Skip to main content

Microsoft Releases August 2025 Security Updates

Scheduled updates for Microsoft products, including security updates for 111 vulnerabilities, of which one has been reported as publicly disclosed

Threat ID:
CC-4690
Threat Severity:
Medium
Published:
13 August 2025 2:29 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products, including security updates for 111 vulnerabilities, of which one has been reported as publicly disclosed

Affected platforms

The following platforms are known to be affected:

Microsoft Windows

Microsoft Windows Server

Microsoft Office

Microsoft Azure

The following platforms are also known to be affected:

51 other Microsoft platforms

Threat details

Windows 10 Approaching End-of-Support

From October 2025, Microsoft will no longer provide updates, including security patches, for Windows 10 systems.

To ensure the continued security and efficiency of NHS digital systems, as well as protect patient data, all NHS Trusts and Integrated Care Boards (ICBs) must transition to Windows 11.

For more details please visit the Windows 10 end of support October 2025 page.

Introduction

Microsoft has released security updates to address 111 vulnerabilities in 55 Microsoft products. 14 vulnerabilities are highlighted below, of which one is known to be publicly disclosed and the other 13 are considered critical by Microsoft.

Vulnerability details

Publicly disclosed vulnerability:

13 vulnerabilities considered critical by Microsoft:

  • CVE-2025-50165 - Windows Graphics Component Remote Code Execution (RCE) Vulnerability - CVSSv3 score: 9.8

  • CVE-2025-53766 - GDI+ Remote Code Execution Vulnerability - CVSSv3 score: 9.8

  • CVE-2025-53778 - Windows NTLM Elevation of Privilege Vulnerability - CVSSv3 score: 8.8

  • CVE-2025-53784 - Microsoft Word Remote Code Execution Vulnerability - CVSSv3 score: 8.4

  • CVE-2025-53740 - Microsoft Office Remote Code Execution Vulnerability - CVSSv3 score: 8.4

  • CVE-2025-53733 -Microsoft Word Remote Code Execution Vulnerability - CVSSv3 score: 8.4

  • CVE-2025-53731 - Microsoft Office Remote Code Execution Vulnerability - CVSSv3 score: 8.4

  • CVE-2025-50177 - Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability - CVSSv3 score: 8.1

  • CVE-2025-49707 - Azure Virtual Machines Spoofing Vulnerability - CVSSv3 score: 7.9

  • CVE-2025-50176 - DirectX Graphics Kernel Remote Code Execution Vulnerability - CVSSv3 score: 7.8

  • CVE-2025-53781 - Azure Virtual Machines Information Disclosure Vulnerability - CVSSv3 score: 7.7

  • CVE-2025-53793 - Azure Stack Hub Information Disclosure Vulnerability - CVSSv3 score: 7.5

  • CVE-2025-48807 - Windows Hyper-V Remote Code Execution Vulnerability - CVSSv3 score: 7.5

Publicly disclosed exploit for CVE-2025-50154

A security researcher has released a blog describing how the incomplete fix for vulnerability CVE-2025-24054, which was released in April 2025, could allow an attacker to extract NTLM hashes for offline cracking and download remote binaries without user interaction. 

This patch bypass, CVE-2025-50154, has been fixed in the August 2025 security updates from Microsoft. The NHS England National CSOC considers it likely that attackers will attempt to exploit CVE-2025-50154 on vulnerable systems.

Threat updates

Date Update
19 Aug 2025 The vulnerability CVE-2025-50154 has a publicly disclosed exploit

Remediation advice

Affected organisations are encouraged to review Microsoft's August 2025 Security Updates and apply the relevant updates as soon as possible.

CVE Vulnerabilities

Status Published

CVE-2025-50154

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
Status Published

CVE-2025-53779

Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
Status Published

CVE-2025-53793

Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.
Status Published

CVE-2025-53784

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Status Published

CVE-2025-53781

Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.
Status Published

CVE-2025-53778

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
Status Published

CVE-2025-53766

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
Status Published

CVE-2025-53740

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Status Published

CVE-2025-53733

Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Status Published

CVE-2025-53731

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Status Published

CVE-2025-50177

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Status Published

CVE-2025-50176

Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally.
Status Published

CVE-2025-50165

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
Status Published

CVE-2025-49707

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.
Status Published

CVE-2025-48807

Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.

Last edited: 19 August 2025 2:02 pm