How many critical vulnerabilities were fixed in Microsoft's August 2025 update?

Microsoft fixed thirteen critical vulnerabilities in the August 2025 Patch Tuesday update. Among these, nine are remote code execution flaws, three are information disclosure vulnerabilities, and one is categorized as an elevation of privileges vulnerability.

What are the most critical vulnerabilities in Microsoft's August 2025 Patch Tuesday?

The most critical vulnerabilities include CVE-2025-50176 (DirectX Graphics Kernel RCE), CVE-2025-50165 (Windows Graphics Component RCE), CVE-2025-53740 and CVE-2025-53731 (Microsoft Office RCE), CVE-2025-48807 (Windows Hyper-V RCE), CVE-2025-53766 (GDI+ RCE), CVE-2025-50177 (Microsoft Message Queuing RCE), CVE-2025-53778 (Windows NTLM Elevation of Privilege), and CVE-2025-53784 and CVE-2025-53733 (Microsoft Word RCE).

What is the breakdown of vulnerability types in Microsoft's August 2025 update?

The vulnerability distribution includes 44 elevation of privilege vulnerabilities, 35 remote code execution vulnerabilities, 18 information disclosure vulnerabilities, 9 spoofing vulnerabilities, and 4 denial of service vulnerabilities.

Which Microsoft products received critical security fixes in August 2025?

Products receiving critical security fixes include Azure Stack Hub, Azure Virtual Machines, DirectX Graphics Kernel, Windows Graphics Component, Microsoft Office applications (Word, Office suite), Windows Hyper-V, GDI+, Microsoft Message Queuing (MSMQ), and Windows NTLM.

Are there multiple vulnerabilities affecting Microsoft Office in the August 2025 update?

Yes, multiple Microsoft Office applications were affected including general Microsoft Office (3 vulnerabilities, 2 critical), Microsoft Excel (5 RCE vulnerabilities), Microsoft PowerPoint (1 RCE vulnerability), Microsoft Word (4 vulnerabilities, 2 critical), Microsoft Visio (2 RCE vulnerabilities), and Microsoft SharePoint (2 vulnerabilities).

What Windows components had the most vulnerabilities patched in August 2025?

Windows Routing and Remote Access Service (RRAS) had the most vulnerabilities with 12 separate issues patched, followed by Windows Ancillary Function Driver for WinSock with 7 vulnerabilities, and Microsoft SQL Server with 5 elevation of privilege vulnerabilities.

Were any Azure services affected by the August 2025 Microsoft security updates?

Yes, several Azure services were affected including Azure Stack Hub (2 vulnerabilities, 1 critical information disclosure), Azure Virtual Machines (2 critical vulnerabilities - 1 spoofing and 1 information disclosure), and Azure File Sync (1 elevation of privilege vulnerability).

What is CVE-2025-53779 and why is it significant?

CVE-2025-53779 is a publicly disclosed zero-day vulnerability in the Windows Kerberos authentication system that Microsoft classifies as medium severity. It's an elevation of privilege vulnerability that was already known to the public before Microsoft released the patch, making it particularly significant for immediate patching.

Advisory

Microsoft August 2025 Patch Tuesday fixes 107 vulnerabilities, including 13 critical and one zero-day

Q: How many vulnerabilities did Microsoft patch in August 2025 Patch Tuesday?

Microsoft released its August 2025 Patch Tuesday security updates, patching 107 security flaws across its product portfolio.

Q: Was there a zero-day vulnerability patched in Microsoft's August 2025 update?

Yes, Microsoft patched one publicly disclosed zero-day flaw in the Windows Kerberos authentication system, tracked as CVE-2025-53779. Microsoft classifies this vulnerability as medium severity.

published: Aug. 12, 2025

Take action: This month prioritize patching of Microsoft Windows, Azure integration components and Microsoft Office. Those are impacted by the critical issues. Don't forget to update your Windows PCs/Laptops, since we all use them on the internet and this list of flaws will be abused by hackers.

Learn More

Microsoft has released its August 2025 Patch Tuesday security updates, patching 107 security flaws.

