All new patches will be approved in our patch policy.

This month Microsoft released patches for 111 vulnerabilities with 17 rated “Critical” in severity.

This month’s Patch Tuesday includes security updates for 111 flaws with one publicly disclosed zero-day vulnerability CVE-2025-53779. CVE-2025-53779 is a Windows Kerberos Elevation of Privilege Vulnerability but requires high privileges to exploit.

More concerning (CVSS score of 9.8) are Windows Graphics Component Remote Code Execution Vulnerability (CVE-2025-50165) and GDI+ Remote Code Execution Vulnerability (CVE-2025-53766) which require no user interaction.

CVE-2025-53778 is a flaw in Windows NTLM network authentication.

There are also a few remote code execution vulnerabilities affecting Microsoft Office.

One new Microsoft Security Advisory. No new standalone SSUs.

 

Disclosed: CVE-2025-53779

Exploited: None

 

Security Update Guide

https://msrc.microsoft.com/update-guide/en-us

 

Microsoft Security Advisories

ADV253991 | Guidance for secure Entra ID application authorization validation (Published:8/07/2025)

https://msrc.microsoft.com/update-guide/advisory/ADV253991

A security researcher reported a subset of Microsoft internal applications (apps) were improperly validating authorization of tenant claims, thus enabling unauthorized access. Microsoft has reconfigured and secured those apps and is not aware of targeted attempts being made to exploit this insecure authorization approach. However, a public presentation was hosted at Black Hat on August 7, 2025, and could potentially change the threat landscape. We’re publishing this Advisory to inform customers of the recommended guidance to reduce the risk of their apps which could similarly be improperly validating authorization.

 

FYI: Hotpatch updates

https://learn.microsoft.com/en-us/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates

With hotpatch updates, you can quickly take measures to help protect your organization from the evolving landscape of cyberattacks, while minimizing user disruptions. Hotpatch updates are Monthly B release security updates that install and take effect without requiring you to restart the device. By minimizing the need to restart, these updates help ensure faster compliance, making it easier for organizations to maintain security while keeping workflows uninterrupted.

Hotpatch is an extension of Windows Update and requires Autopatch to create and deploy hotpatches to devices enrolled in the Autopatch quality update policy.

 

Known Issues

Microsoft confirmed a SharePoint issue configuring calendar overlay settings. Windows 11 v24H2 KB5063878 may fail when installed via Windows Server Update Services (WSUS).

Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.

“Issue when you configure calendar overlay settings”

KB5002769 – SharePoint Server 2019

https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-sharepoint-server-2019-august-12-2025-kb5002769-8847d877-8114-4319-bf91-613512e21d2c

Affected platforms: SharePoint Server 2019

Symptoms: After you install this update, you may experience an issue when you configure calendar overlay settings. For more information, see “Invalid EWS URL: <url>” error in Overlay settings in CalendarService.ashx (KB5064829).

https://support.microsoft.com/en-us/topic/-invalid-ews-url-url-error-in-overlay-settings-in-calendarservice-ashx-kb5064829-fbba075d-9519-4ed2-bf12-073699d5208a

Cause: By default, to help maintain security, no Exchange Web Service URLs are allowed in SharePoint Server.

Resolution: To fix this issue, farm administrators can run thePowerShell commands details in KB article.

 

“August 2025 security update KB5063878 might fail to install via WSUS with Error 0x80240069”

https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-24H2#3635msgdesc

Affected platforms: Windows 11 v24H2

Symptoms: Fails to install with error code 0x80240069

Resolution: The problem with the Windows Update service has been resolved. If you experienced this issue, please refresh and re-sync with Windows Server Update Services to install the latest update.

 

Good resource for known issues with Windows 10/11 patches. Find the version and click on “Known issues”.

Windows release health

https://docs.microsoft.com/en-us/windows/release-health/

 

Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022,2025 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

 

Security and Quality Rollup

• KB5063950 – Windows Server 2012 R2 (ESU)
• KB5062592 – Windows Server 2012 (ESU)

 

Cumulative Updates

Windows 10

• KB5063889 – Original release version 1507 (OS Build 10240)
• KB5063871 – Version 1607 “Anniversary Update” (OS Build 14393)
• KB5063877 – Version 1809 “October 2018 Update” (OS Build 17763)
• KB5063709 – Version 21H2 “November 2021 Update” (OS Build 19044)
• KB5063709 – Version 22H2 “November 2022 Update” (OS Build 19045)

(Versions 1511,1703,1709,1803,1903,1909,2004,20H2,21H1 are no longer under support)

 

Windows 11

• KB5063875 – 22H2 (OS Build 22621)
• KB5063875 – 23H2 (OS Build 22631)
• KB5063878 – 24H2 (OS Build 26100)

(Version 21H2 is no longer under support)

 

Windows Server

• KB5063871 – Server 2016 (same KB as Windows 10 Version 1607)
• KB5063877 – Server 2019 (same KB as Windows 10 Version 1809)
• KB5063880 – Server 2022 (OS Build 20348)
• KB5063899 – Server 23H2 (OS Build 25398)
• KB5063878- Server 2025 (OS Build 26100)

 

August 2025 updates for Microsoft Office

https://support.microsoft.com/en-us/topic/august-2025-updates-for-microsoft-office-5aef7629-39f2-4336-9058-5e0aadaf47a7

 

Notable CVEs

 

CVE-2025-50165 | Windows Graphics Component Remote Code Execution Vulnerability (Cumulative Update/Hotpatch KB5064010)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-50165

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.

 

CVE-2025-53733 | Microsoft Word Remote Code Execution Vulnerability (Click to Run,KB5002763,KB5002769,KB5002770,KB5002771,KB5002772)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-53733

The Preview Pane is an attack vector. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

 

CVE-2025-53766 | GDI+ Remote Code Execution Vulnerability (Cumulative Update/Hotpatch KB5064010)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-53766

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. An attacker could trigger this vulnerability by convincing a victim to download and open a document that contains a specially crafted metafile. In the worst-case scenario, an attacker could trigger this vulnerability on web services by uploading documents containing a specially crafted metafile (AV:N) without user interaction.

 

CVE-2025-53778 | Windows NTLM Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53778

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

 

CVE-2025-53779 | Windows Kerberos Elevation of Privilege Vulnerability (Cumulative Update/Hotpatch KB5064010)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-53779

An attacker who successfully exploited this vulnerability could gain domain administrator privileges.