Microsoft has released patches for a massive set of security flaws across its software portfolio, including one publicly known flaw at the time of release. The company fixed 111 vulnerabilities, with 16 rated critical and 92 rated important. Privilege escalation, remote code execution, information disclosure, spoofing, and denial-of-service are among the most common attack vectors.
One vulnerability, CVE-2025-53779, was publicly disclosed in May 2025 as “BadSuccessor.” This zero-day flaw allows attackers to compromise an Active Directory domain by misusing delegated Managed Service Account objects. The good news is that successful exploitation requires pre-existing control of two attributes, which are hopefully well protected.
Microsoft has also patched vulnerabilities impacting Azure OpenAI, Azure Portal, and Microsoft 365 Copilot BizChat, as well as a vulnerability in the Windows kernel that can result in a system crash and hard reboot. Another vulnerability allows attackers to extract NTLM hashes without user interaction, even on fully patched systems.
In addition to Microsoft, other vendors have released security updates for various vulnerabilities, including 7-Zip, Adobe, Amazon Web Services, AMD, and many others. The patches address flaws in various software components, including the Windows kernel, Azure services, and enterprise applications.
The timely release of these patches highlights the importance of continuous vigilance and proactive patching to maintain system integrity in a complex software environment.
Source: https://thehackernews.com/2025/08/microsoft-august-2025-patch-tuesday.html