This Patch Tuesday fixes thirteen critical vulnerabilities, nine of which are remote code execution flaws, three are information disclosure vulnerabilities and one is categorized as an elevation of privileges:

CVE-2025-53793 (CVSS score N/A, Microsoft classifies as critical) - Azure Stack Hub Information Disclosure Vulnerability
CVE-2025-49707 (CVSS score N/A, Microsoft classifies as critical) - Azure Virtual Machines Spoofing Vulnerability
CVE-2025-53781 (CVSS score N/A, Microsoft classifies as critical)- Azure Virtual Machines Information Disclosure Vulnerability
CVE-2025-50176 (CVSS score N/A, Microsoft classifies as critical) - DirectX Graphics Kernel Remote Code Execution Vulnerability
CVE-2025-50165 (CVSS score N/A, Microsoft classifies as critical) - Windows Graphics Component Remote Code Execution Vulnerability
CVE-2025-53740 (CVSS score N/A, Microsoft classifies as critical) - Microsoft Office Remote Code Execution Vulnerability
CVE-2025-53731 (CVSS score N/A, Microsoft classifies as critical) - Microsoft Office Remote Code Execution Vulnerability
CVE-2025-48807 (CVSS score N/A, Microsoft classifies as critical) - Windows Hyper-V Remote Code Execution Vulnerability
CVE-2025-53766 (CVSS score N/A, Microsoft classifies as critical) - GDI+ Remote Code Execution Vulnerability
CVE-2025-50177 (CVSS score N/A, Microsoft classifies as critical) - Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2025-53778 (CVSS score N/A, Microsoft classifies as critical) - Windows NTLM Elevation of Privilege Vulnerability
CVE-2025-53784 (CVSS score N/A, Microsoft classifies as critical) - Microsoft Word Remote Code Execution Vulnerability
CVE-2025-53733 (CVSS score N/A, Microsoft classifies as critical) - Microsoft Word Remote Code Execution Vulnerability

The release also fixes one publicly disclosed zero-day flaw in Windows Kerberos authentication system, tracked as CVE-2025-53779 (CVSS score N/A, Microsoft classifies as medium)

The vulnerability distribution includes:

44 elevation of privilege vulnerabilities,
35 remote code execution vulnerabilities
18 information disclosure vulnerabilities
9 spoofing vulnerabilities
4 denial of service vulnerabilities

