CyberHappenings logo
☰
🏠 Home 📂 Browse ℹī¸ About

Microsoft August 2025 Patch Tuesday Addresses 111 Vulnerabilities, Including Multiple Critical EoP Flaws

First reported
Last updated
📰 3 unique sources, 6 articles

Summary

Hide ▲

Microsoft's August 2025 Patch Tuesday addressed 111 vulnerabilities, with 16 rated Critical, 92 Important, 2 Moderate, and 1 Low in severity. The update includes fixes for 44 elevation-of-privilege (EoP) flaws, 35 remote code execution (RCE) vulnerabilities, 18 information disclosure flaws, 8 spoofing vulnerabilities, and 4 denial-of-service defects. Notable patches include fixes for Azure OpenAI, Windows Kerberos, and Microsoft SQL Server. The update also addresses critical RCE vulnerabilities in SharePoint, Windows Graphics Component, and Microsoft's GDI+ graphics interface, highlighting the need for immediate patching and mitigation strategies. The update is significant for its focus on EoP vulnerabilities, which can allow attackers to escalate privileges post-compromise. Key vulnerabilities include CVE-2025-53767 in Azure OpenAI, CVE-2025-53779 in Windows Kerberos, and multiple flaws in Microsoft SQL Server. Microsoft's September 2025 Patch Tuesday addresses 81 vulnerabilities, including two publicly disclosed zero-day vulnerabilities in Windows SMB Server and Microsoft SQL Server. The update also includes fixes for 38 EoP vulnerabilities, 22 RCE vulnerabilities, 16 information disclosure vulnerabilities, 3 denial of service vulnerabilities, 1 spoofing vulnerability, and 2 security feature bypass vulnerabilities. The KB5065429 cumulative update for Windows 10 22H2 and Windows 10 21H2 includes fourteen fixes or changes, addressing unexpected UAC prompts and severe lag and stuttering issues with NDI streaming software. The update includes Microsoft's September 2025 Patch Tuesday security updates, which fix two publicly disclosed zero-day vulnerabilities and 81 flaws. Microsoft's September 2025 Patch Tuesday addresses 80 vulnerabilities, including one publicly disclosed vulnerability in Windows SMB. The update includes fixes for 38 EoP vulnerabilities, 22 RCE vulnerabilities, 14 information disclosure vulnerabilities, and 3 denial-of-service vulnerabilities. The update also addresses critical flaws in Azure Networking, Microsoft High Performance Compute (HPC) Pack, and Windows NTLM, among others.

Timeline

  1. 10.09.2025 14:14 📰 1 articles

    Microsoft September 2025 Patch Tuesday fixes 80 flaws, including publicly known SMB vulnerability

    Microsoft's September 2025 Patch Tuesday addresses 80 vulnerabilities, including one publicly disclosed vulnerability in Windows SMB. The update includes fixes for 38 elevation-of-privilege (EoP) vulnerabilities, 22 remote code execution (RCE) vulnerabilities, 14 information disclosure vulnerabilities, and 3 denial-of-service vulnerabilities. The update also addresses critical flaws in Azure Networking, Microsoft High Performance Compute (HPC) Pack, and Windows NTLM, among others. Notably, CVE-2025-54914 is a critical flaw impacting Azure Networking with a CVSS score of 10.0. The update also includes fixes for two privilege escalation vulnerabilities in Windows BitLocker and four BitLocker security feature bypass vulnerabilities. The article also mentions a new lateral movement technique called BitLockMove, which involves the remote manipulation of BitLocker registry keys via Windows Management Instrumentation (WMI).

    Show sources
    Open in new tab
  2. 09.09.2025 20:57 📰 1 articles

    Windows 10 KB5065429 Update Released

    The KB5065429 cumulative update for Windows 10 22H2 and Windows 10 21H2 includes fourteen fixes or changes, addressing unexpected UAC prompts and severe lag and stuttering issues with NDI streaming software. The update includes Microsoft's September 2025 Patch Tuesday security updates, which fix two publicly disclosed zero-day vulnerabilities and 81 flaws. The KB5065429 update enables auditing SMB client compatibility for SMB Server signing and SMB Server EPA. It also adds an opt-in feature for administrators to allow outbound network traffic from Windows 10 devices. Additionally, the update fixes an issue where the Removeable Storage Access policy may not work properly. Windows Backup for Organizations is now generally available with the KB5065429 update.

