Microsoft addresses a dozen critical vulnerabilities along with a remote code execution flaw in SharePoint during its monthly security update.
In the tech world's August 2025 Patch Tuesday, several prominent companies released updates to address a multitude of security issues. Microsoft led the charge, addressing 107 vulnerabilities, including 13 critical ones, with a strong focus on remote code execution (RCE) and privilege escalation flaws across Windows and cloud services.
Among the critical RCE vulnerabilities, nine were identified overall, affecting Windows core components and cloud services. However, specific details on RCEs in Windows Graphics Device Interface (GDI+) and SharePoint were not provided in the indexed sources.
One publicly disclosed zero-day privilege escalation, CVE-2025-53779, was found in the Windows Kerberos network authentication protocol, enabling domain admin compromise via relative path traversal. Other critical vulnerabilities were discovered in technologies like Microsoft SQL Server, MSMQ, and Exchange Server hybrid deployments.
Google also released security updates for Android, fixing two actively exploited Qualcomm vulnerabilities: CVE-2025-27038 and CVE-2025-21479. Intel, on the other hand, addressed 66 vulnerabilities across its firmware, hardware, and software products, including high-severity bugs in some Intel Ethernet Drivers for Linux and high-severity vulnerabilities for some Xeon 6 processors that may allow escalation of privilege.
Microsoft's July 2025 Patch Tuesday did not address any active exploits, according to the company. Meanwhile, SAP released 15 new security notes and four updates to previously released notes, addressing critical flaws like CVE-2025-42957, a code injection vulnerability in SAP S/4HANA affecting both private cloud and on-premises versions, and CVE-2025-42950, another code injection vulnerability in SAP's Landscape Transformation analysis platform.
Three of the new security notes from SAP were critical, 9.9-rated flaws. Other notable vulnerabilities included CVE-2025-50177, a Microsoft Message Queuing RCE, and CVE-2025-53766, a heap-based buffer overflow in Windows Graphics Device Interface (GDI+) that can lead to remote code execution (RCE).
For those seeking more detailed technical descriptions on vulnerabilities specific to Windows GDI+ or SharePoint from this update, consulting the official Microsoft Security Update Guide or bulletin may provide the exact CVE identifiers and patch notes for those components.
In conclusion, the August 2025 Patch Tuesday saw numerous critical vulnerabilities being addressed across various tech giants, with a significant focus on RCE and privilege escalation flaws. While specific details on RCEs in Windows GDI+ or SharePoint were not extensively covered in the available reports, it is recommended to refer to the official security guides for more information.
Read also:
- Setting Up and Expanding Operations at a Soil Blending Facility
- Surveying the Scene: Legality, Drones, and American Anti-Terror Strategy
- Regional University's healthcare system strengthened through collaborative partnership with Chancellor Dr Fiona Hill
- Enhancing Sanitization Measures in Farm Animal Health Practices
