Patch Tuesday: Microsoft Fixes 107 Vulnerabilities, Including 13 RCE Flaws

Microsoft’s August Patch Tuesday fixes 107 vulnerabilities, including 13 critical RCE flaws, impacting Windows, Office, Azure, and more, urging fast updates.

Microsoft delivered patches for 107 vulnerabilities as per of its Patch Tuesday security updates. Of the identified vulnerabilities, 13 are classified as Critical, demanding immediate attention due to their severe potential impact.

****Critical Vulnerabilities****

This month’s updates feature 13 critical vulnerabilities, representing the most severe threats to systems. These flaws carry the potential for attackers to gain complete control, disclose sensitive information, or disrupt services, often without requiring any user interaction.

Many of the critical fixes target Remote Code Execution (RCE) flaws, which are among the most dangerous as they allow an attacker to execute arbitrary code on a compromised system. Notable RCE vulnerabilities include:

****Windows Graphics Component (CVE-2025-50165)****

This critical RCE vulnerability could allow unauthorized attackers to execute code over a network via untrusted pointer dereferences. Its impact on a fundamental Windows component makes it particularly concerning.

****DirectX Graphics Kernel (CVE-2025-50176)****

This is a type confusion vulnerability in the Graphics Kernel that enables local code execution by an authenticated attacker, potentially without requiring elevated privileges.

****Microsoft Message Queuing (MSMQ) (CVE-2025-50177)****

This use-after-free vulnerability allows an unauthenticated attacker to achieve remote code execution, although successful exploitation requires winning a race condition. The persistence of MSMQ vulnerabilities highlights an ongoing area of concern for system administrators.

****Microsoft Office & Word (CVE-2025-53731, CVE-2025-53740, CVE-2025-53733, CVE-2025-53784)****

Multiple use-after-free and other flaws in Microsoft Office and Word could allow unauthenticated attackers to achieve remote code execution. Often, these vulnerabilities can be triggered simply by a user opening a malicious file, underscoring the ongoing risk associated with document-based attacks.

****GDI+ (CVE-2025-53766)****

This is a heap-based buffer overflow vulnerability in Windows GDI+ that may allow an unauthenticated attacker to achieve remote code execution.

****Windows Hyper-V (CVE-2025-48807)****

In this vulnerability, an improper restriction of communication channels in Hyper-V could allow an authenticated attacker to achieve remote code execution. This is an important concern for organizations relying on virtualized environments, as it could lead to the compromise of virtual machines.

According to Microsoft’s security update guide, patches for Critical Elevation of Privilege (EoP) vulnerabilities have also been released. These vulnerabilities allow attackers to gain higher access levels on a system.

One such example is Windows NTLM (CVE-2025-53778), an improper authentication flaw that may allow an authenticated attacker to elevate privileges over a network, potentially gaining SYSTEM privileges. This poses a serious threat to network security and domain integrity.

Another vulnerability fixed in this update includes a Critical Information Disclosure vulnerability that could lead to the leakage of sensitive data. This includes Azure Virtual Machines (CVE-2025-53781), where a flaw could allow an attacker to disclose sensitive information.

Similarly, Azure Stack Hub (CVE-2025-53793) is affected by another critical information disclosure vulnerability, which could leak sensitive data to unauthorized actors. Finally, a critical Spoofing vulnerability was addressed.

For a quick overview of the most severe threats, the following table summarizes the critical vulnerabilities:

CVE ID

Affected Product/Component

Vulnerability Type

Potential Impact

CVE-2025-53781

Azure Virtual Machines

Information Disclosure

Leakage of sensitive data

CVE-2025-50176

DirectX Graphics Kernel

Remote Code Execution

Local code execution, system compromise

CVE-2025-50177

Microsoft Message Queuing

Remote Code Execution

Remote code execution, system compromise

CVE-2025-53731

Microsoft Office

Remote Code Execution

Remote code execution, system compromise

CVE-2025-53740

Microsoft Office

Remote Code Execution

Remote code execution, system compromise

CVE-2025-53733

Microsoft Word

Remote Code Execution

Remote code execution, system compromise

CVE-2025-53766

GDI+

Remote Code Execution

Remote code execution, system compromise

CVE-2025-53778

Windows NTLM

Elevation of Privilege

Gain SYSTEM privileges, network compromise

CVE-2025-53784

Microsoft Word

Remote Code Execution

Remote code execution, system compromise

CVE-2025-49707

Azure Virtual Machines

Spoofing

Local impersonation, unauthorized actions

CVE-2025-48807

Windows Hyper-V

Remote Code Execution

Local code execution, virtual environment compromise

CVE-2025-50165

Windows Graphics Component

Remote Code Execution

Remote code execution, system compromise

CVE-2025-53793

Azure Stack Hub

Information Disclosure

Leakage of sensitive data

****Important Fixes and Security Patterns****

Apart from the critical issues, Microsoft addressed 76 “Important” severity vulnerabilities. While these are not as immediately threatening as critical flaws, they can still lead to compromise, including privilege escalation, denial of service, information disclosure, and spoofing.

