[German]All supported versions of Windows (clients and servers) contained a certificate spoofing vulnerability (CVE-2025-55229) – already fixed in May 2025. On August 21, 2025 updated the support article and listed updates to fix the issue. On August 21, 2025, the RCE vulnerability CVE-2025-55230 in MBT drivers became known. However, I am currently only finding broken links on both of Microsoft's security articles.
A note from a reader
Blog reader Robert sent me an email late yesterday evening with the subject line "CVE-2025-55229 – Security Update Guide – Microsoft – Vulnerability in Windows Certificate Regarding Spoofing" to bring this issue to my attention – thank you for that. The email included a link to CVE-2025-55229 with the comment "This is probably something big."
What Microsoft says about CVE-2025-55229?
Microsoft has an entry for CVE-2025-55229 dated August 21, 2025 as "new", which describes a Windows certificate spoofing vulnerability. The vulnerability is not rated particularly high, with a CVSS 3.1 score of 5.3.
The vulnerability states that improper verification of the cryptographic signature in Windows certificates allows an unauthorized attacker to perform spoofing over a network. Details are not yet publicly known.
An attacker who successfully exploits the vulnerability may be able to view some confidential information (confidentiality), but not all resources within the affected component may be disclosed to the attacker. The attacker cannot modify the disclosed information (integrity) or restrict access to the resource (availability).
New patches announced not available
This CVE-2025-55229 was fixed by updates released in May 2025. Where it gets strange: Microsoft's CVE-2025-55229 article states that security updates will be available for all Windows versions still in support (clients: Windows 10, Windows 11, and Windows Server) as of August 21, 2025, and even lists the KB numbers for the updates. However, all links are broken here (during writing this blog post on August 22, 2025). There is also nothing to be seen on the following pages where updates are offered.
- Windows 11 update site
- Windows 10 update site.
- Windows Server 2025 update site
- Windows Server 23H2 update site
- Windows Server 2022 update site
- Windows Server 2016 and 2019 update site
- Windows Server 2012 R2 update site
- Windows Server 2012 update site
Perhaps Microsoft will fix the broken links during the course of the day or explain why the updates are not available.
Vulnerability CVE-2025-55230 in MBT driver
Blog reader Christian just contacted me by email and wrote: "According to MS Security Center, our Windows 11 24H2 clients have been missing an OOB with KB5065426 since yesterday." He notes that this out-of-band update is not available in the Microsoft Update Catalog. The update is intended to address the above-mentioned vulnerability
CVE-2025-55229, as well as the vulnerability CVE-2025-55230.
This is where it gets interesting, because this is a "Windows MBT Transport Driver Elevation of Privilege" vulnerability that was made public on August 21, 2025, and was rated with a CVSS 3.1 score of 7.8 (important). An untrusted pointer dereference in the Windows MBT transport driver allows an authorized attacker to elevate their privileges locally.
Here, too, the linked patches at the specified links lead to an error page. Explain to me why the new updates were specified on the CVE-2025-55229 page—they are supposed to patch the MBT vulnerability. But something went wrong. In other words: They want to patch, but they can't.
Similar articles:
Microsoft Security Update Summary (August 12, 2025)
Patchday: Windows 10/11 Updates (August 12, 2025)
Patchday: Windows Server Updates (August 12, 2025)
Patchday: Microsoft Office Updates (August 12, 2025)
Windows 11 24H2: Update KB5063878 causes installation error 0x80240069
Windows 11 24H2: KIR fix for WSUS installation error 0x80240069 with update KB5063878
Windows 11 24H2: Update KB5063878 as a re-release for WSUS (August 14, 2025)
Windows 11 24H2: Does the Aug. 2025 update KB5063878 cause SSD errors?
Windows 11 24H2: Microsoft investigates reports of SSD issues caused by KB5063878
Windows 10/11: Aug. 2025 updates cause streaming problems
