Microsoft has released a batch of security updates to fix over 100 security flaws in its Windows operating systems and other software. The patches include fixes for critical vulnerabilities that could allow attackers to gain remote access to Windows systems, as well as weaknesses in the Windows Kerberos authentication system.
The most severe vulnerability is CVE-2025-53786, which allows an attacker to pivot from a compromised Microsoft Exchange Server directly into an organization’s cloud environment. This bug affects Exchange Server 2016 and Exchange Server 2019, as well as Microsoft Exchange Server Subscription Edition.
According to Ben McCarthy, lead cybersecurity engineer at Immersive, the fix for this vulnerability requires more than just installing a patch, such as following Microsoft’s manual instructions for creating a dedicated service to oversee and lock down the hybrid connection.
Other critical patches address weaknesses in the Windows GDI+ component, Microsoft Word, and Windows NTLM. The fixes are rated highly severe, with CVSS scores ranging from 9.0 to 9.9.
Microsoft is also urging users to upgrade to Windows 11, as free security updates for Windows 10 will stop being provided after October 14, 2025. Users who cannot meet the hardware specifications required for Windows 11 may consider installing a version of Linux, such as Linux Mint, which can run on most computers produced in the last decade.
In related news, Microsoft has introduced an Extended Security Updates (ESU) program for Windows 10 consumer devices, allowing users to continue using non-viable devices for an additional year.
Source: https://krebsonsecurity.com/2025/08/microsoft-patch-tuesday-august-2025-edition