:
- Important - 91;
- Critical - 17;
- Moderate - 2;
- Low - 1.
Exploited (Zero-Days) and Publicly Disclosed Vulnerabilities
Special attention should be paid to the following issue. Fixing it is the highest priority:
- CVE-2025-53779 (CVSS 7.2; Moderate) - Windows Kerberos Elevation of Privilege Vulnerability (Elevation of Privilege). This CWE-23 (Relative Path Traversal) vulnerability can allow an attacker to elevate privileges up to a domain administrator.
Overview and trends
Microsoft’s August 2025 Patch Tuesday continues the trend of large releases, fixing 111 vulnerabilities. This total is comparable to the sizeable July release (130) and significantly higher than June (66), indicating Microsoft continues to discover and patch vulnerabilities at a high pace across its products. Key trends observed this month include:
- Focus on Elevation of Privilege (EoP) vulnerabilities: The overwhelming majority of fixes (over 40) target elevation-of-privilege issues. This affects a wide range of components, including the Windows kernel, drivers, Hyper-V, and SQL Server, pointing to Microsoft’s systematic efforts to harden core security mechanisms.
- Vulnerabilities in cloud and AI products: A standout feature this month is the presence of critical vulnerabilities in modern cloud and AI services. Of particular note is the CVE-2025-53767 vulnerability in Azure OpenAI with the maximum rating of CVSS 10.0, as well as vulnerabilities in Azure Portal, Microsoft 365 Copilot, and GitHub Copilot. This highlights the shift of attack vectors toward new, rapidly evolving technologies.
- Multiple RCEs in key applications: A significant number of remote code execution (RCE) vulnerabilities were fixed in business-critical applications such as Microsoft Office (Word, Excel, Visio), Microsoft Message Queuing (MSMQ), and Windows Routing and Remote Access Service (RRAS). This confirms that these products remain attractive targets for attackers.
- Publicly disclosed Kerberos vulnerability: The presence of a publicly disclosed—albeit moderately rated—vulnerability CVE-2025-53779 in Windows Kerberos increases the risk of exploitation. Attackers can use this information to develop exploits aimed at gaining elevated privileges in domain environments.
- High number of critical vulnerabilities: This month, 17 critical vulnerabilities were fixed. They affect a wide range of products, including Azure, Office, SQL Server, and Hyper-V, requiring a comprehensive and well-planned patch deployment process.
Full List of Vulnerabilities
Below is a table with all vulnerabilities fixed this month.
| CVE | Title | Type | CVSS | Severity | Exploited | Publicly Disclosed |
|---|---|---|---|---|---|---|
| CVE-2025-53779 | Windows Kerberos Elevation of Privilege Vulnerability | Elevation of Privilege | 7.2 | Moderate | No | Yes |
| CVE-2025-53767 | Azure OpenAI Elevation of Privilege Vulnerability | Elevation of Privilege | 10.0 | Critical | No | No |
| CVE-2025-50165 | Windows Graphics Component Remote Code Execution Vulnerability | Remote Code Execution | 9.8 | Critical | No | No |
| CVE-2025-53766 | GDI+ Remote Code Execution Vulnerability | Remote Code Execution | 9.8 | Critical | No | No |
| CVE-2025-50171 | Remote Desktop Spoofing Vulnerability | Spoofing | 9.1 | Important | No | No |
| CVE-2025-53792 | Azure Portal Elevation of Privilege Vulnerability | Elevation of Privilege | 9.1 | Critical | No | No |
| CVE-2025-24999 | Microsoft SQL Server Elevation of Privilege Vulnerability | Elevation of Privilege | 8.8 | Important | No | No |
| CVE-2025-47954 | Microsoft SQL Server Elevation of Privilege Vulnerability | Elevation of Privilege | 8.8 | Important | No | No |
| CVE-2025-49712 | Microsoft SharePoint Remote Code Execution Vulnerability | Remote Code Execution | 8.8 | Important | No | No |
| CVE-2025-49757 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Remote Code Execution | 8.8 | Important | No | No |
| CVE-2025-49758 | Microsoft SQL Server Elevation of Privilege Vulnerability | Elevation of Privilege | 8.8 | Important | No | No |
| CVE-2025-49759 | Microsoft SQL Server Elevation of Privilege Vulnerability | Elevation of Privilege | 8.8 | Important | No | No |
