Microsoft patches some very important vulnerabilities in August’s patch Tuesday

In the August 2025 patch Tuesday round Microsoft fixed a total of 111 Microsoft vulnerabilities. A few of them are very important for people to apply.

Even if you’re not a tech expert, keeping your Windows system up to date is one of the simplest and most effective ways to protect yourself from online threats. Microsoft releases important updates on the second Tuesday of every month, called “Patch Tuesday.” These updates fix security problems and keep your Windows system up to date.

Here is a step-by-step guide for updating your Windows 11 (it might be slightly different for older versions) computer this August 2025:

1. Open Settings

• Click the Start button (the Windows logo at the bottom left of your screen).
• Click on Settings (it looks like a little gear).

2. Go to Windows Update

• In the Settings window, look for Windows Update (usually at the bottom of the menu on the left).
• Click on Windows Update.

3. Check for Updates

• You’ll see a button that says Check for updates. Click it.
• Windows will now look for the August 2025 Patch Tuesday updates.

If you have selected automatic updates earlier you may see this:

And this:

• Which means all you have to do is restart your system and you’re done updating.
• If not, continue with the below.

4. Download and Install

• If updates are found, they will start downloading right away. When that’s done, you’ll see a button that says Install or Restart now.
• Click Install if needed and follow any prompts. Your computer will usually need a restart to finish the update. If it does, click Restart now.

5. Double-check everything Is updated

• After restarting, go back to Windows Update and check again. If it says You’re up to date, you’re all set!

Of the 111 fixed flaws, a few stand out. Let’s have a look at why this round is important.

CVE-2025-50165: Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

This vulnerability can be exploited without user interaction and for example be exploited by sending a target a specially .jpeg file in an Office document or other documents and files. Successful exploitation allows arbitrary remote code execution (RCE) which basically means your machine is at their control.

CVE-2025-53766: Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.

A buffer overflow occurs when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region.

GDI+ (Graphics Device Interface Plus) is a component of the Windows operating system that provides a way for applications to display graphics and formatted text on screens and printers.

An attacker could trigger this vulnerability by convincing a victim to download and open a document that contains a specially crafted metafile. Successful exploitation of this vulnerability could cause remote code execution or information disclosure on web services that are parsing documents that contain a specially crafted metafile, without involvement of the target. In the worst-case scenario, an attacker could trigger this vulnerability on web services by uploading documents containing a specially crafted metafile.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.