Microsoft’s Patch Tuesday update for August 2025 includes fixes for 110 Microsoft vulnerabilities, including nine at higher risk for exploitation and an additional five vulnerabilities carrying 9+ severity ratings.
The update, down from 130 vulnerabilities in July’s update, also included eight Chrome vulnerabilities in the Chromium-based Microsoft Edge.
Highest-Rated Vulnerabilities: Fixed or at Lower Risk
The highest-rated vulnerability – CVE-2025-53767, a 10.0-severity Azure OpenAI Elevation of Privilege vulnerability – has already been fully mitigated by Microsoft, as has CVE-2025-53792, a 9.1-rated Azure Portal Elevation of Privilege vulnerability.
Three other 9+ rated vulnerabilities – CVE-2025-50171, a Remote Desktop Spoofing vulnerability, CVE-2025-50165, a Windows Graphics Component Remote Code Execution vulnerability, and CVE-2025-53766, a GDI+ Remote Code Execution vulnerability – were judged by Microsoft to be at lower risk of exploitation.
The Patch Tuesday August 2025 update also includes 13 8.8-rated vulnerabilities – found in SQL Server, SharePoint, Windows Routing and Remote Access Service (RRAS), Windows Media, Windows Message Queuing, and Web Deploy – that Microsoft judged to be at lower risk of exploitation. One 8.8-severity vulnerability – in NTLM – was judged to be at higher risk.
Patch Tuesday August 2025: High-risk Vulnerabilities
Among the 10 vulnerabilities judged to be at higher risk of exploitation, CVE-2025-53786 is an 8.0-severity Exchange Server Hybrid Deployment Elevation of Privilege vulnerability that Microsoft warned about last week. About 28,000 Exchange instances remain unpatched, according to the Shadowserver foundation.
Other high-risk vulnerabilities in the Patch Tuesday August 2025 update include:
- CVE-2025-53778, an 8.8-rated Windows NTLM Elevation of Privilege vulnerability
- CVE-2025-53156, a 5.5-severity Windows Storage Port Driver Information Disclosure vulnerability
- CVE-2025-53147, a 7.0-rated Windows Ancillary Function Driver for WinSock Elevation of Privilege vulnerability
- CVE-2025-53132, an 8.0-severity Win32k Elevation of Privilege vulnerability
- CVE-2025-50177, an 8.1-rated Microsoft Message Queuing (MSMQ) Remote Code Execution vulnerability
- CVE-2025-50168, a 7.8-rated Win32k Elevation of Privilege vulnerability
- CVE-2025-50167, a 7.0-severity Windows Hyper-V Elevation of Privilege vulnerability
- CVE-2025-49743, a 6.7-severity Windows Graphics Component Elevation of Privilege vulnerability
Fortinet and SAP were also among the vendors releasing Patch Tuesday updates today.