| CVE-2025-50163 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Remote Code Execution | 8.8 | Important | No | No |
| CVE-2025-53131 | Windows Media Remote Code Execution Vulnerability | Remote Code Execution | 8.8 | Important | No | No |
| CVE-2025-53143 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Remote Code Execution | 8.8 | Important | No | No |
| CVE-2025-53144 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Remote Code Execution | 8.8 | Important | No | No |
| CVE-2025-53145 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Remote Code Execution | 8.8 | Important | No | No |
| CVE-2025-53727 | Microsoft SQL Server Elevation of Privilege Vulnerability | Elevation of Privilege | 8.8 | Important | No | No |
| CVE-2025-53772 | Web Deploy Remote Code Execution Vulnerability | Remote Code Execution | 8.8 | Important | No | No |
| CVE-2025-53778 | Windows NTLM Elevation of Privilege Vulnerability | Elevation of Privilege | 8.8 | Critical | No | No |
| CVE-2025-53731 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution | 8.4 | Critical | No | No |
| CVE-2025-53733 | Microsoft Word Remote Code Execution Vulnerability | Remote Code Execution | 8.4 | Critical | No | No |
| CVE-2025-53740 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution | 8.4 | Critical | No | No |
| CVE-2025-53784 | Microsoft Word Remote Code Execution Vulnerability | Remote Code Execution | 8.4 | Critical | No | No |
| CVE-2025-53787 | Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | Information Disclosure | 8.2 | Critical | No | No |
| CVE-2025-50177 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Remote Code Execution | 8.1 | Critical | No | No |
| CVE-2025-50160 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Remote Code Execution | 8.0 | Important | No | No |
| CVE-2025-50162 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Remote Code Execution | 8.0 | Important | No | No |
| CVE-2025-50164 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Remote Code Execution | 8.0 | Important | No | No |
| CVE-2025-53132 | Win32k Elevation of Privilege Vulnerability | Elevation of Privilege | 8.0 | Important | No | No |
| CVE-2025-53720 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Remote Code Execution | 8.0 | Important | No | No |
| CVE-2025-53786 | Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability | Elevation of Privilege | 8.0 | Important | No | No |
| CVE-2025-49707 | Azure Virtual Machines Spoofing Vulnerability | Spoofing | 7.9 | Critical | No | No |
| CVE-2025-49761 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-50153 | Desktop Windows Manager Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-50155 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-50168 | Win32k Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-50170 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-50173 | Windows Installer Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-50176 | DirectX Graphics Kernel Remote Code Execution Vulnerability | Remote Code Execution | 7.8 | Critical | No | No |
| CVE-2025-53133 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-53141 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-53149 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-53151 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-53152 | Desktop Windows Manager Remote Code Execution Vulnerability | Remote Code Execution | 7.8 | Important | No | No |
| CVE-2025-53154 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-53155 | Windows Hyper-V Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-53723 | Windows Hyper-V Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-53724 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-53725 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-53726 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-53729 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-53730 | Microsoft Office Visio Remote Code Execution Vulnerability | Remote Code Execution | 7.8 | Important | No | No |
| CVE-2025-53732 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution | 7.8 | Important | No | No |
| CVE-2025-53734 | Microsoft Office Visio Remote Code Execution Vulnerability | Remote Code Execution | 7.8 | Important | No | No |
