Microsoft Security Update Summary (August 12, 2025)

Posted on 2025-08-12 by guenni

Update[German]On August 12, 2025, Microsoft released security updates for Windows clients and servers, Office, and other products. The security updates address 107 vulnerabilities (CVEs), one of which was classified as a zero-day vulnerability and was publicly known. Below is a brief overview of these updates, which were released on Patch Day.

Notes on the updates

A list of updates can be found on this Microsoft page. Details on the update packages for Windows, Office etc. are available in separate blog posts.

Windows 10/11, Windows Server

All Windows 10/11 updates (as well as the updates of the server counterparts) are cumulative. The monthly patchday update contains all security fixes for these Windows versions – as well as all non-security fixes up to the patchday. In addition to the security patches for the vulnerabilities, the updates also contain fixes to correct errors or new features.

Windows Server 2012 R2

An ESU license is required for Windows Server 2012 /R2 to receive further security updates (Windows Server 2012/R2 gets Extended Security Updates (ESU) until October 2026).

Fixed vulnerabilities

Tenable has published this blog post with an overview of the vulnerabilities that have been fixed. Here are some of the critical vulnerabilities that have been eliminated:

  • CVE-2025-53779: Windows Kerberos Elevation of Privilege Vulnerability, CVEv3 Score 7.2, Moderate; An authenticated attacker with access to a user account with certain privileges in Active Directory (AD) and at least one domain controller in the domain running Windows Server 2025 could exploit this vulnerability to achieve full domain and subsequently forest compromise in an AD environment. This is a patch for a zero-day vulnerability that was dubbed "BadSuccessor" by Akamai security researcher Yuval Gordon, a security researcher at Akamai. It was announced on May 21. For more information about BadSuccessor, see the FAQ blog "Frequently Asked Questions About BadSuccessor."
  • CVE-2025-49712: Microsoft SharePoint Remote Code Execution Vulnerability, CVEv3 Score 8.8, important; "Exploitation More Likely"; An attacker would need to have at least the privileges of a website owner. After authentication, an attacker could either write arbitrary code or use code injection to execute code on a vulnerable SharePoint server and thus gain RCE.
  • CVE-2025-53778: Windows NTLM Elevation of Privilege Vulnerability, CVEv3 Score 8.8, critical; "Exploitation More Likely"; An EoP vulnerability affecting Windows New Technology LAN Manager (NTLM). According to the security advisory, successful exploitation would allow an attacker to elevate their privileges to SYSTEM.
  • CVE-2025-50177CVE-2025-53143CVE-2025-53144 and CVE-2025-53145: Microsoft Message Queuing (MSMQ) remote code execution vulnerability, CVEv3 score 8.1-8.8, critical; to exploit these CVEs, an attacker would need to send a specially crafted MSMQ packet to a vulnerable server to achieve code execution. erreichen.

A list of all disclosed CVEs can be found on this Microsoft page, excerpts are available from Tenable. Talos has some additional vulnerabilities in Word etc. available.

Similar articles:
Microsoft Security Update Summary (August 12, 2025)
Patchday: Windows 10/11 Updates (August 12, 2025)
Patchday: Windows Server Updates (August 12, 2025)
Patchday: Microsoft Office Updates (August 12, 2025)

This entry was posted in Office, Security, Software, Update, Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).