CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Microsoft August 2025 Patch Tuesday: Multiple Critical Elevation-of-Privilege Vulnerabilities

First reported
Last updated
3 unique sources, 11 articles

Summary

Hide ▲

Microsoft's August 2025 Patch Tuesday addressed 111 vulnerabilities, including 44 elevation-of-privilege (EoP) flaws and 35 remote code execution (RCE) vulnerabilities. The update also fixed 18 information disclosure flaws, 8 spoofing defects, and 4 denial-of-service issues. Critical issues included EoP bugs in Windows Hyper-V, Microsoft SQL Server, and Azure OpenAI, as well as RCE vulnerabilities in SharePoint and Windows Graphics Component. The update included a fix for CVE-2025-53779, a publicly known Windows Kerberos EoP flaw dubbed BadSuccessor, disclosed in May 2025. The update did not include any actively exploited bugs, marking the second consecutive month without such vulnerabilities. Security experts recommended immediate patching for high-severity issues, especially those in core system components and widely used services like SharePoint and SQL Server. However, the August 2025 security updates caused failures in reset and recovery operations on Windows 10 and older versions of Windows 11. Microsoft released emergency out-of-band updates on August 19, 2025, to resolve this issue. The emergency updates are available as optional updates via Windows Update and Windows Update for Business, or can be downloaded and installed manually from the Microsoft Update Catalog. Additionally, the August 2025 security updates caused severe lag and stuttering issues with NDI streaming software on some Windows 10 and Windows 11 systems. The issues affected applications such as OBS (Open Broadcast Software) and NDI Tools, especially when 'Display Capture' was enabled on the source PC. A temporary workaround involved changing the NDI Receive Mode to use TCP or UDP instead of RUDP. Microsoft resolved a known issue causing Windows upgrades to fail with 0x8007007F errors on some Windows 11 and Windows Server systems. The affected upgrade paths included Windows 10 1809, 21H2, and 22H2 to Windows 11 versions 23H2 and 22H2, and Windows Server 2016 to Windows Server 2019 or 2022, and Windows Server 2019 to Windows Server 2022. The issue was resolved as of August 15, 2025, and users were advised to retry the upgrade process if they encountered the error. The KB5064081 update introduced a new method for displaying CPU usage in Task Manager, standardizing CPU reporting across the application. The update included new Recall features and a redesigned Windows Hello interface. The update addressed an issue that prevented some system recovery features from working properly due to a temporary file sharing conflict. The update fixed an issue in Resilient File System (ReFS) where using backup apps with large files could sometimes exhaust system memory. The update resolved an issue with the Chinese (Simplified) Input Method Editor (IME) where some extended characters appeared as empty boxes. The update addressed an issue that prevented typing on the touch keyboard when using the Microsoft Changjie, Microsoft Bopomofo, or Microsoft Japanese Input Method Editors (IMEs). The update fixed an issue that slowed application installation on ARM64 devices. The update included fixes for audio and video performance issues when using Network Device Interface (NDI) to stream or transfer feeds between PCs. The update was part of the company's optional non-security preview update schedule, which releases updates at the end of each month to test new fixes and features coming to the next month's Patch Tuesday. The KB5065426 and KB5065431 cumulative updates for Windows 11 introduce new features and improvements, including a redesigned Windows Hello interface and enhanced passkey features. The updates include a new Recall feature that opens to a personalized homepage, highlighting recent activity and top-used apps and websites. The updates fix issues with the taskbar preview thumbnail, Search on the taskbar, and the lock screen widgets. The updates introduce a new navigation bar for quick access to Home, Timeline, Feedback, and Settings in the Recall feature. The updates include a new grid view in Search on the taskbar to help users quickly identify desired images. The updates provide clearer status information in Search on the taskbar, including progress notices and file availability status. The updates introduce a new visual experience for the Discover feed on the Widgets Board, including Copilot-curated stories. The updates include a new Windows Backup for Organizations feature, providing enterprise-grade backup and restore capabilities. The updates address an issue with the Microsoft Pluton Cryptographic Provider, resolving error messages in Windows Event Viewer. The updates fix issues with live captions, input methods, and various underlying system components. The September 2025 Windows security update fixed issues caused by the August 2025 updates, which triggered unexpected UAC prompts and app installation problems for non-admin users across all Windows versions. The issue was due to a security patch for CVE-2025-50173, a Windows Installer privilege escalation vulnerability. The September update reduces the scope of UAC prompts for MSI repairs and allows IT admins to disable UAC prompts for specific apps.