Full list of patched vulnerabilities

Tag	CVE ID	CVE Title	Severity
Azure File Sync	CVE-2025-53729	Microsoft Azure File Sync Elevation of Privilege Vulnerability	Important
Azure Stack	CVE-2025-53793	Azure Stack Hub Information Disclosure Vulnerability	Critical
Azure Stack	CVE-2025-53765	Azure Stack Hub Information Disclosure Vulnerability	Important
Azure Virtual Machines	CVE-2025-49707	Azure Virtual Machines Spoofing Vulnerability	Critical
Azure Virtual Machines	CVE-2025-53781	Azure Virtual Machines Information Disclosure Vulnerability	Critical
Desktop Windows Manager	CVE-2025-53152	Desktop Windows Manager Remote Code Execution Vulnerability	Important
Desktop Windows Manager	CVE-2025-50153	Desktop Windows Manager Elevation of Privilege Vulnerability	Important
GitHub Copilot and Visual Studio	CVE-2025-53773	GitHub Copilot and Visual Studio Remote Code Execution Vulnerability	Important
Graphics Kernel	CVE-2025-50176	DirectX Graphics Kernel Remote Code Execution Vulnerability	Critical
Kernel Streaming WOW Thunk Service Driver	CVE-2025-53149	Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability	Important
Kernel Transaction Manager	CVE-2025-53140	Windows Kernel Transaction Manager Elevation of Privilege Vulnerability	Important
Microsoft Brokering File System	CVE-2025-53142	Microsoft Brokering File System Elevation of Privilege Vulnerability	Important
Microsoft Dynamics 365 (on-premises)	CVE-2025-49745	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Important
Microsoft Dynamics 365 (on-premises)	CVE-2025-53728	Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability	Important
Microsoft Edge for Android	CVE-2025-49755	Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability	Low
Microsoft Edge for Android	CVE-2025-49736	Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability	Moderate
Microsoft Exchange Server	CVE-2025-25005	Microsoft Exchange Server Tampering Vulnerability	Important
Microsoft Exchange Server	CVE-2025-25006	Microsoft Exchange Server Spoofing Vulnerability	Important
Microsoft Exchange Server	CVE-2025-25007	Microsoft Exchange Server Spoofing Vulnerability	Important
Microsoft Exchange Server	CVE-2025-53786	Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability	Important
Microsoft Exchange Server	CVE-2025-33051	Microsoft Exchange Server Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2025-49743	Windows Graphics Component Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2025-50165	Windows Graphics Component Remote Code Execution Vulnerability	Critical
Microsoft Office	CVE-2025-53732	Microsoft Office Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2025-53740	Microsoft Office Remote Code Execution Vulnerability	Critical
Microsoft Office	CVE-2025-53731	Microsoft Office Remote Code Execution Vulnerability	Critical
Microsoft Office Excel	CVE-2025-53759	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2025-53737	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2025-53739	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2025-53735	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2025-53741	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office PowerPoint	CVE-2025-53761	Microsoft PowerPoint Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2025-53760	Microsoft SharePoint Elevation of Privilege Vulnerability	Important
Microsoft Office SharePoint	CVE-2025-49712	Microsoft SharePoint Remote Code Execution Vulnerability	Important
Microsoft Office Visio	CVE-2025-53730	Microsoft Office Visio Remote Code Execution Vulnerability	Important
Microsoft Office Visio	CVE-2025-53734	Microsoft Office Visio Remote Code Execution Vulnerability	Important
Microsoft Office Word	CVE-2025-53738	Microsoft Word Remote Code Execution Vulnerability	Important
Microsoft Office Word	CVE-2025-53736	Microsoft Word Information Disclosure Vulnerability	Important
Microsoft Office Word	CVE-2025-53784	Microsoft Word Remote Code Execution Vulnerability	Critical
Microsoft Office Word	CVE-2025-53733	Microsoft Word Remote Code Execution Vulnerability	Critical
Microsoft Teams	CVE-2025-53783	Microsoft Teams Remote Code Execution Vulnerability	Important
Remote Access Point-to-Point Protocol (PPP) EAP-TLS	CVE-2025-50159	Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege Vulnerability	Important
Remote Desktop Server	CVE-2025-50171	Remote Desktop Spoofing Vulnerability	Important
Role: Windows Hyper-V	CVE-2025-50167	Windows Hyper-V Elevation of Privilege Vulnerability	Important
Role: Windows Hyper-V	CVE-2025-53155	Windows Hyper-V Elevation of Privilege Vulnerability	Important
Role: Windows Hyper-V	CVE-2025-49751	Windows Hyper-V Denial of Service Vulnerability	Important
Role: Windows Hyper-V	CVE-2025-53723	Windows Hyper-V Elevation of Privilege Vulnerability	Important
Role: Windows Hyper-V	CVE-2025-48807	Windows Hyper-V Remote Code Execution Vulnerability	Critical
SQL Server	CVE-2025-49758	Microsoft SQL Server Elevation of Privilege Vulnerability	Important
SQL Server	CVE-2025-24999	Microsoft SQL Server Elevation of Privilege Vulnerability	Important
SQL Server	CVE-2025-53727	Microsoft SQL Server Elevation of Privilege Vulnerability	Important
SQL Server	CVE-2025-49759	Microsoft SQL Server Elevation of Privilege Vulnerability	Important
SQL Server	CVE-2025-47954	Microsoft SQL Server Elevation of Privilege Vulnerability	Important
Storage Port Driver	CVE-2025-53156	Windows Storage Port Driver Information Disclosure Vulnerability	Important
Web Deploy	CVE-2025-53772	Web Deploy Remote Code Execution Vulnerability	Important
Windows Ancillary Function Driver for WinSock	CVE-2025-53718	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Important
Windows Ancillary Function Driver for WinSock	CVE-2025-53134	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Important
Windows Ancillary Function Driver for WinSock	CVE-2025-49762	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Important
