On August 12, Microsoft released its August 2025 Patch Tuesday release which addresses 107 CVEs with 13 rated critical, 91 rated as important, one rated as moderate and one rated as low.

This month included a patch for one publicly disclosed zero-day, CVE-2025-53779. This is an elevation of privilege vulnerability in Windows Kerberos. It was assigned a CVSSv3 score of 7.2 and is rated moderate. An authenticated attacker with access to a user account with specific permissions in active directory (AD) and at least one domain controller in the domain running Windows Server 2025 could exploit this vulnerability to achieve full domain, and then forest compromise in an AD environment. 

This vulnerability is dubbed BadSuccessor by Yuval Gordon, a security researcher at Akamai. It was disclosed on May 21. For more information on BadSuccessor, please review our FAQ blog, Frequently Asked Questions About BadSuccessor.

This month’s update includes patches for:

• Azure File Sync
• Azure OpenAI
• Azure Portal
• Azure Stack
• Azure Virtual Machines
• Desktop Windows Manager
• GitHub Copilot and Visual Studio
• Graphics Kernel
• Kernel Streaming WOW Thunk Service Driver
• Kernel Transaction Manager
• Microsoft 365 Copilot's Business Chat
• Microsoft Brokering File System
• Microsoft Dynamics 365 (on-premises)
• Microsoft Edge for Android
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office PowerPoint
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Office Word
• Microsoft Teams
• Remote Access Point-to-Point Protocol (PPP) EAP-TLS
• Remote Desktop Server
• Role: Windows Hyper-V
• SQL Server
• Storage Port Driver
• Web Deploy
• Windows Ancillary Function Driver for WinSock
• Windows Cloud Files Mini Filter Driver
• Windows Connected Devices Platform Service
• Windows DirectX
• Windows Distributed Transaction Coordinator
• Windows File Explorer
• Windows GDI+
• Windows Installer
• Windows Kerberos
• Windows Kernel
• Windows Local Security Authority Subsystem Service (LSASS)
• Windows Media
• Windows Message Queuing
• Windows NT OS Kernel
• Windows NTFS
• Windows NTLM
• Windows PrintWorkflowUserSvc
• Windows Push Notifications
• Windows Remote Desktop Services
• Windows Routing and Remote Access Service (RRAS)
• Windows SMB
• Windows Security App
• Windows StateRepository API
• Windows Subsystem for Linux
• Windows Win32K GRFX
• Windows Win32K ICOMP 

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.