Microsoft Patch Tuesday August 2025: Critical Fixes and Urgent Updates

Microsoft’s August Patch Tuesday: 109 Fixes, Featuring many High-Risk Remote Code Execution Threats

The release consists of:

• 18 Critical and 90 Important fixes with 1 moderate
• Coverage across Windows, Microsoft Office, Microsoft Word, MSMQ, GDI+, NTLM, Windows Graphics, and more
• A combined CVSS score of 792.0, with an average severity of 7.3
• No vulnerabilities were marked as both Weaponized and Publicly Known this month

Robert Brown, Senior Director of Technical Services at Absolute, emphasizes the importance of prioritization in vulnerability management.

Patch Tuesday August 2025 Review: Top 5 Vulnerabilities You Need to Know

CVE-2025-50177: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Improper handling within MSMQ allows an attacker to execute code remotely.

Not Weaponized, Not Publicly Known

• Severity: Critical | CVSS Score: 8.1
• Attack Vector: Network | Privileges Required: None
• User Interaction: None | Complexity: High

This flaw could enable attackers to send specially crafted messages to MSMQ, potentially resulting in remote system compromise on the server side.

CVE-2025-53778: Windows NTLM Elevation of Privilege Vulnerability

Weaknesses in NTLM authentication may allow attackers to escalate privileges.‍

Not Weaponized, Not Publicly Known

• Severity: Critical | CVSS Score: 8.8
• Attack Vector: Network | Privileges Required: Low
• User Interaction: None | Complexity: Low

This vulnerability could allow lateral movement and domain compromise in environments still using NTLM authentication. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-50165: Windows Graphics Component Remote Code Execution Vulnerability‍

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

Not Weaponized, Not Publicly Known

• Severity: Critical | CVSS Score: 9.8
• Attack Vector: Network | Privileges Required: None
• User Interaction: None | Complexity: Low

This is a critical graphics subsystem flaw that could be exploited via malicious files or web content, an attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.

CVE-2025-53766: GDI+ Remote Code Execution Vulnerability

Improper memory handling in GDI+ can enable code execution.

Not Weaponized, Not Publicly Known

• Severity: Critical | CVSS Score: 9.8
• Attack Vector: Network | Privileges Required: None
• User Interaction: None | Complexity: Low

Given GDI+’s wide use in rendering, this vulnerability could be weaponized quickly once publicly understood.

CVE-2025-53733: Microsoft Word Remote Code Execution Vulnerability

Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.‍

Not Weaponized, Not Publicly Known

• Severity: Critical | CVSS Score: 8.4
• Attack Vector: Local | Privileges Required: None
• User Interaction: None | Complexity: Low

An attacker could ‘trick’ users into opening a malicious Word document, leading to code execution in the user’s context, BUT the Preview Pane is an attack vector!

Jump Point Vulnerabilities: Risks for Lateral Movement

While most vulnerabilities are contained within the system they compromise, some marked with Scope = Changed in CVSS scoring can be exploited to cross trust boundaries and impact other systems or services. These “jump points” can serve as stepping stones for attackers to move laterally, escalate privileges, or compromise additional assets within your environment.

1. CVE-2025-48807 (Windows Hyper-V RCE). Critical; CVSS 7.5; exploitation less likely. RCE in the virtualization layer can cross VM/tenant boundaries.
2. CVE-2025-49707 (Azure VMs spoofing). Critical; CVSS 7.9; exploitation less likely. Trust/identity spoofing enables pivots across services.
3. CVE-2025-49751 (Windows Hyper-V DoS). Important; CVSS 6.8; exploitation less likely. Disruption can impact multiple VMs simultaneously.
4. CVE-2025-53133 (PrintWorkflowUserSvc EoP). Important; CVSS 7.8; exploitation less likely. Service-boundary elevation expands blast radius.
5. CVE-2025-53767 (Azure OpenAI EoP). Critical; CVSS 10.0; exploitation assessment not published. Cross-service privilege escalation in cloud estates.
6. CVE-2025-53781 (Azure VMs information disclosure). Critical; CVSS 7.7; exploitation less likely. Leakage aids lateral movement and targeting.
7. CVE-2025-53786 (Exchange Hybrid EoP). Important; CVSS 8.0; exploitation more likely. Hybrid trust pivot threatens mail flow and directory controls.

Final Thoughts

This month’s updates reinforce the need for a resilient, prioritized patch strategy. Absolute’s Risk Scoring methodology highlights the top threats with high CVSS scores, critical impacts, and high exploitation potential.

Key recommendations:

1. Prioritize all remote code execution flaws with network vectors.
2. Address NTLM-related vulnerabilities to prevent privilege escalation.
3. Patch Office and graphics rendering components before exploit chains emerge.

While timely patching reduces exposure, CISOs must also prepare for the rare but high-impact scenario where a patch causes company-wide instability. Having the capability to rehydrate devices back to a known, golden image at scale can transform recovery from days or weeks into hours, restoring operational capability rapidly and consistently. This not only limits productivity loss and financial impact but also reduces strain on IT teams during crisis response.

Stay vigilant, patch smart, and patch resilient keeping endpoints protected without overwhelming your teams.

See the August, 2025 Patch Tuesday Chart (PDF).