    Show sources
    Open in new tab
  3. 09.09.2025 20:43 📰 3 articles

    Microsoft September 2025 Patch Tuesday fixes 81 flaws, including two zero-days

    Microsoft's September 2025 Patch Tuesday addresses 81 vulnerabilities, including two publicly disclosed zero-day vulnerabilities in Windows SMB Server and Microsoft SQL Server. The update fixes nine Critical vulnerabilities, including five remote code execution (RCE) vulnerabilities, one information disclosure vulnerability, and two elevation of privilege (EoP) vulnerabilities. The September 2025 Patch Tuesday also includes fixes for 38 elevation of privilege vulnerabilities, 22 remote code execution vulnerabilities, 16 information disclosure vulnerabilities, 3 denial of service vulnerabilities, 1 spoofing vulnerability, and 2 security feature bypass vulnerabilities. The update also addresses vulnerabilities in other Microsoft products, including Azure, Dynamics 365 FastTrack Implementation Assets, Mariner, Microsoft Edge, and Xbox. Additionally, the article mentions security updates released by multiple other vendors, including Adobe, Argo, Cisco, Google, SAP, Sitecore, and TP-Link. The update includes fixes for 38 EoP vulnerabilities, 22 RCE vulnerabilities, 16 information disclosure vulnerabilities, 3 denial of service vulnerabilities, 1 spoofing vulnerability, and 2 security feature bypass vulnerabilities. Notably, CVE-2025-55234 is a publicly disclosed zero-day EoP vulnerability in Windows SMB Server. The update also includes critical RCE vulnerabilities such as CVE-2025-55232 in Microsoft High Performance Compute Pack and CVE-2025-54916 in Windows NTFS.

    Show sources
    Open in new tab
  4. 13.08.2025 00:47 📰 2 articles

    Microsoft August 2025 Patch Tuesday Addresses 111 Vulnerabilities

    Microsoft's August 2025 Patch Tuesday update addresses 111 vulnerabilities, including 16 Critical, 92 Important, 2 Moderate, and 1 Low severity vulnerabilities. The update includes fixes for 44 elevation-of-privilege (EoP) flaws, 35 remote code execution (RCE) vulnerabilities, 18 information disclosure flaws, 8 spoofing vulnerabilities, and 4 denial-of-service defects. The update is significant for its focus on EoP vulnerabilities, which can allow attackers to escalate privileges post-compromise. Key vulnerabilities include CVE-2025-53767 in Azure OpenAI, CVE-2025-53779 in Windows Kerberos, and multiple flaws in Microsoft SQL Server. The update also addresses critical RCE vulnerabilities in SharePoint, Windows Graphics Component, and Microsoft's GDI+ graphics interface, highlighting the need for immediate patching and mitigation strategies. The publicly known zero-day, CVE-2025-53779 (BadSuccessor), is a Windows Kerberos EoP flaw discovered by Akamai researcher Yuval Gordon. This flaw allows attackers to compromise an Active Directory domain and can be exploited in multi-exploit chains to gain full domain control. The immediate impact of BadSuccessor is limited, affecting only 0.7% of Active Directory domains at the time of disclosure. The article also mentions security updates released by multiple other vendors, including Adobe, Amazon Web Services, Apple, Cisco, Google, and others.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Critical SessionReaper vulnerability patched in Adobe Commerce and Magento Open Source

