Aggregator

A vulnerability was found in Microsoft PowerPoint. It has been classified as critical. This affects an unknown part. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-53761. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft SharePoint and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2025-53760. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Excel and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to uninitialized resource. This vulnerability is known as CVE-2025-53759. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

1. 13Critical
2. 91Important
3. 2Moderate
4. 1Low

Microsoft addresses 107 CVEs, including one zero-day vulnerability that was publicly disclosed.

Microsoft patched 107 CVEs in its August 2025 Patch Tuesday release, with 13 rated critical, 91 rated as important, one rated as moderate and one rated as low.

This month’s update includes patches for:

• Azure File Sync
• Azure OpenAI
• Azure Portal
• Azure Stack
• Azure Virtual Machines
• Desktop Windows Manager
• GitHub Copilot and Visual Studio
• Graphics Kernel
• Kernel Streaming WOW Thunk Service Driver
• Kernel Transaction Manager
• Microsoft 365 Copilot's Business Chat
• Microsoft Brokering File System
• Microsoft Dynamics 365 (on-premises)
• Microsoft Edge for Android
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office PowerPoint
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Office Word
• Microsoft Teams
• Remote Access Point-to-Point Protocol (PPP) EAP-TLS
• Remote Desktop Server
• Role: Windows Hyper-V
• SQL Server
• Storage Port Driver
• Web Deploy
• Windows Ancillary Function Driver for WinSock
• Windows Cloud Files Mini Filter Driver
• Windows Connected Devices Platform Service
• Windows DirectX
• Windows Distributed Transaction Coordinator
• Windows File Explorer
• Windows GDI+
• Windows Installer
• Windows Kerberos
• Windows Kernel
• Windows Local Security Authority Subsystem Service (LSASS)
• Windows Media
• Windows Message Queuing
• Windows NT OS Kernel
• Windows NTFS
• Windows NTLM
• Windows PrintWorkflowUserSvc
• Windows Push Notifications
• Windows Remote Desktop Services
• Windows Routing and Remote Access Service (RRAS)
• Windows SMB
• Windows Security App
• Windows StateRepository API
• Windows Subsystem for Linux
• Windows Win32K GRFX
• Windows Win32K ICOMP

Elevation of privilege (EoP) vulnerabilities accounted for 39.3% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 32.7%.

ModerateCVE-2025-53779 | Windows Kerberos Elevation of Privilege Vulnerability

CVE-2025-53779 is an EoP vulnerability in Windows Kerberos. It was assigned a CVSSv3 score of 7.2 and is rated moderate. An authenticated attacker with access to a user account with specific permissions in active directory (AD) and at least one domain controller in the domain running Windows Server 2025 could exploit this vulnerability to achieve full domain, and then forest compromise in an AD environment.

This is a patch for a zero-day vulnerability dubbed BadSuccessor by Yuval Gordon, a security researcher at Akamai. It was disclosed on May 21. For more information on BadSuccessor, please review our FAQ blog, Frequently Asked Questions About BadSuccessor.

ImportantCVE-2025-49712 | Microsoft SharePoint Remote Code Execution Vulnerability

CVE-2025-49712 is a RCE vulnerability in Microsoft SharePoint. It was assigned a CVSSv3 score of 8.8 and is rated important. An attacker would need to be authenticated with Site Owner privileges at minimum. Once authenticated, an attacker could either write arbitrary code or use code injection to execute code on a vulnerable SharePoint Server to gain RCE.

This RCE follows on the heels of the ToolShell vulnerabilities that were disclosed in the July 2025 Patch Tuesday release and exploited in the wild as zero-days.

CriticalCVE-2025-53778 | Windows NTLM Elevation of Privilege Vulnerability

CVE-2025-53778 is an EoP vulnerability affecting Windows New Technology LAN Manager (NTLM). It was assigned a CVSSv3 score of 8.8 and is rated as critical. According to the advisory, successful exploitation would allow an attacker to elevate their privileges to SYSTEM. This flaw was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index.

This marks the second critical EoP affecting Windows NTLM in 2025, following CVE-2025-21311 which was patched in the January 2025 Patch Tuesday release.

CriticalCVE-2025-50177, CVE-2025-53143, CVE-2025-53144 and CVE-2025-53145 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVE-2025-50177, CVE-2025-53143, CVE-2025-53144 and CVE-2025-53145 are RCE vulnerabilities in Microsoft Message Queuing (MSMQ). While three of these four CVEs (CVE-2025-53143, CVE-2025-53144 and CVE-2025-53145) were assigned CVSSv3 scores of 8.8 and rated as important, CVE-2025-50177 was assigned a CVSSv3 score of 8.1 and rated as critical. Similarly, CVE-2025-50177 was assessed as “Exploitation More Likely,” while the other three were assessed as “Exploitation Less Likely.”

