Microsoft Patch Tuesday, August 2025 Edition
What’s new: Microsoft released updates addressing over 100 security vulnerabilities in its software, including 13 rated as “critical.” Notable vulnerabilities include CVE-2025-53786, which allows attackers to pivot from compromised Microsoft Exchange Servers to cloud environments, and CVE-2025-53779, a weakness in the Windows Kerberos authentication system that can grant domain administrator privileges. Other critical issues involve remote code execution vulnerabilities in Windows GDI+ (CVE-2025-53766) and Microsoft Word (CVE-2025-53733), as well as a flaw in NTLM (CVE-2025-53778) that could allow elevation to SYSTEM-level access.
Who’s affected
Organizations using Microsoft Exchange Server 2016, 2019, and Subscription Edition, as well as those running Windows operating systems with the identified vulnerabilities, are at risk. Approximately 29,000 Exchange servers are publicly accessible and potentially vulnerable to CVE-2025-53786.
What to do
- Apply the latest Microsoft updates to address the vulnerabilities, particularly CVE-2025-53786, CVE-2025-53779, CVE-2025-53766, CVE-2025-53733, and CVE-2025-53778.
- Follow Microsoft’s manual instructions for securing hybrid connections related to Exchange Server vulnerabilities.
- Monitor for any issues during the update process and consult resources for troubleshooting if necessary.