Timeline

  1. 10.09.2025 15:02 2 articles · 19d ago

    September 2025 Windows Security Update Fixes UAC Prompts and App Installation Issues

    The September 2025 Windows security update addresses issues caused by the August 2025 updates, which triggered unexpected UAC prompts and app installation problems for non-admin users across all Windows versions. The problem stemmed from a security patch for CVE-2025-50173, a Windows Installer privilege escalation vulnerability. The September update reduces the scope of UAC prompts for MSI repairs and provides IT administrators with the ability to disable UAC prompts for specific apps by adding them to an allowlist. The affected platforms include Windows 11 versions 24H2, 23H2, and 22H2; Windows 10 versions 22H2, 21H2, 1809, and Enterprise LTSC 2019, 2016, and 2015 LTSB; and Windows Server 2025, 2022, 2019, 2016, 2012 R2, and 2012.

    Show sources
    Open in new tab
  2. 09.09.2025 20:37 1 articles · 20d ago

    KB5065426 and KB5065431 cumulative updates for Windows 11 released

    The KB5065426 and KB5065431 cumulative updates for Windows 11 introduce several new features and improvements. These updates include a redesigned Windows Hello interface, enhanced passkey features, and a new Recall feature that opens to a personalized homepage. The updates also fix various issues with the taskbar preview thumbnail, Search on the taskbar, and the lock screen widgets. Additionally, the updates introduce a new navigation bar for quick access to Home, Timeline, Feedback, and Settings in the Recall feature. The updates include a new grid view in Search on the taskbar to help users quickly identify desired images and provide clearer status information, including progress notices and file availability status. The updates also introduce a new visual experience for the Discover feed on the Widgets Board, including Copilot-curated stories. The updates include a new Windows Backup for Organizations feature, providing enterprise-grade backup and restore capabilities.

    Show sources
    Open in new tab
  3. 29.08.2025 21:02 3 articles · 1mo ago

    Microsoft resolves CertificateServicesClient error messages in Windows 11 24H2

    The KB5065426 and KB5065431 cumulative updates for Windows 11 introduce a redesigned Windows Hello interface and enhanced passkey features. The updates also address an issue with the Microsoft Pluton Cryptographic Provider, resolving error messages in Windows Event Viewer. The updates fix issues with live captions, input methods, and various underlying system components.

    Show sources
    Open in new tab
  4. 22.08.2025 15:25 1 articles · 1mo ago

    Microsoft August 2025 Patch Tuesday: NDI Streaming Issues on Windows 10 and 11

    The August 2025 security updates are causing severe lag and stuttering issues with NDI streaming software on some Windows 10 and Windows 11 systems. The issues affect applications such as OBS (Open Broadcast Software) and NDI Tools, especially when 'Display Capture' is enabled on the source PC. The problems are triggered by the KB5063878 and KB5063709 security updates on Windows 11 24H2 users and Windows 10 21H2/22H2 devices, respectively. The NDI team confirmed the issue, stating that the buggy Windows updates cause NDI traffic to drop unexpectedly, affecting RUDP connections. A temporary workaround involves changing the NDI Receive Mode to use TCP or UDP instead of RUDP.

    Show sources
    Open in new tab
  5. 20.08.2025 11:21 1 articles · 1mo ago

    Microsoft resolves Windows upgrade failures with 0x8007007F error

    Microsoft resolved a known issue causing Windows upgrades to fail with 0x8007007F errors on some Windows 11 and Windows Server systems. The affected upgrade paths include Windows 10 1809, 21H2, and 22H2 to Windows 11 versions 23H2 and 22H2, and Windows Server 2016 to Windows Server 2019 or 2022, and Windows Server 2019 to Windows Server 2022. The issue was resolved as of August 15, 2025, and users are advised to retry the upgrade process if they encounter the error.

