BURSTMicrosoft released its August Patch Tuesday security updates, addressing a total of 107 vulnerabilities across its product ecosystem.
The update includes fixes for 90 vulnerabilities, classified as follows: 13 are Critical, 76 are Important, one is Moderate, and one is Low. Notably, none of these vulnerabilities are listed as actively exploited zero-days, which provides some relief for IT administrators.
The vulnerabilities fall into multiple categories, including Remote Code Execution (RCE), Elevation of Privilege (EoP), Information Disclosure, Spoofing, Denial of Service (DoS), and Tampering. Below is a detailed breakdown of the vulnerabilities by category, along with key insights for organizations to prioritize their patching efforts.
| Severity / Impact | Remote Code Execution (RCE) | Elevation of Privilege (EoP) | Information Disclosure | Spoofing | Denial of Service (DoS) | Tampering | Total |
|---|---|---|---|---|---|---|---|
| Critical | 9 | 1 | 2 | 1 | 0 | 0 | 13 |
| Important | 26 | 38 | 14 | 7 | 5 | 1 | 91 |
| Moderate | 0 | 1 | 0 | 1 | 0 | 0 | 2 |
| Low | 0 | 0 | 0 | 1 | 0 | 0 | 1 |
| Total | 35 | 40 | 16 | 10 | 5 | 1 | 107 |
On August 12, 2025, Microsoft released its monthly Patch Tuesday security updates, addressing a significant number of vulnerabilities across its product ecosystem.
Remote Code Execution (RCE) Vulnerabilities: 36 Total
Remote Code Execution vulnerabilities dominate this month’s Patch Tuesday, with 36 vulnerabilities patched, 10 of which are rated Critical. These flaws could allow attackers to execute arbitrary code, potentially compromising entire systems. Key RCE vulnerabilities include:
Windows Graphics Component (CVE-2025-50165, Critical): An untrusted pointer dereference in the Microsoft Graphics Component allows unauthorized attackers to execute code over a network.
DirectX Graphics Kernel (CVE-2025-50176, Critical): A type confusion flaw in the Graphics Kernel enables local code execution by an authorized attacker.
Microsoft Office (CVE-2025-53731, CVE-2025-53740, Critical): Multiple use-after-free vulnerabilities in Microsoft Office allow unauthorized attackers to execute code locally.
Microsoft Word (CVE-2025-53733, CVE-2025-53784, Critical): Flaws in Microsoft Word, including incorrect numeric type conversion and use-after-free issues, permit local code execution.
GDI+ (CVE-2025-53766, Critical): A heap-based buffer overflow in Windows GDI+ allows network-based code execution.
Windows Hyper-V (CVE-2025-48807, Critical): An improper restriction of communication channels in Hyper-V enables local code execution.
Microsoft Message Queuing (MSMQ) (CVE-2025-50177, Critical; CVE-2025-53143, CVE-2025-53144, CVE-2025-53145, Important): Multiple vulnerabilities, including use-after-free and type confusion flaws, affect MSMQ, allowing network-based code execution.
Microsoft Excel (CVE-2025-53741, CVE-2025-53759, CVE-2025-53737, CVE-2025-53739, Important): Heap-based buffer overflows and use-after-free issues in Excel enable local code execution.
Windows Routing and Remote Access Service (RRAS) (CVE-2025-49757, CVE-2025-50160, CVE-2025-50162, CVE-2025-50163, CVE-2025-50164, CVE-2025-53720, Important): Heap-based buffer overflows in RRAS allow network-based code execution.