In order to exploit these CVEs, an attacker would need to send a crafted MSMQ packet to a vulnerable server in order to achieve code execution.

Tenable Solutions

A list of all the plugins released for Microsoft’s August 2025 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

• Microsoft's August 2025 Security Updates
• Tenable plugins for Microsoft August 2025 Patch Tuesday Security Updates

Join Tenable's Research Special Operations (RSO) Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

A vulnerability, which was classified as critical, was found in Microsoft Excel. Affected is an unknown function. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2025-53741. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Electronic Arts’ SPEAR Anti-Cheat Team has released a noteworthy update, stating that since the Battlefield 6 Open Beta Early Access launch, the company’s Javelin anti-cheat technology has successfully prevented over 330,000 attempts to cheat or tamper with security controls. This announcement, delivered by team representative AC, underscores the ongoing battle against cheating in multiplayer gaming […]

The post Electronic Arts Blocks 300,000 Cheating Attempts After Battlefield 6 Beta Launch appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in Microsoft Office. This issue affects some unknown processing. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-53740. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Самые распространённые слова в коде, которые теперь под запретом.

Microsoft has rolled out its August 2025 Patch Tuesday fixes, addressing a total of 107 vulnerabilities across its ecosystem. This month’s release stands out for its sheer volume and the inclusion of 35 remote code execution (RCE) bugs, which could allow attackers to run malicious code on affected systems. While none of these vulnerabilities are […]

The post Microsoft Patch Tuesday August 2025: 107 Vulnerabilities Patched, Including 35 RCE Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Dutch NCSC warns CVE-2025-6543 Citrix bug, a memory overflow flaw, is being exploited to breach critical organizations in the Netherlands. The Dutch NCSC warns that the critical Citrix NetScaler flaw CVE-2025-6543 has been exploited to breach critical organizations in the Netherlands. Dutch NCSC experts pointed out that CVE-2025-6543 was exploited for remote code execution. Threat […]

Today is Microsoft's August 2025 Patch Tuesday, which includes security updates for 107 flaws, including one publicly disclosed zero-day vulnerability in Windows Kerberos. [...]

OpenAI and Microsoft have said that GPT-5 is one of their safest and secure models out of the box yet. An AI red-teamer called its performance “terrible.” 

The post Guess what else GPT-5 is bad at? Security appeared first on CyberScoop.

Microsoft has released Windows 11 KB5063878 and KB5063875 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...]

At Black Hat, Robert Johnston and Vikram Ramesh of N-able talk about the growing security pressures on small and mid-sized businesses. They note that ransomware and credential-based attacks are climbing sharply in the mid-market. Attackers who once focused on large enterprises are increasingly targeting organizations with fewer resources, viewing them as easier entry points. In..

The post AI, Ransomware and the Security Gap for SMBs appeared first on Security Boulevard.

Microsoft released its August Patch Tuesday security updates, addressing a total of 107 vulnerabilities across its product ecosystem. The update includes fixes for 90 vulnerabilities, classified as follows: 13 are Critical, 76 are Important, one is Moderate, and one is Low. Notably, none of these vulnerabilities are listed as actively exploited zero-days, which provides some […]

The post Microsoft Patch Tuesday August 2025 Released – 107 Vulnerabilities Fixed Including 36 RCE appeared first on Cyber Security News.

Вместо посылки — фальшивое предупреждение и пустой счёт.

Currently trending CVE - Hype Score: 21 - Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

Currently trending CVE - Hype Score: 20 - Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.

Microsoft has released the KB5063709 cumulative update for Windows 10 22H2 and Windows 10 21H2, with seven fixes or changes, including a fix for a bug that prevented enrollment in extended security updates. [...]

In recent months, a new phishing toolkit known as PoisonSeed has emerged, targeting both individual users and enterprise organizations with unprecedented sophistication. Unlike traditional phishing kits that harvest only usernames and passwords, PoisonSeed employs an adversary-in-the-middle (AitM) approach to intercept multi-factor authentication (MFA) tokens and session cookies. Victims receive spear-phishing emails masquerading as notifications from […]

The post PoisonSeed Phishing Kit Bypasses MFA to Acquire Credentials from Individuals and Organizations appeared first on Cyber Security News.