Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws
How did your country report this? Share your view in the comments.
Diverging Reports Breakdown
Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws
Today is Microsoft’s August 2025 Patch Tuesday, which includes security updates for 107 flaws, including one publicly disclosed zero-day vulnerability in Windows Kerberos. This Patch Tuesday also fixes thirteen “Critical” vulnerabilities, nine of which are remote code execution vulnerabilities, three are information disclosure, and one is elevation of privileges. When BleepingComputer reports on the Patch Tuesday security updates, we only count those released on Patch Tuesday. Therefore, the number of flaws does not include Mariner,Azure, and Microsoft Edge bugs fixed earlier this month.
This Patch Tuesday also fixes thirteen “Critical” vulnerabilities, nine of which are remote code execution vulnerabilities, three are information disclosure, and one is elevation of privileges.
The number of bugs in each vulnerability category is listed below:
44 Elevation of Privilege Vulnerabilities
35 Remote Code Execution Vulnerabilities
18 Information Disclosure Vulnerabilities
4 Denial of Service Vulnerabilities
9 Spoofing Vulnerabilities
When BleepingComputer reports on the Patch Tuesday security updates, we only count those released on Patch Tuesday. Therefore, the number of flaws does not include Mariner, Azure, and Microsoft Edge bugs fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5063878 & KB5063875 cumulative updates and the Windows 10 KB5063709 cumulative update.
One publicly disclosed zero-day fixed
This month’s Patch Tuesday fixes one publicly disclosed zero-day in Microsoft SQL Server. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available.
The publicly disclosed zero-day is:
CVE-2025-53779 – Windows Kerberos Elevation of Privilege Vulnerability
Microsoft fixes a flaw in Windows Kerberos that allows an authenticated attacker to gain domain administrator privileges.
“Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network,” explains Microsoft.
Microsoft says that an attacker would need to have elevated access to the following dMSA attributes to exploit the flaw:
msds-groupMSAMembership: This attribute allows the user to utilize the dMSA.
This attribute allows the user to utilize the dMSA. msds-ManagedAccountPrecededByLink: The attacker needs write access to this attribute, which allows them to specify a user that the dMSA can act on behalf of.
Microsoft attributes the discovery of this flaw to Yuval Gordon of Akamai, who published a technical report on the flaw in May.
Recent updates from other companies
Other vendors who released updates or advisories in July 2025 include:
The August 2025 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the July 2025 Patch Tuesday updates.
To access the full description of each vulnerability and the systems it affects, you can view the full report here.