Windows Ancillary Function Driver for WinSock	CVE-2025-53147	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Important
Windows Ancillary Function Driver for WinSock	CVE-2025-53154	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Important
Windows Ancillary Function Driver for WinSock	CVE-2025-53137	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Important
Windows Ancillary Function Driver for WinSock	CVE-2025-53141	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Important
Windows Cloud Files Mini Filter Driver	CVE-2025-50170	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Important
Windows Connected Devices Platform Service	CVE-2025-53721	Windows Connected Devices Platform Service Elevation of Privilege Vulnerability	Important
Windows DirectX	CVE-2025-53135	DirectX Graphics Kernel Elevation of Privilege Vulnerability	Important
Windows DirectX	CVE-2025-50172	DirectX Graphics Kernel Denial of Service Vulnerability	Important
Windows Distributed Transaction Coordinator	CVE-2025-50166	Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure Vulnerability	Important
Windows File Explorer	CVE-2025-50154	Microsoft Windows File Explorer Spoofing Vulnerability	Important
Windows GDI+	CVE-2025-53766	GDI+ Remote Code Execution Vulnerability	Critical
Windows Installer	CVE-2025-50173	Windows Installer Elevation of Privilege Vulnerability	Important
Windows Kerberos	CVE-2025-53779	Windows Kerberos Elevation of Privilege Vulnerability	Moderate
Windows Kernel	CVE-2025-49761	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2025-53151	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Local Security Authority Subsystem Service (LSASS)	CVE-2025-53716	Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability	Important
Windows Media	CVE-2025-53131	Windows Media Remote Code Execution Vulnerability	Important
Windows Message Queuing	CVE-2025-53145	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	Important
Windows Message Queuing	CVE-2025-53143	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	Important
Windows Message Queuing	CVE-2025-50177	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	Critical
Windows Message Queuing	CVE-2025-53144	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	Important
Windows NT OS Kernel	CVE-2025-53136	NT OS Kernel Information Disclosure Vulnerability	Important
Windows NTFS	CVE-2025-50158	Windows NTFS Information Disclosure Vulnerability	Important
Windows NTLM	CVE-2025-53778	Windows NTLM Elevation of Privilege Vulnerability	Critical
Windows PrintWorkflowUserSvc	CVE-2025-53133	Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability	Important
Windows Push Notifications	CVE-2025-53725	Windows Push Notifications Apps Elevation of Privilege Vulnerability	Important
Windows Push Notifications	CVE-2025-53724	Windows Push Notifications Apps Elevation of Privilege Vulnerability	Important
Windows Push Notifications	CVE-2025-50155	Windows Push Notifications Apps Elevation of Privilege Vulnerability	Important
Windows Push Notifications	CVE-2025-53726	Windows Push Notifications Apps Elevation of Privilege Vulnerability	Important
Windows Remote Desktop Services	CVE-2025-53722	Windows Remote Desktop Services Denial of Service Vulnerability	Important
Windows Routing and Remote Access Service (RRAS)	CVE-2025-50157	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability	Important
Windows Routing and Remote Access Service (RRAS)	CVE-2025-53153	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability	Important
Windows Routing and Remote Access Service (RRAS)	CVE-2025-50163	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Important
Windows Routing and Remote Access Service (RRAS)	CVE-2025-50162	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Important
Windows Routing and Remote Access Service (RRAS)	CVE-2025-50164	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Important
Windows Routing and Remote Access Service (RRAS)	CVE-2025-53148	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability	Important
Windows Routing and Remote Access Service (RRAS)	CVE-2025-53138	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability	Important
Windows Routing and Remote Access Service (RRAS)	CVE-2025-50156	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability	Important
Windows Routing and Remote Access Service (RRAS)	CVE-2025-49757	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Important
Windows Routing and Remote Access Service (RRAS)	CVE-2025-53719	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability	Important
Windows Routing and Remote Access Service (RRAS)	CVE-2025-53720	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Important
Windows Routing and Remote Access Service (RRAS)	CVE-2025-50160	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Important
Windows Security App	CVE-2025-53769	Windows Security App Spoofing Vulnerability	Important
Windows SMB	CVE-2025-50169	Windows SMB Remote Code Execution Vulnerability	Important
Windows StateRepository API	CVE-2025-53789	Windows StateRepository API Server file Elevation of Privilege Vulnerability	Important
Windows Subsystem for Linux	CVE-2025-53788	Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability	Important
Windows Win32K - GRFX	CVE-2025-50161	Win32k Elevation of Privilege Vulnerability	Important
Windows Win32K - GRFX	CVE-2025-53132	Win32k Elevation of Privilege Vulnerability	Important
Windows Win32K - ICOMP	CVE-2025-50168	Win32k Elevation of Privilege Vulnerability	Important

Microsoft August 2025 Patch Tuesday fixes 107 vulnerabilities, including 13 critical and one zero-day

Read More
Third one in a week: Google patches another …
Limit your trust in Social media apps - …
Google releases November 2024 Android Update, fixes actively …
Adobe releases patches for critical issues in Acrobat, …
Google Issues Emergency Chrome Update to Patch 10 …