News
Microsoft August Patch Tuesday: One Zero-Day, 13 Critical Flaws Fixed
Microsoft's latest Patch Tuesday brings a hefty batch of security fixes, with 107 vulnerabilities targeted across the company's portfolio of products and services. This month's release includes one zero-day flaw and 13 others rated "critical."
The zero-day, CVE-2025-53779, sits in Windows Kerberos and is tied to a relative path traversal issue in the way the authentication system processes domain Managed Service Accounts (dMSAs). Mike Walters, president and co-founder of Action1, said the flaw stems from improper validation of path inputs in Kerberos when handling domain Managed Service Accounts.
"Specifically, the issue lies in how Windows Kerberos processes certain dMSA attributes, such as the msds-ManagedAccountPrecededByLink attribute," said Walters. "A high-privilege attacker can exploit this weakness to traverse directory structures and impersonate users with greater privileges than intended, undermining Kerberos' trusted delegation model for service account management in Active Directory."
Unpatched versions of Windows opens the door for attackers with high-level domain privileges to impersonate other accounts, escalate to domain administrator and potentially take over an entire Active Directory domain. While Microsoft's official assessment lists exploitation as less likely, Walters noted that the combination of a path traversal issue in a core authentication component like Kerberos and its potential high impact is concerning. The fact that proof-of-concept exploit code is already circulating only adds to the urgency, he said.
Among the 13 items rated "critical," four vulnerabilities stand out as high priorities for IT.
Two are in Microsoft Office: CVE-2025-53740 and CVE-2025-53731. Both are remote code execution bugs that can be exploited via the Preview Pane -- meaning a malicious email attachment could trigger code execution without the user fully opening the file. Alex Vovk, CEO and co-founder of Action1, said the Preview Pane exploitation can enable code execution without fully opening a document, which could help attackers bypass protections and gain a foothold on a target network.
"Attackers might also chain this with privilege escalation bugs or sandbox escapes to gain deeper access,"said Vovk. "Unlike macro-based attacks, this flaw can bypass macro security by exploiting document parsing alone. There's also a risk of widespread compromise if malicious documents enter business workflows or document systems."
Next, there's CVE-2025-50165, a Windows Graphics Component remote code execution vulnerability triggered by decoding a crafted JPEG image. The flaw requires no privileges or user interaction, raising concerns about worm-like spread and exploitation through automatic image previews.
One final highlight for the month is CVE-2025-53766, a heap-based buffer overflow in Windows GDI+. If gone unpatched, this flaw be exploited through malicious metafiles in documents or by targeting document-processing services, potentially allowing for supply chain or lateral movement attacks inside a network.
The remaining critical items include:
Updates are available now via Windows Update, WSUS, and the Microsoft Update Catalog. Microsoft recommends placing the Kerberos zero-day and these critical vulnerabilities at the top of patching schedules.