- August 2025 patch on Tuesday update of the 111 faults update
- These include multiple critical severity defects and a zero day problem
- Users must apply the patch immediately, or a risk attack
Microsoft has launched its August 2025 Patch Tuesday, a cumulative set of updates that address more than 100 vulnerabilities in a host of its products.
Among them was a zero -day vulnerability known in Windows Kerberos, the implementation of the Kerberos Authentication Protocol, which safely verifies the identities of the users in a Windows network using tickets instead of sending passwords through the network.
It was discovered that Kerberos contained a defect of “relative route traversal” that allows an authorized threat actor to raise privileges on a network.
Critical gravity defects
In addition to zero day, Microsoft solved another 106 failures, including 13 errors labeled as “critics.”
Of these, nine are remote code execution failures (RCE) that can be abused in device acquisition attacks, information dissemination failures that can be used in data exfiltration attacks and an elevation of the privilege error.
Some of the most notable vulnerabilities fixed in the launch include a critical 10/10 fault in Azure OpenAi, tracked as CVE-2025-5376 that could allow the non-authenticated threat actors to access AI’s confidential information.
Another remarkable mention is a remote code execution error in the Microsoft Graphics component that can be exploited through malicious files or images. They are traced as CVE-2025-50165, and it was given a gravity score of 9.8/10 (critic).
There are also CVE-2025-53766, CVE-50171 and CVE-2025-53792, all of which have a gravity score of 9.1 and more, which makes them critical.
In total, Microsoft addressed 111 vulnerabilities, and although none is marked as actively exploited in nature, administrators would be wise to apply the solution without delay.
Through Bleepingcomputer
