As part of the August Patch Tuesday, Microsoft fixed 107 vulnerabilities in its products. Among them was one zero-day vulnerability in Windows Kerberos.
This month, thirteen critical vulnerabilities were fixed, nine of which were remote code execution vulnerabilities, three were information disclosure vulnerabilities, and one was related to privilege escalation.
Recall that Microsoft classifies as zero-day any vulnerabilities whose details were publicly disclosed before patches were released, as well as issues that are being actively exploited in the wild.
The only zero-day vulnerability this month, CVE-2025-53779 (CVSS score 7.2), was not used in attacks; information about it surfaced before a fix was available. That’s because the zero-day bug was discovered by Akamai researchers, who published a report on the issue back in May 2025.
Microsoft reports that the vulnerability allowed an authenticated attacker to obtain domain administrator privileges.
“Relative path traversal in Windows Kerberos allows an authenticated attacker to elevate privileges on the network,” Microsoft explains.
It is noted that to exploit this vulnerability, an attacker would need elevated access to the following dMSA attributes:
- msds-groupMSAMembership (allows a user to use the dMSA);
- msds-ManagedAccountPrecededByLink (an attacker needs write access to this attribute, which would allow specifying the user on whose behalf the dMSA can act).
Among other issues fixed this month, the following stand out:
- CVE-2025-53767 (CVSS score: 10) — an Azure OpenAI vulnerability resulting in privilege escalation;
- CVE-2025-53766 (CVSS score: 9.8) — a GDI+ vulnerability allowing remote code execution;
- CVE-2025-50165 (CVSS score: 9.8) — a Windows Graphics Component vulnerability that enables remote code execution;
- CVE-2025-53792 (CVSS score: 9.1) — an Azure Portal vulnerability resulting in privilege escalation;
- CVE-2025-53787 (CVSS score: 8.2) — an information disclosure vulnerability in Microsoft 365 Copilot BizChat.
2025.02.06 — Let's Encrypt to stop sending expiration notification emails
The nonprofit organization announced that, starting June 4, 2025, it will stop sending expiration notification emails to subscribers. The primary reason behind this decision…
Full article →
2025.02.07 — 768 vulnerabilities were exploited by hackers in 2024
According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities. Interestingly,…
Full article →
2025.03.12 — Mass exploitation of PHP-CGI vulnerability in attacks targeting Japanese companies
GreyNoise and Cisco Talos experts warn that hackers are actively exploiting CVE-2024-4577, a critical PHP-CGI vulnerability that was discovered and fixed in early June 2024. CVE-2024-457…
Full article →
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…
Full article →
2025.02.03 — PyPI introduces a project archival system to combat malicious updates
The Python Package Index (PyPI) introduces a new project archival system: a project can now be archived to notify users that it's not expected to be updated…
Full article →
2025.02.25 — More than 100,000 users downloaded SpyLend malware from Google Play Store
According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there…
Full article →
2025.02.08 — Hackers exploit RCE vulnerability in Microsoft Outlook
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…
Full article →
2025.01.28 — J-magic backdoor attacked Juniper Networks devices using 'magic packets'
A massive backdoor attack targeting Juniper routers often used as VPN gateways has been uncovered. The devices were attacked by the J-magic malware that…
Full article →
2025.02.28 — Qualcomm extends support for Android devices to 8 years
Qualcomm Technologies announced its collaboration with Google with the purpose to provide extended support for OEM devices running on company's flagship chipsets. This partnership will…
Full article →
2025.04.08 — Website of Everest ransomware group hacked and defaced
Last weekend, the darknet website of the Everest ransomware group was hacked and went offline. The attackers replaced its content with a sarcastic message: "Don't do crime…
Full article →