August 2025 Patch Tuesday Updates Fix 107 Vulnerabilities

Microsoft has released the August 2025 Patch Tuesday updates for all supported versions of Windows 11 and Windows 10. This time, the company fixed 107 vulnerabilities in Windows, domain controllers, SharePoint Server, Exchange Server, and other components.

Microsoft has now started offering a six-month Extended Security Updates (ESU) program for customers still running Exchange Server 2016 or 2019. The company is also reminding that the AzureAD PowerShell module will stop working in mid-October. Microsoft advises using the Microsoft Graph API or the Microsoft Entra PowerShell module for identity and access management tasks.

Critical vulnerabilities fixed in the August 2025 Patch Tuesday updates

Among the 107 Windows vulnerabilities Microsoft fixed this month, 13 of them are rated critical, and one moderate-severity flaw is listed as being publicly known. Let’s have a look at some of the most important critical vulnerabilities Microsoft fixed this month:

• CVE-2025-53779: This is an elevation of privilege flaw in the Windows Kerberos network authentication protocol. It’s a relative path traversal issue in the way the authentication system processes domain Managed Service Accounts (dMSAs). This vulnerability has a CVSS score of 7.2, and it affects Windows Server 2025.
• CVE-2025-53766: This is a heap-based buffer overflow vulnerability in Windows Graphics Device Interface (GDI+). It could allow an unauthorized hacker to execute code over a network. This flaw could be exploited by an attacker without any user interaction.
• CVE-2025-53786: This is an elevation-of-privilege vulnerability with the highest CVSS score of 8.0. This bug could be abused by an attacker with administrative access to the on-premises Exchange Server environment to escalate privileges in the cloud environment. This flaw affects all supported versions of Exchange Server.
• CVE-2025-50165: This is a remote code execution flaw in the Windows Graphics Component. Cybercriminals could exploit this bug simply by viewing a specially crafted JPEG image that’s embedded in Office and third-party files.
• CVE-2025-50167: This is an elevation-of-privilege vulnerability that affects Windows Server and desktop systems. A hacker with low privileges can gain system-level access without requiring any user interaction.
• CVE-2025-49712: This is a SharePoint remote-code execution vulnerability with a CVSS score of 8.8. It could be chained with other vulnerabilities to achieve full server compromise and data exfiltration.
• CVE-2025-50171: This is an important-rated Remote Desktop spoofing vulnerability with a 9.1 CVSS score. It could be exploited by unauthorized threat actors to perform spoofing attacks over the network.

Here’s a full list of CVEs Microsoft fixed in August 2025:

Quality and experience updates

For Windows 11 version 24H2, Microsoft rolled out the KB5063878 patch, which introduces a new Quick machine recovery feature to help customers address issues that cause unexpected reboots. Moreover, this release brings several new features for Copilot+ PCs, including Reset Recall, Click to Do improvements, and a new AI agent in Settings. The Windows Recall feature is now available for customers based in the EU.

Microsoft has also released the KB5063875 update for users running Windows 11 version 23H2. The latest patch improves the Copilot key’s reliability and addresses an issue that prevented users from restarting Copilot after using the key.

Windows Update testing and best practices

Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary, as hackers start to work out how to weaponize newly reported vulnerabilities.

A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.

There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system or files and folders on a granular basis.