Microsoft’s August Patch Tuesday: Zero-Day Kerberos Flaw Threatens Domain Admins
Do Son 
Microsoft’s August 2025 Patch Tuesday brings security updates for 119 vulnerabilities, including 13 rated Critical and 91 Important. The release addresses flaws across key Windows components, Microsoft Office, Azure, Hyper-V, and Exchange Server, with one publicly disclosed zero-day vulnerability now patched.
This month’s fixes span multiple categories—Spoofing, Denial of Service, Elevation of Privilege, Information Disclosure, and RCE—impacting components such as:
- Microsoft Exchange Server
- Windows Hyper-V
- Microsoft Graphics Component
- Windows NTFS & NTLM
- Remote Desktop Server
- SQL Server.
Microsoft also patched 10 vulnerabilities in Microsoft Edge (Chromium-based) as part of the cumulative browser update.
The sole zero-day in this month’s update, CVE-2025-53779, affects Windows Kerberos, a core authentication protocol in Active Directory environments. Microsoft warns: “An attacker who successfully exploited this vulnerability could gain domain administrator privileges.” Given Kerberos’ central role in domain authentication, this bug poses serious risk to enterprise networks.
Several Critical-rated vulnerabilities could allow remote code execution (RCE) or elevation of privilege without user interaction:
- CVE-2025-53781 – Azure Virtual Machines Information Disclosure: Exploitation could expose sensitive VM data.
- CVE-2025-50176 – DirectX Graphics Kernel RCE: Type confusion flaw enabling code execution without admin privileges.
- CVE-2025-50177 – Microsoft Message Queuing RCE: Use-after-free bug requiring an attacker to win a race condition.
- CVE-2025-53731 & CVE-2025-53740 – Microsoft Office RCE: Use-after-free vulnerabilities allowing unauthenticated code execution via crafted files.
- CVE-2025-53733 & CVE-2025-53784 – Microsoft Word RCE: Could be exploited by simply opening a malicious document.
- CVE-2025-53766 – Windows GDI+ RCE: Heap-based buffer overflow allowing remote exploitation.
- CVE-2025-53778 – Windows NTLM Elevation of Privilege: Improper authentication could grant SYSTEM-level privileges.
- CVE-2025-49707 – Azure Virtual Machines Spoofing: Local spoofing via improper access control.
- CVE-2025-48807 – Windows Hyper-V RCE: Improper restriction of communication channels between Hyper-V endpoints.
- CVE-2025-53793 – Azure Stack Hub Info Disclosure: Unauthenticated network-based information leak.
- CVE-2025-50165 – Windows Graphics Component RCE: Untrusted pointer dereference in graphics rendering.
Given the criticality and potential impact of several bugs—especially the Kerberos zero-day and multiple RCE flaws—administrators should:
- Prioritize patching domain controllers and systems running Kerberos services.
- Update Microsoft Office and Word clients to block document-based RCE vectors.
- Harden Hyper-V and Azure environments, applying configuration reviews alongside patches.
- Enable security logging and monitoring for suspicious Kerberos, NTLM, and MSMQ activity.
Related Posts:
- Microsoft May 2025 Patch Tuesday Fixes 83 Vulnerabilities, Including 5 Exploited in the Wild
- Zero-Day Alert: Remotely Escalate Privileges to SYSTEM via Kerberos Relay – PoC Available
- Phasing Out NTLM: Windows 11’s Commitment to Kerberos
- Urgent Fix: Microsoft Issues OOB Update for Windows Server 2022 Hyper-V Freeze
- CISA & Microsoft Warn of 6 Actively Exploited Zero-Day Vulnerabilities
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