This month’s updates also saw several Elevation of Privilege (EoP) and Remote Code Execution (RCE) vulnerabilities covering all levels of seriousness. There were 40 EoP flaws in total, with 38 classified as Important.

RCE vulnerabilities totaled 35, with 26 rated as Important. This constant focus on RCE and EoP shows their importance as the main attack vectors for adversaries seeking to gain control and expand their reach within networks.

Some examples of Important RCEs include those affecting Microsoft Excel (CVE-2025-53741, CVE-2025-53759, CVE-2025-53737, CVE-2025-53739) with heap-based buffer overflows and use-after-free issues.

The Windows Routing and Remote Access Service (RRAS) also saw multiple heap-based buffer overflows (e.g., CVE-2025-49757, CVE-2025-50160, CVE-2025-50162, CVE-2025-50163, CVE-2025-50164, CVE-2025-53720).

Microsoft PowerPoint also had an Important RCE (CVE-2025-53761). Important EoPs include several SQL Server bugs like CVE-2025-49758, stemming from SQL injection weaknesses, and Microsoft SharePoint (CVE-2025-53760).

****Lower severity****

Lower severity issues also received attention. Two Moderate vulnerabilities were patched, including CVE-2025-53779 in Windows Kerberos, which involves relative path traversal for EoP.

Additionally, one Low severity spoofing flaw was fixed in Microsoft Edge for Android (CVE-2025-49755). While less urgent, these still contribute to the overall security and should not be overlooked, as they can be exploited with other vulnerabilities to further attacks.

A notable pattern emerging from this month’s patches involves the recurrence of common vulnerability types such as use-after-free errors, heap overflows, and improper input validation. These issues frequently appear, particularly in legacy components like Win32k and Ancillary Function Drivers.

This indicates continued challenges in managing the security of older, foundational codebases within Windows, which often predate modern secure coding practices. The continuous presence of these memory corruption flaws in such deep-seated components suggests a systemic challenge for Microsoft.

****The Zero-Day Watch****

Microsoft’s August 2025 Patch Tuesday includes one publicly disclosed zero-day vulnerability. Organizations need to understand the distinction here that while this vulnerability is known to the public, Microsoft reports that none of the patched vulnerabilities, including this zero-day, are currently listed as actively exploited in the wild as of August 12, 2025.

The distinction between “publicly disclosed” and “actively exploited” is important for understanding immediate risk. “Publicly disclosed” means the vulnerability’s details are available in the public domain, potentially giving threat actors a blueprint to develop their own exploits.

On the other hand, “actively exploited” means that attackers are already using the vulnerability in real-world attacks. The current “not actively exploited” status provides a critical, although temporary, window for organizations to apply patches.

****Updates Across Microsoft’s Products****

The August 2025 Patch Tuesday updates covers several Microsoft products and services. This includes core Windows components, popular Microsoft Office applications, Azure cloud services, Exchange Server, SQL Server, Windows Hyper-V, and even Microsoft Edge (Chromium-based).

Specifically, 10 vulnerabilities were addressed in Microsoft Edge (Chromium-based). These include multiple “use after free” issues in components like Cast and Extensions (CVE-2025-8578, CVE-2025-8576), and “inappropriate implementation” flaws in Picture In Picture and Filesystems (CVE-2025-8577, CVE-2025-8579, CVE-2025-8580).

****Vulnerability Breakdown by Category and Severity (August 2025)****

Vulnerability Type

Critical Count

Important Count

Moderate Count

Low Count

Total

Remote Code Execution (RCE)

9

26

0

0

35

Elevation of Privilege (EoP)

1

38

1

0

40

Information Disclosure

2

14

0

0

16

Spoofing

1

7

1

1

10

Denial of Service (DoS)

0

5

0

0

5

Tampering

0

1

0

0

1

Total

13

91

2

1

107

****PowerShell 2.0 Removal****

Windows PowerShell 2.0 is being removed from Windows 11, version 24H2, starting with the August 2025 non-security update. It will also be removed from Windows Server 2025 with the September 2025 security update.

“Patch Tuesday after Black Hat is always spicy, and these patches (like all others) need to move with a sense of purpose, and the Kerberos vulnerability from Yuval Gordon is of particular interest as it appears this will be presented in detail at SecTor at the end of September 2025,” said Trey Ford, Chief Strategy and Trust Officer at Bugcrowd.

“Vulnerabilities like the Kerberos finding only goes to show the importance of diverse perspectives and testing in feature design and release – the power of the global security community can help confirm that new features, especially security features, are both effective and resilient,” he added.

If you run Windows, you’ll probably see updates in Windows Update later today or tomorrow, and it’s usually a good idea to install them promptly since many address security flaws actively targeted by attackers.