Microsoft’s August 2025 Patch Tuesday delivers fixes for 111 security flaws across Windows, Office, Azure, and related products, including four critical vulnerabilities rated 9.8 on the CVSS scale.
The company is also warning administrators about Secure Boot certificate expirations starting in June 2026, which could prevent some devices from booting if not addressed in time.
The update, released as KB5063878 (OS Build 26100.4946), includes security improvements, fixes for authentication delays on new devices, and refreshed AI component builds such as Image Search and Semantic Analysis. The accompanying servicing stack update (KB5065381) ensures the reliability of future patch installations.
Among the most severe flaws patched this month are:
- CVE-2025-53767 (Azure OpenAI, CVSS 10.0) – A critical flaw allowing remote attackers to access sensitive information in AI service environments without authentication.
- CVE-2025-50165 (Microsoft Graphics Component, CVSS 9.8) – A remote code execution bug that can be exploited via maliciously crafted files or images.
- CVE-2025-53766 (Windows GDI+, CVSS 9.8) – A graphics processing vulnerability that could allow an attacker to take complete control of a system.
- CVE-2025-50171 (Remote Desktop Server, CVSS 9.1) – A pre-authentication flaw enabling remote code execution.
- CVE-2025-53792 (Azure Portal, CVSS 9.1) – A server-side flaw affecting Azure management interfaces.
Also notable are multiple SQL Server (CVE-2025-24999, CVE-2025-47954, CVE-2025-49758, CVE-2025-49759, CVE-2025-53727) and Windows Routing and Remote Access Service (RRAS) vulnerabilities, many rated 8.8, which could be used for remote code execution or privilege escalation in enterprise networks.
The 111 flaws fixed this month affect a wide range of Microsoft products, including Windows 10/11 and Windows Server builds, Microsoft Office (Word, Excel, PowerPoint, Visio, SharePoint), Microsoft Exchange Server, SQL Server, Azure services and portals, Microsoft Teams and Dynamics 365, and AI-powered services like Copilot Business Chat.
Secure Boot certificate deadline
Microsoft is urging customers to address the Secure Boot certificate expiration well before the June 2026 cutoff. Secure Boot is a key defense against bootkits and rootkits, and expired certificates could result in devices failing to boot securely. Updated guidance is available in Microsoft’s documentation, and organizations are encouraged to inventory and update affected systems early to avoid downtime.
To apply the latest Windows update, go to Windows Settings > Windows Update > and click on ‘Check for Updates.’ Once the updates are fetched, click on ‘Install’ to download and install them on your system. Note that a system reboot will be required for the security patches to apply. It is also important to backup your data to protect it from potential corruption following a failure in the update process.
With over 100 vulnerabilities closed in a single cycle, the August 2025 update addresses a broad mix of critical cloud, server, and endpoint security issues. Although there are no flaws marked as actively exploited this month, organizations that delay patching may find themselves exposed to remote code execution, privilege escalation, and authentication bypass attacks in both on-premises and cloud environments.
Leave a Reply