KP Cyber Security News

Microsoft Patches Over 100 Vulnerabilities

Wed, 08/13/2025 - 10:17 / 0 Comments

Microsoft’s August 2025 Patch Tuesday updates address more than 100 vulnerabilities across the tech giant’s products.

None of the security holes patched this month appear to have been exploited in the wild. One vulnerability, a Windows privilege escalation tracked as CVE-2025-53779, has been flagged as publicly disclosed.

A dozen vulnerabilities have been assigned a ‘critical severity’ rating. Most of them are actually ‘high severity’ based on their CVSS score, except for CVE-2025-53766, a remote code execution flaw in Windows’ GDI+ component that has a CVSS score of 9.8.

According to Trend Micro’s Zero Day Initiative (ZDI), which has summarized the patches, CVE-2025-53766 can be exploited by getting the targeted user to visit a malicious website or to open a malicious document.

“A worst-case scenario would be an attacker uploading something through an ad network that is served up to users. Ad blockers are just to remove annoyances; they also protect against malicious ads,” ZDI’s Dustin Childs explained. “They’re rare, but they have occurred in the past. Since GDI+ touches so many different components (and users tend to click on anything), test and deploy this one quickly.”

Another vulnerability that is ‘critical’ based on its CVSS score is CVE-2025-50165, which impacts Windows’ graphics component and which also allows remote code execution. Exploitation requires the user to view a specially crafted image. Microsoft has assigned the issue an ‘important’ severity rating.

Other vulnerabilities allowing remote code execution are CVE-2025-53740 and CVE-2025-53731, which impact Office and can be exploited through the Preview Pane.

Another flaw worth highlighting is CVE-2025-49712, a remote code execution bug affecting SharePoint. ZDI noted that it’s similar to a vulnerability exploited recently as part of the ToolShell exploit chain.

The list of vulnerabilities flagged as ‘critical’ by Microsoft also includes several Hyper-V issues (information disclosure, spoofing, and remote code execution), and an Azure Stack Hub information disclosure bug.

Microsoft’s exploitability assessment for all of these issues is ‘exploitation less likely’ or ‘exploitation unlikely’, which indicates that the tech giant does not expect them to be exploited in the wild.

Adobe has also released its Patch Tuesday updates, addressing nearly 70 CVEs across over a dozen products.

 

The article was originally published by The Hacker News. Please check their website for the original content.

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
6 + 2 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Share The Story


Stay informed - subscribe to our newsletter.
The subscriber's email address.

Recent Posts