    Show sources
    Open in new tab
  6. 19.08.2025 16:39 5 articles · 1mo ago

    Microsoft August 2025 Patch Tuesday: Reset and Recovery Failures on Windows 10 and 11

    Microsoft released KB5065426 and KB5065429 to address NDI streaming issues on Windows 10 and 11. The September 2025 Patch Tuesday security updates also address another known issue introduced by the August 2025 Windows security updates, which causes unexpected User Account Control (UAC) prompts and app installation problems for non-admin users. Microsoft also fixed another known issue causing security updates delivered via Windows Server Update Services (WSUS) to fail with 0x80240069 errors after installing KB5063878.

    Show sources
    Open in new tab
  7. 13.08.2025 11:47 1 articles · 1mo ago

    Microsoft August 2025 Patch Tuesday: BadSuccessor Kerberos EoP Vulnerability Fixed

    The update includes a fix for CVE-2025-53779, a publicly known Windows Kerberos EoP flaw dubbed BadSuccessor, disclosed in May 2025. The flaw allows attackers with sufficient privileges to compromise an Active Directory domain by misusing delegated Managed Service Account (dMSA) objects. The vulnerability can be exploited to impersonate privileged accounts, escalate to domain administrator, and potentially gain full control of the Active Directory domain.

    Show sources
    Open in new tab
  8. 13.08.2025 00:47 2 articles · 1mo ago

    Microsoft August 2025 Patch Tuesday: 111 CVEs Addressed, Including 44 EoP Vulnerabilities

    The update addresses 111 vulnerabilities, with 16 rated Critical, 92 rated Important, two rated Moderate, and one rated Low in severity. It includes fixes for 35 RCE vulnerabilities, 18 information disclosure flaws, 8 spoofing defects, and 4 denial-of-service issues. The update also addresses a publicly known Windows Kerberos EoP flaw dubbed BadSuccessor, disclosed in May 2025. Critical issues include EoP bugs in Windows Hyper-V, Microsoft SQL Server, and Azure OpenAI, as well as RCE vulnerabilities in SharePoint and Windows Graphics Component.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Command injection flaw in Libraesva ESG exploited by state actors

Libraesva has released an emergency update for its Email Security Gateway (ESG) solution to address a command injection vulnerability (CVE-2025-59689). This flaw, exploited by a state-sponsored actor, allows arbitrary shell command execution via a crafted email attachment. The vulnerability affects all versions from 4.5 onwards and has been patched in versions 5.0.31, 5.1.20, 5.2.31, 5.3.16, 5.4.8, and 5.5.7. The exploit was discovered and patched within 17 hours of detection. The vulnerability is triggered by improper sanitization of compressed archive formats, enabling non-privileged users to execute arbitrary commands. The patch includes a sanitization fix, automated scans for indicators of compromise, and a self-assessment module to verify the update's application. The vulnerability has a CVSS score of 6.1, indicating medium severity. Libraesva has identified one confirmed incident of abuse by a foreign hostile state entity. Customers using versions below 5.0 must upgrade manually to a supported release, as they have reached end-of-life and will not receive a patch for CVE-2025-59689.

Open in new tab

Microsoft Lifts Multiple Windows 11 24H2 Safeguard Holds

Microsoft has lifted multiple compatibility holds that previously prevented Windows 11 24H2 upgrades on devices with specific hardware and software configurations. The latest hold removed was for devices with integrated cameras due to a face detection bug causing app freezes. This bug was fixed, and the update block was lifted on September 22, 2025. Additionally, a safeguard hold for devices with Dirac audio software was removed on September 11, 2025, allowing eligible devices to upgrade to Windows 11 24H2. The issues affected systems with Dirac audio improvement software, leading to problems with audio device detection and integrated speakers. The incompatibility was traced to the cridspapo.dll component of the audio processing software. Affected users reported that Bluetooth headsets, speakers, and integrated speakers stopped functioning after the upgrade. A new driver addressing the issue is available via Windows Update.