Adobe has patched a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms, dubbed SessionReaper. This flaw, with a CVSS score of 9.1, could allow unauthenticated attackers to take control of customer accounts via the Commerce REST API. The patch was released on September 9, 2025, following an emergency notification to selected customers on September 4, 2025. Adobe Commerce on Cloud customers were already protected by a WAF rule deployed as an interim measure. The vulnerability is considered one of the most severe in the platform's history, with potential for widespread exploitation. Administrators are advised to apply the patch immediately, as it disables certain internal Magento functionalities that may affect custom or external code. The affected versions include Adobe Commerce 2.4.9-alpha2 and earlier, 2.4.8-p2 and earlier, 2.4.7-p7 and earlier, 2.4.6-p12 and earlier, 2.4.5-p14 and earlier, and 2.4.4-p15 and earlier. The affected versions also include Adobe Commerce B2B 1.5.3-alpha2 and earlier, 1.5.2-p2 and earlier, 1.4.2-p7 and earlier, 1.3.4-p14 and earlier, and 1.3.3-p15 and earlier. The affected versions include Magento Open Source 2.4.9-alpha2 and earlier, 2.4.8-p2 and earlier, 2.4.7-p7 and earlier, 2.4.6-p12 and earlier, and 2.4.5-p14 and earlier. The Custom Attributes Serializable module versions 0.1.0 to 0.4.0 are also affected.

Open in new tab

Critical SAP NetWeaver Command Execution Vulnerabilities Patched

SAP has patched three critical vulnerabilities in NetWeaver, its middleware for business applications. The most severe flaw, CVE-2025-42944, allows unauthenticated attackers to execute arbitrary OS commands via insecure deserialization. Two other critical issues, CVE-2025-42922 and CVE-2025-42958, enable authenticated users to upload arbitrary files and unauthorized users to access administrative functions. These vulnerabilities affect SAP's ERP, CRM, SRM, and SCM applications, widely used in large enterprise networks. The patches come amid ongoing exploitation of another critical SAP vulnerability, CVE-2025-42957, which affects S/4HANA, Business One, and NetWeaver products. SAP released 21 new and four updated security notes on September 2025 patch day, including updates for NetWeaver AS ABAP and other SAP products. SAP has also released a patch for a high-severity missing input validation bug in SAP S/4HANA (CVE-2025-42916, CVSS score: 8.1).

Open in new tab

Vulnerability Management Challenges in Network Edge Devices

The vulnerability management market faces significant challenges due to an increasing number of vulnerabilities and the complexity of securing network edge devices. The shift to cloud-based solutions and the exploitation of edge devices by threat actors highlight the need for more effective and integrated risk management strategies. The industry must adapt to address the growing risks associated with network device vulnerabilities, which are often exploited to gain unauthorized access and move laterally within networks. Organizations are struggling to keep up with the pace of vulnerabilities and the time it takes to remediate them, leading to an increased risk of exploitation. The exploitation of network edge devices has surged, with a notable increase in the percentage of edge devices compromised through vulnerabilities. This trend underscores the urgent need for solutions that can automate and orchestrate the protection of these critical assets.

Open in new tab

Action1 Cloud-native Patch Management Platform Outperforms WSUS

Action1, a cloud-native patch management platform, offers significant advantages over the deprecated Windows Server Update Services (WSUS). Action1 provides faster installation, reduced maintenance, broader coverage, automated policies, and better reporting. It supports both Microsoft and third-party applications, handles remote endpoints seamlessly, and scales effortlessly. WSUS, while historically popular, requires substantial infrastructure, manual interventions, and lacks support for third-party applications, making it less suitable for modern IT environments.

Open in new tab

Active exploitation of SAP S/4HANA command injection vulnerability CVE-2025-42957

A critical command injection vulnerability in SAP S/4HANA, tracked as CVE-2025-42957, is being actively exploited in the wild. The flaw allows attackers with low-privileged user access to execute arbitrary ABAP code, potentially leading to full system compromise. The vulnerability affects both on-premise and private cloud editions of SAP S/4HANA. The exploit can result in unauthorized modification of the SAP database, creation of superuser accounts, and theft of password hashes. Organizations are advised to apply patches immediately and monitor for suspicious activity. The vulnerability was fixed by the vendor on August 11, 2025, but several systems have not applied the available security updates, and these are now being targeted by hackers who have weaponized the bug. SecurityBridge discovered the vulnerability and reported it to SAP on June 27, 2025, and even assisted in the development of a patch. SecurityBridge and Pathlock have confirmed active exploitation of the vulnerability. The patch for CVE-2025-42957 is relatively easy to reverse engineer, and successful exploitation gives attackers access to the operating system and all data in the targeted SAP system. Organizations are urged to implement additional security measures, such as SAP's Unified Connectivity framework (UCON), to restrict RFC usage and monitor logs for suspicious activity.

Open in new tab