| CVE-2025-53735 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | 7.8 | Important | No | No |
| CVE-2025-53737 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | 7.8 | Important | No | No |
| CVE-2025-53738 | Microsoft Word Remote Code Execution Vulnerability | Remote Code Execution | 7.8 | Important | No | No |
| CVE-2025-53739 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | 7.8 | Important | No | No |
| CVE-2025-53741 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | 7.8 | Important | No | No |
| CVE-2025-53759 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | 7.8 | Important | No | No |
| CVE-2025-53761 | Microsoft PowerPoint Remote Code Execution Vulnerability | Remote Code Execution | 7.8 | Important | No | No |
| CVE-2025-53773 | GitHub Copilot and Visual Studio Remote Code Execution Vulnerability | Remote Code Execution | 7.8 | Important | No | No |
| CVE-2025-53789 | Windows StateRepository API Server file Elevation of Privilege Vulnerability | Elevation of Privilege | 7.8 | Important | No | No |
| CVE-2025-53781 | Azure Virtual Machines Information Disclosure Vulnerability | Information Disclosure | 7.7 | Critical | No | No |
| CVE-2025-33051 | Microsoft Exchange Server Information Disclosure Vulnerability | Information Disclosure | 7.5 | Important | No | No |
| CVE-2025-48807 | Windows Hyper-V Remote Code Execution Vulnerability | Remote Code Execution | 7.5 | Critical | No | No |
| CVE-2025-50154 | Microsoft Windows File Explorer Spoofing Vulnerability | Spoofing | 7.5 | Important | No | No |
| CVE-2025-50169 | Windows SMB Remote Code Execution Vulnerability | Remote Code Execution | 7.5 | Important | No | No |
| CVE-2025-53722 | Windows Remote Desktop Services Denial of Service Vulnerability | Denial of Service | 7.5 | Important | No | No |
| CVE-2025-53783 | Microsoft Teams Remote Code Execution Vulnerability | Remote Code Execution | 7.5 | Important | No | No |
| CVE-2025-53793 | Azure Stack Hub Information Disclosure Vulnerability | Information Disclosure | 7.5 | Critical | No | No |
| CVE-2025-50159 | Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege Vulnerability | Elevation of Privilege | 7.3 | Important | No | No |
| CVE-2025-50161 | Win32k Elevation of Privilege Vulnerability | Elevation of Privilege | 7.3 | Important | No | No |
| CVE-2025-53760 | Microsoft SharePoint Elevation of Privilege Vulnerability | Elevation of Privilege | 7.1 | Important | No | No |
| CVE-2025-49762 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Elevation of Privilege | 7.0 | Important | No | No |
| CVE-2025-50158 | Windows NTFS Information Disclosure Vulnerability | Information Disclosure | 7.0 | Important | No | No |
| CVE-2025-50167 | Windows Hyper-V Elevation of Privilege Vulnerability | Elevation of Privilege | 7.0 | Important | No | No |
| CVE-2025-53134 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Elevation of Privilege | 7.0 | Important | No | No |
| CVE-2025-53135 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | 7.0 | Important | No | No |
| CVE-2025-53137 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Elevation of Privilege | 7.0 | Important | No | No |
| CVE-2025-53140 | Windows Kernel Transaction Manager Elevation of Privilege Vulnerability | Elevation of Privilege | 7.0 | Important | No | No |
| CVE-2025-53142 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Elevation of Privilege | 7.0 | Important | No | No |
| CVE-2025-53147 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Elevation of Privilege | 7.0 | Important | No | No |
| CVE-2025-53718 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Elevation of Privilege | 7.0 | Important | No | No |
| CVE-2025-53721 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | Elevation of Privilege | 7.0 | Important | No | No |
| CVE-2025-53788 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | 7.0 | Important | No | No |
| CVE-2025-49751 | Windows Hyper-V Denial of Service Vulnerability | Denial of Service | 6.8 | Important | No | No |
| CVE-2025-53736 | Microsoft Word Information Disclosure Vulnerability | Information Disclosure | 6.8 | Important | No | No |
