Microsoft Addresses Over 100 Security Vulnerabilities in August Patch Update

Microsoft Addresses Over 100 Security Vulnerabilities in August Patch Update

In a significant move, Microsoft has released updates to address numerous critical vulnerabilities in its software this month, marking one of the biggest Patch Tuesdays so far in 2025.

The updates address a total of 13 vulnerabilities that have been marked as "critical," the highest severity rating. Among these, three are remote code execution (RCE) vulnerabilities, one is an elevation of privileges (EoP) flaw, and three are information disclosure bugs.

One of the critical vulnerabilities, CVE-2025-53779, was a zero-day bug that was recently discovered in SQL Server. Successful exploitation of this vulnerability could allow an authenticated attacker to gain domain admin privileges.

The vulnerabilities are related to delegated Managed Service Accounts (dMSAs). dMSAs are designed to allow for migration from traditional service accounts to machine accounts. The first attribute, msds-groupMSAMembership, determines which users may use credentials for the managed service account, while the second attribute, msds-ManagedAccountPrecededByLink, contains a list of users on whose behalf the dMSA can act.

Interestingly, the software developer who explained the reason for fixing the zero-day bug in SQL Server and over 100 additional CVEs is not explicitly named in the available search results.

Nine of the critical vulnerabilities are classified as "exploitation more likely," indicating that they could potentially be exploited by malicious actors.

In addition to the zero-day bug, Microsoft also addressed CVE-2025-53132, an important-rated race condition in Windows Win32K - GRFX, and CVE-2025-50177, a critical use-after-free bug in Windows Message Queuing.

CVE-2025-53778 is a critical-rated improper authentication bug in Windows NTLM. The successful exploitation of CVE-2025-53779 requires an attacker to have control over two attributes of the dMSA.

July's Patch Tuesday is the only month this year that has seen Microsoft address over 100 CVEs. This underscores the importance of keeping software updated to protect against potential security threats.

Users are advised to install the updates as soon as possible to ensure their systems are secure.

Read also:

• Oxidative Stress in Sperm Abnormalities: Impact of Reactive Oxygen Species (ROS) on Sperm Harm
• Is it possible to receive the hepatitis B vaccine more than once?
• Transgender Individuals and Menopause: A Question of Occurrence?
• Genetically manipulated rabbits sprout ominous black horns on their heads