Open in new tab

Windows September 2025 updates cause SMBv1 share connection issues

Microsoft's September 2025 Windows security updates have introduced a known issue affecting connections to Server Message Block (SMB) v1 shares over the NetBIOS over TCP/IP (NetBT) protocol. This issue impacts various Windows client and server platforms, including Windows 11, Windows 10, Windows Server 2025, and Windows Server 2022. Users may fail to connect to shared files and folders using SMBv1 after installing these updates. Microsoft is actively working on a resolution and has provided a temporary workaround to mitigate the problem. The issue arises because either the SMB client or the SMB server has the September 2025 security update installed.

Open in new tab

Microsoft September 2025 Patch Tuesday addresses 81 vulnerabilities, including two zero-days

Microsoft's September 2025 Patch Tuesday addresses 80 vulnerabilities, including one publicly disclosed flaw and eight critical vulnerabilities. The updates fix a range of issues, including privilege escalation, remote code execution, information disclosure, and denial-of-service vulnerabilities. The patches also cover a critical flaw in Azure Networking and address a new lateral movement technique dubbed BitLockMove. Additionally, security updates have been released by multiple vendors, including Adobe, Cisco, Google, and others. The September 2025 update includes 38 elevation of privilege (EoP) vulnerabilities. The two zero-day vulnerabilities are CVE-2025-55234 in Windows SMB Server and CVE-2024-21907 in Microsoft SQL Server. The SMB vulnerability is exploited through relay attacks, while the SQL Server flaw involves improper handling of exceptional conditions in Newtonsoft.Json. The updates also include hardening features for SMB Server to mitigate relay attacks, with recommendations for administrators to enable auditing to assess compatibility issues. The KB5065429 cumulative update for Windows 10 22H2 and 21H2 includes fourteen fixes or changes, addressing unexpected UAC prompts and severe lag and stuttering issues with NDI streaming software. The update enables auditing SMB client compatibility for SMB Server signing and SMB Server EPA, and includes an opt-in feature for administrators to allow outbound network traffic from Windows 10 devices. The September 2025 update includes 38 elevation of privilege (EoP) vulnerabilities. CVE-2025-55234 is an elevation of privilege vulnerability with a CVSS score of 8.8. CVE-2025-54918 in Windows NT LAN Manager (NTLM) is marked as critical and has a CVSS score of 8.8. CVE-2025-54111 and CVE-2025-54913 are EoP vulnerabilities in Windows UI XAML. CVE-2025-55232 in the Microsoft High Performance Compute (HPC) Pack has a CVSS score of 9.8. CVE-2025-54916 in Windows NTFS has a CVSS score of 7.8 and can be exploited through SMB or local parsing routines. Microsoft has released the final non-security preview update for Windows 10, version 22H2, which includes fixes for the out-of-box experience and SMBv1 protocol connectivity. The update improves the servicing stack, updating Windows 10 22H2 systems to build 19045.6396. The update includes fixes and quality improvements from the KB5065429 cumulative update, enabling support for IT administrators to deploy hardening measures for SMB. The update addresses an issue causing non-admin users to receive unexpected User Account Control (UAC) prompts and fixes delays or uneven audio and video performance issues with Network Device Interface (NDI) streaming. Microsoft will stop providing security updates for Windows 10 after October 14, 2025, and the Extended Security Updates (ESU) program is available for Windows 10 users to delay the switch to Windows 11. Individual customers in the European Economic Area (EEA) can enroll in the ESU program for free.

Open in new tab

Microsoft Anti-Spam Service Misidentifies Safe URLs in Exchange Online and Teams

Microsoft is addressing a bug in its anti-spam service that incorrectly blocks URLs in Exchange Online and Microsoft Teams, causing some emails to be quarantined. The issue began on September 5, 2025, affecting users who received false alerts about malicious URLs. Over 6,000 URLs have been identified as affected, and Microsoft is working to unblock them and recover any incorrectly flagged messages. The bug is due to the anti-spam engine mistakenly tagging URLs within other URLs as potentially malicious. Microsoft has deployed a partial fix and is continuing to address the impact. The incident has been classified as an event with noticeable user impact, although the exact number of affected customers and regions remains undisclosed. Similar issues have occurred throughout the year, including a May 2025 incident where a machine learning model incorrectly flagged Gmail emails as spam in Exchange Online.

Open in new tab