| CVE-2025-49743 | Windows Graphics Component Elevation of Privilege Vulnerability | Elevation of Privilege | 6.7 | Important | No | No |
| CVE-2025-25005 | Microsoft Exchange Server Tampering Vulnerability | Tampering | 6.5 | Important | No | No |
| CVE-2025-50166 | Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure Vulnerability | Information Disclosure | 6.5 | Important | No | No |
| CVE-2025-50172 | DirectX Graphics Kernel Denial of Service Vulnerability | Denial of Service | 6.5 | Important | No | No |
| CVE-2025-53716 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Denial of Service | 6.5 | Important | No | No |
| CVE-2025-53728 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Information Disclosure | 6.5 | Important | No | No |
| CVE-2025-53774 | Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | Information Disclosure | 6.5 | Critical | No | No |
| CVE-2025-50156 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | 5.7 | Important | No | No |
| CVE-2025-50157 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | 5.7 | Important | No | No |
| CVE-2025-53138 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | 5.7 | Important | No | No |
| CVE-2025-53148 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | 5.7 | Important | No | No |
| CVE-2025-53153 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | 5.7 | Important | No | No |
| CVE-2025-53719 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | 5.7 | Important | No | No |
| CVE-2025-53136 | NT OS Kernel Information Disclosure Vulnerability | Information Disclosure | 5.5 | Important | No | No |
| CVE-2025-53156 | Windows Storage Port Driver Information Disclosure Vulnerability | Information Disclosure | 5.5 | Important | No | No |
| CVE-2025-53769 | Windows Security App Spoofing Vulnerability | Spoofing | 5.5 | Important | No | No |
| CVE-2025-49745 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Spoofing | 5.4 | Important | No | No |
| CVE-2025-25006 | Microsoft Exchange Server Spoofing Vulnerability | Spoofing | 5.3 | Important | No | No |
| CVE-2025-25007 | Microsoft Exchange Server Spoofing Vulnerability | Spoofing | 5.3 | Important | No | No |
| CVE-2025-53765 | Azure Stack Hub Information Disclosure Vulnerability | Information Disclosure | 4.4 | Important | No | No |
| CVE-2025-49736 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | Spoofing | 4.3 | Moderate | No | No |
| CVE-2025-49755 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | Spoofing | 4.3 | Low | No | No |
Retrospective analysis of vulnerabilities
Starting this month, we will add this section to our monthly Microsoft Patch Tuesday analysis. Here, we will provide information about vulnerabilities that, at the time the fix was released, had no public exploit and no evidence of use in malicious campaigns.
- CVE-2025-27737 - Windows Security Zone Mapping Security Feature Bypass Vulnerability (Security Feature Bypass). This vulnerability is used by the LOTUXorg trojan to elevate privileges and establish persistence, and it was fixed in April 2025.
- CVE-2025-21204 - Windows Process Activation Elevation of Privilege Vulnerability (Elevation of Privilege). A logic flaw that allows abuse of an inaccuracy in the IIS service installation process in Windows (based on the description in the discovered PoC). This vulnerability was fixed in April 2025.
- CVE-2025-32711 - M365 Copilot Information Disclosure Vulnerability (Information Disclosure). Researchers at Aim Labs published details of an exploit chain dubbed "EchoLeak". This is a zero-click attack that allows attackers to automatically extract sensitive information from Copilot context without any user interaction. The attack is carried out by sending a specially crafted email to the victim that bypasses existing protection mechanisms. The technique, called "LLM Scope Violation", leverages the AI agent’s internal mechanics to access privileged data such as chat history, files, and other organizational information. The vulnerability was fixed in June 2025.
- CVE-2025-32710 - Windows Remote Desktop Services Remote Code Execution Vulnerability (Remote Code Execution). A PoC is available on GitHub called RDP Auto-Pwn. The vulnerability was fixed in June 2025.
