Microsoft rolls out fixes for over 100 CVEs in its August Patch Tuesday update
Microsoft rolls out fixes for over 100 CVEs in its August Patch Tuesday update
No fewer than eight critical flaws that could allow a threat actor to achieve remote code execution (RCE) on a targeted system are listed in Microsoft’s August Patch Tuesday update, which once again tops out at over 100 common vulnerabilities and exposures (CVEs).
Alongside the critical RCE bugs, which occur in a variety of Microsoft products and services including DirectX Graphics Kernel, GDI+, Hyper-V, Message Queuing, Office and Word, are a solitary elevation of privilege (EoP) flaw in Windows NTLM, two information disclosure vulnerabilities in Hyper-V and Azure Stack Hub, and a spoofing vulnerability in Hyper-V.
The latest monthly drop contains no full zero-day exploits, bar one EoP vulnerability in Windows Kerberos, CVE-2025-53779, that by itself does not quite meet all the criteria as while exploit code has been made public, there is no evidence any threat actor has yet taken advantage of it.
This stems from a path traversal flaw in which Kerberos improperly validates path inputs when handling the relatively new delegated Managed Service Account (dMSA) feature in Windows Server 2025.