Microsoft Patch Tuesday August 2025 – Vulnerabilities list
| CVE | Vulnerability Details | Actively Exploit | Type | Severity |
|---|---|---|---|---|
| CVE-2025-53781 | Azure Virtual Machines Information Disclosure Vulnerability | No | Information Disclosure | Critical |
| CVE-2025-50165 | Windows Graphics Component Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-50176 | DirectX Graphics Kernel Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-50177 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-53731 | Microsoft Office Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-53733 | Microsoft Word Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-53740 | Microsoft Office Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-53766 | GDI+ Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-53778 | Windows NTLM Elevation of Privilege Vulnerability | No | Elevation of Privilege | Critical |
| CVE-2025-53784 | Microsoft Word Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-53793 | Azure Stack Hub Information Disclosure Vulnerability | No | Information Disclosure | Critical |
| CVE-2025-48807 | Windows Hyper-V Remote Code Execution Vulnerability | No | Remote Code Execution | Critical |
| CVE-2025-49707 | Azure Virtual Machines Spoofing Vulnerability | No | Spoofing | Critical |
| CVE-2025-53786 | Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-49751 | Windows Hyper-V Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-49745 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | No | Spoofing | Important |
| CVE-2025-49758 | Microsoft SQL Server Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53727 | Microsoft SQL Server Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53729 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-33051 | Microsoft Exchange Server Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53730 | Microsoft Office Visio Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53741 | Microsoft Excel Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53759 | Microsoft Excel Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53760 | Microsoft SharePoint Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53761 | Microsoft PowerPoint Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-24999 | Microsoft SQL Server Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53772 | Web Deploy Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53773 | GitHub Copilot and Visual Studio Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-25005 | Microsoft Exchange Server Tampering Vulnerability | No | Tampering | Important |
| CVE-2025-25006 | Microsoft Exchange Server Spoofing Vulnerability | No | Spoofing | Important |
| CVE-2025-25007 | Microsoft Exchange Server Spoofing Vulnerability | No | Spoofing | Important |
| CVE-2025-49743 | Windows Graphics Component Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-49757 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-49759 | Microsoft SQL Server Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-49761 | Windows Kernel Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-49762 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-50153 | Desktop Windows Manager Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-50154 | Microsoft Windows File Explorer Spoofing Vulnerability | No | Spoofing | Important |
| CVE-2025-50156 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-50158 | Windows NTFS Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-50159 | Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-50160 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-50161 | Win32k Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-50162 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-50163 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-50164 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-50166 | Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-50167 | Windows Hyper-V Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-50168 | Win32k Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-50169 | Windows SMB Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-50170 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-50171 | Remote Desktop Spoofing Vulnerability | No | Spoofing | Important |
| CVE-2025-50172 | DirectX Graphics Kernel Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-50173 | Windows Installer Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53131 | Windows Media Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53132 | Win32k Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53133 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53134 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53135 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53136 | NT OS Kernel Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53137 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53138 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53140 | Windows Kernel Transaction Manager Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53141 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53142 | Microsoft Brokering File System Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53143 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53144 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53145 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53147 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53148 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53149 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53151 | Windows Kernel Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53152 | Desktop Windows Manager Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53153 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53154 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53155 | Windows Hyper-V Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53156 | Windows Storage Port Driver Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53716 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-53718 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53719 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53720 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53721 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53722 | Windows Remote Desktop Services Denial of Service Vulnerability | No | Denial of Service | Important |
| CVE-2025-53723 | Windows Hyper-V Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53724 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53725 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53726 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53728 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-47954 | Microsoft SQL Server Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53732 | Microsoft Office Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53734 | Microsoft Office Visio Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53735 | Microsoft Excel Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53736 | Microsoft Word Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53737 | Microsoft Excel Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53738 | Microsoft Word Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53739 | Microsoft Excel Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53765 | Azure Stack Hub Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-53769 | Windows Security App Spoofing Vulnerability | No | Spoofing | Important |
| CVE-2025-50157 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | No | Information Disclosure | Important |
| CVE-2025-50155 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53783 | Microsoft Teams Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-53788 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-53789 | Windows StateRepository API Server file Elevation of Privilege Vulnerability | No | Elevation of Privilege | Important |
| CVE-2025-49712 | Microsoft SharePoint Remote Code Execution Vulnerability | No | Remote Code Execution | Important |
| CVE-2025-49755 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | No | Spoofing | Low |
| CVE-2025-53779 | Windows Kerberos Elevation of Privilege Vulnerability | No | Elevation of Privilege | Moderate |
| CVE-2025-49736 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | No | Spoofing | Moderate |
The post Microsoft Patch Tuesday August 2025 Released – 107 Vulnerabilities Fixed Including 36 RCE appeared first on Cyber Security News.