- CVE-2025-47175 - Microsoft PowerPoint Remote Code Execution Vulnerability (Remote Code Execution). A vulnerability in Microsoft PowerPoint that allows an attacker to execute arbitrary code by tricking a user into opening a specially crafted PPTX file. PoC A PoC is available on GitHub and generates a malicious PPTX file to trigger the vulnerability. Fixed in June 2025.
- CVE-2025-47176 - Microsoft Outlook Remote Code Execution Vulnerability (Remote Code Execution). A PoC is available on GitHub for this vulnerability. PoC The PoC demonstrates exploitation by adding a malicious mail item to Outlook containing a special synchronization path that triggers the vulnerability during mailbox scanning. Fixed in June 2025.
- CVE-2025-53770, CVE-2025-49704, CVE-2025-49706, CVE-2025-53771 - vulnerabilities in Microsoft SharePoint Server that allow remote code execution (Remote Code Execution). Exploitation is a "zero-day" attack that has been actively used by attackers worldwide since at least July 18, 2025.
- CVE-2025-47178 - Microsoft Configuration Manager Remote Code Execution Vulnerability (Remote Code Execution). The issue is an authenticated SQL injection in the WMI method UpdateClassicDeployment. An authenticated attacker can inject an arbitrary SQL query via the OfferID parameter, which ultimately can lead to remote code execution (RCE) on the database server used by Configuration Manager. A public PoC. The vulnerability was fixed in July 2025.
- CVE-2025-48799 - Windows Update Service Elevation of Privilege Vulnerability (Elevation of Privilege). Exploitation is possible by changing Storage Sense settings so new apps are saved to an additional, non-system drive. When installing an app (for example, via winget from msstore), the update service creates a temporary cache folder on that drive (WUDownloadCache) and then deletes it. The vulnerability is that the deletion process improperly handles symbolic links, allowing the system service’s delete operation to be redirected to an arbitrary folder on the system. A PoC has been published on GitHub PoC for this vulnerability. It was fixed in July 2025.
- CVE-2025-49683 - Microsoft Virtual Hard Disk Remote Code Execution Vulnerability (Remote Code Execution). The vulnerability is related to improper handling of corrupted virtual disk files (VHDX). The published PoC PoC demonstrates exploitation of the vulnerability. It was fixed in July 2025.
- CVE-2025-49721 - Windows Fast FAT File System Driver Elevation of Privilege Vulnerability (Elevation of Privilege). A heap buffer overflow that allows a user to elevate privileges to SYSTEM. The discovered PoC PoC notes that this may be only part of an exploit for this vulnerability. Fixed in July 2025.
Conclusion
Microsoft’s August 2025 security update is another large and critically important release, containing 111 fixes, 17 of which are rated "Critical". This volume requires IT administrators to respond quickly and carefully plan patch deployment. Priority should be given to the immediate installation of updates for the following vulnerabilities:
- The publicly disclosed CVE-2025-53779 (Windows Kerberos, EoP), to minimize the risks associated with its public disclosure.
- The critical vulnerability CVE-2025-53767 (Azure OpenAI, EoP) with a CVSS 10.0 rating, as it represents the maximum level of threat.
It is recommended to prioritize updating servers running Microsoft Office, SQL Server, MSMQ and RRAS due to the large number of RCE vulnerabilities. Particular attention should be paid to cloud services such as Azure and Microsoft 365 Copilot, as they are becoming an increasingly frequent target for attacks. Timely patching remains a key element of protecting corporate infrastructure. Delaying updates—especially for publicly disclosed vulnerabilities and those with the highest CVSS scores—creates an unacceptable level of risk. It is also worth paying attention to the publicly disclosed vulnerabilities described in the Retrospective analysis of vulnerabilities section: the likelihood of their exploitation has increased dramatically, and if you still have not installed previous security updates, now is the right time.
