No fewer than eight critical flaws that could allow a threat actor to achieve remote code execution (RCE) on a targeted system are listed in Microsoft’s August Patch Tuesday update, which once again tops out at over 100 common vulnerabilities and exposures (CVEs).
Alongside the critical RCE bugs – which occur in a variety of Microsoft products and services, including DirectX Graphics Kernel, GDI+, Hyper-V, Message Queuing, Office and Word – are a solitary elevation of privilege (EoP) flaw in Windows NTLM, two information disclosure vulnerabilities in Hyper-V and Azure Stack Hub, and a spoofing vulnerability in Hyper-V.
The latest monthly drop contains no full zero-day exploits, bar one EoP vulnerability in Windows Kerberos, CVE-2025-53779, which by itself does not quite meet all the criteria because while exploit code has been made public, there is no evidence any threat actor has yet taken advantage of it.
This stems from a path traversal flaw in which Kerberos improperly validates path inputs when handling the relatively new delegated Managed Service Account (dMSA) feature in Windows Server 2025. This, in turn, enables an attacker to create improper delegation relationships, impersonate privileged accounts, escalate to domain admin privileges and potentially gain control of the Active Directory domain.
However, to do so, the attacker would need to have already elevated access to certain attributes of the dMSA, so exploitation is supposedly less likely, according to Microsoft.
This said, Mike Walters, president and co-founder of Action1, said the danger from CVE-2025-53779 grows when combined with other techniques, and as such, large organisations with complex Active Directory environments, those that lean into dMSAs for service account management, and high-risk targets like banks, government agencies or hospitals, should take heed.
“The combination of a path traversal issue in a core authentication component like Kerberos and its potential high impact is concerning,” said Walters.
The [SharePoint CVE-2025-49712 vulnerability] is not yet exploited in the wild, but history shows these evolve fast. Exposed SharePoint instances are prime footholds for lateral movement. Prioritise and patch all SharePoint updates, rotate keys and eliminate internet exposure
Saeed Abbasi, Qualys Threat Unit
“The need for high privileges may create a false sense of security, as accounts with these rights are common in decentralised IT environments. Once compromised, they can quickly lead to full domain takeover.
“The presence of functional exploit code means attackers may pursue this flaw despite Microsoft’s assessment. Vulnerabilities in core authentication mechanisms are attractive additions to advanced attack chains, especially in targeting high-value environments,” he warned.
SharePoint flaws should be addressed
Although less immediately dangerous in their scope, defenders may also wish to pay attention to a pair of vulnerabilities in SharePoint: CVE-2025-53760, which enables EoP; and CVE-2025-49712, which enables RCE.
Saeed Abbasi, senior manager for security research at the Qualys Threat Unit, said CVE-2025-49712 in particular warranted some concern.
“This RCE demands authentication but pairs dangerously with known auth bypasses,” explained Abbasi. “Attackers chaining this with prior flaws could achieve full server compromise and data exfiltration. It’s not yet exploited in the wild, but history shows these evolve fast. Exposed SharePoint instances are prime footholds for lateral movement.
“Prioritise and patch all SharePoint updates, rotate keys and eliminate internet exposure. Delaying invites regulatory scrutiny and breaches since SharePoint’s exploit streak isn’t over,” added Abbasi.
Read more about Patch Tuesday
July 2025: Microsoft patched well over 100 new common vulnerabilities and exposures on the second Tuesday of the month, but its latest update is mercifully light on zero-days.
June 2025: Barely 70 vulnerabilities make the cut for Microsoft’s monthly security update, but an RCE flaw in WEBDAV and an EoP issue in Windows SMB Client still warrant close attention.
April 2025: Microsoft is correcting 124 vulnerabilities in its April Patch Tuesday, one of which is being actively exploited in the wild, and 11 of which are ‘critical’.
January 2025: The largest Patch Tuesday of the 2020s so far brings fixes for more than 150 CVEs ranging widely in their scope and severity – including eight zero-day flaws.
October 2024: Stand-out vulnerabilities in Microsoft’s latest Patch Tuesday drop include problems in Microsoft Management Console and the Windows MSHTML Platform.
September 2024: Four critical remote code execution bugs in Windows and three critical elevated privileges vulnerabilities will keep admins busy.
