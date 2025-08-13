Microsoft on Tuesday announced 109 patches affecting 16 product families. Eighteen of the addressed issues are considered by Microsoft to be of Critical severity, and 31 have a CVSS base score of 8.0 or higher, including a “perfect” 10.0 affecting Azure. None are known to be under active exploit in the wild, though two Windows issues (CVE-2025-53786 and CVE-2025-53779) are already publicly disclosed.

At patch time, nine CVEs are judged more likely to be exploited in the next 30 days by the company’s estimation. Various of this month’s issues are amenable to direct detection by Sophos protections, and we include information on those in a table below. In addition, eight CVEs included in this month’s set, mostly involving cloud-centric product families such as Azure and 365, are already patched – including the CVSS-10 item mentioned above. We have included information on all eight in Appendix D. Interestingly, two of those were actually patched a full month ago, in the July cycle, but a clerical mix-up left that information out of Microsoft’s July release materials. We include those two in our August count. Advisory information on ten Edge fixes was also included in this month’s release, and can be seen in Appendix D.

We are as always including at the end of this post additional appendices listing all Microsoft’s patches sorted by severity, by predicted exploitability timeline and CVSS Base score, and by product family. Another appendix covers advisory-style updates and the list of issues discussed in this month’s release materials but mitigated prior to the release, and another provides breakout of the patches affecting the various Windows Server platforms still in support.

By the numbers

Total CVEs: 109

Publicly disclosed: 2*

Exploit detected: 0

Severity Critical: 18 Important: 90 Moderate: 1

Impact Elevation of Privilege: 44 Remote Code Execution: 35 Information Disclosure: 18 Spoofing: 7 Denial of Service: 4 Tampering: 1

CVSS Base score 10.0: 1

CVSS Base score 9.0 or greater: 5

CVSS Base score 8.0 or greater: 31

* Microsoft’s official release material states that just one vulnerability, CVE-2025-53779, is publicly disclosed by their standards. However, CVE-2025-53786 was publicly demonstrated at Black Hat last week and has been very widely discussed since then, with a CISA Emergency Directive issued. We include it in our tally for completeness.

Figure 1: Elevation of Privilege vulnerabilities outpace Remote Code Execution flaws for the second month in a row, but RCE issues account for more Critical-severity patches

Products

Windows: 65*

365: 16**

Office: 16

Azure: 7***

SQL: 6

Exchange: 5

Excel: 4

SharePoint: 4

Word: 3

Dynamics 365: 2

PowerPoint: 1

Teams: 1

Visual Studio: 1

Web Deploy: 1

Windows Security App: 1

Windows Subsystem for Linux (WSL2): 1

* As mentioned, the release information states that two of these were patched with the July release; we include those two in the August counts here and throughout this post.

** Includes two Critical-severity patches for Microsoft 365 Copilot’s Business Chat.

*** The release information notes that four of the Azure vulnerabilities have already been mitigated.

As is our custom for this list, CVEs that apply to more than one product family are counted once for each family they affect. We note, by the way, that CVE names don’t always reflect affected product families closely. In particular, some CVEs names in the Office family may mention products that don’t appear in the list of products affected by the CVE, and vice versa.

Figure 2: Windows patches five Critical-severity patches in August, but so do Azure and Office – and 365 has them all beat with six

Notable August updates

In addition to the issues discussed above, a variety of specific items merit attention.

CVE-2025-50165 — Windows Graphics Component Remote Code Execution Vulnerability

CVE-2025-53766 — GDI+ Remote Code Execution Vulnerability

It’s a tough month for Windows graphics-related componentry, as these two vulnerabilities weigh in with 9.8 CVSS Base scores. CVE-2025-50165 requires no user interaction, and can be exploited by an uninitialized function pointer being called when decoding a malicious JPEG, which could be embedded in a document, a Web page, or what you will. It affects strictly the newest versions of Windows (Win 11 2H24, Server 2025). Similarly, CVE-2025-53766 could be triggered without user interaction, should an attacker manage to upload documents containing a specially crafted metafile to a web service. (Alternately, they could craft a document containing the metafile, send it to an unwary user, and get them to open it.) Unusually, this CVE affects both Windows and Office.

CVE-2025-49712 — Microsoft SharePoint Remote Code Execution Vulnerability

As most Microsoft observers know well, there was plenty to say between the July and August Patch Tuesday releases about SharePoint. This issue, however, seems unrelated to ToolShell, though it’s fairly unpleasant all by itself, allowing any authenticated attacker to execute code over the network with little prior knowledge of the network required.

CVE-2025-53731, CVE-2025-53733, CVE-2025-53740, CVE-2025-53784 – four 365/Office issues

Preview Pane is a vector for all four of these vulnerabilities.

CVE-2025-53774, CVE-2025-53787 — Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

These identically titled information-disclosure vulnerabilities, both Critical-severity, are mentioned in Microsoft’s summary information for August, but the company notes that both have already been mitigated. However, CVE-2025-53787 in particular did not go quietly, and internet commenters had things to say about the future implications of bugs of this nature. (It’s interesting to note that earlier information from Microsoft, as per the WindowsForum post, considered the issue to be Important in severity; the release on Tuesday classified it as Critical.)

CVE-2025-53786 — Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability

As noted above, this Important-severity EoP issue got plenty of attention at Black Hat and from CISA earlier this month. It’s a bug to be taken seriously, and Microsoft states that they believe it’s one of the vulnerabilities more likely to be exploited within the first 30 days post-release. But the story of how this patch arrived at release is an interesting one from a disclosure standpoint. The finder, Dirk-jan Mollema with Outsider Security, worked with Microsoft to sort out the issue prior to his Black Hat presentation. In turn, Microsoft credits his find in their release materials, a sign that the disclosure was well-coordinated. The issue itself relates to an April hotfix for hybrid Exchange deployments.

CVE-2024-53772 — Web Deploy Remote Code Execution Vulnerability

Web Deploy, for those not familiar with the tool, is used to deploy Web applications and Web sites to IIS servers. It will likely be familiar to users of Visual Studio.

Figure 3: Remote Code Execution issues continue to lead all other types in 2025’s Patch Tuesday releases, but Elevation of Privilege issues are close behind – 266 to 257, by our count. Meanwhile, Spoofing picks up its first Critical-severity case in August, and the first non-advisory Moderate-severity patch of the year is noted

Sophos protections

CVE Sophos Intercept X/Endpoint IPS Sophos XGS Firewall CVE-2025-49743 Exp/2549743-A Exp/2549743-A CVE-2025-50167 Exp/2550167-A Exp/2550167-A CVE-2025-50168 Exp/2550168-A Exp/2550168-A CVE-2025-50177 SID:2311472,2311473 SID:2311472,2311473 CVE-2025-53132 Exp/2553132-A Exp/2553132-A CVE-2025-53147 Exp/2553147-A Exp/2553147-A CVE-2025-53778 SID:2311491 SID:2311491

As you can every month, if you don’t want to wait for your system to pull down Microsoft’s updates itself, you can download them manually from the Windows Update Catalog website. Run the winver.exe tool to determine which build of Windows 10 or 11 you’re running, then download the Cumulative Update package for your specific system’s architecture and build number.

Appendix A: Vulnerability Impact and Severity

This is a list of August patches sorted by impact, then sub-sorted by severity. Each list is further arranged by CVE.

Elevation of Privilege (44 CVEs)

Critical severity CVE-2025-24999 Microsoft SQL Server Elevation of Privilege Vulnerability CVE-2025-53767 Azure OpenAI Elevation of Privilege Vulnerability CVE-2025-53778 Windows NTLM Elevation of Privilege Vulnerability CVE-2025-53792 Azure Portal Elevation of Privilege Vulnerability Important severity CVE-2025-47954 Microsoft SQL Server Elevation of Privilege Vulnerability CVE-2025-49743 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2025-49758 Microsoft SQL Server Elevation of Privilege Vulnerability CVE-2025-49759 Microsoft SQL Server Elevation of Privilege Vulnerability CVE-2025-49761 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-49762 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-50153 Desktop Windows Manager Elevation of Privilege Vulnerability CVE-2025-50155 Windows Push Notifications Apps Elevation of Privilege Vulnerability CVE-2025-50159 Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege Vulnerability CVE-2025-50161 Win32k Elevation of Privilege Vulnerability CVE-2025-50167 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-50168 Win32k Elevation of Privilege Vulnerability CVE-2025-50170 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2025-50173 Windows Installer Elevation of Privilege Vulnerability CVE-2025-53132 Win32k Elevation of Privilege Vulnerability CVE-2025-53133 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-53134 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-53135 DirectX Graphics Kernel Elevation of Privilege Vulnerability CVE-2025-53137 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-53140 Windows Kernel Transaction Manager Elevation of Privilege Vulnerability CVE-2025-53141 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-53142 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-53147 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-53149 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability CVE-2025-53151 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-53154 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-53155 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-53718 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-53721 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability CVE-2025-53723 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-53724 Windows Push Notifications Apps Elevation of Privilege Vulnerability CVE-2025-53725 Windows Push Notifications Apps Elevation of Privilege Vulnerability CVE-2025-53726 Windows Push Notifications Apps Elevation of Privilege Vulnerability CVE-2025-53727 Microsoft SQL Server Elevation of Privilege Vulnerability CVE-2025-53729 Microsoft Azure File Sync Elevation of Privilege Vulnerability CVE-2025-53760 Microsoft SharePoint Elevation of Privilege Vulnerability CVE-2025-53786 Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability CVE-2025-53788 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability CVE-2025-53789 Windows StateRepository API Server file Elevation of Privilege Vulnerability Moderate severity CVE-2025-53779 Windows Kerberos Elevation of Privilege Vulnerability

Remote Code Execution (35 CVEs)

Critical severity CVE-2025-48807 Microsoft SQL Server Remote Code Execution Vulnerability CVE-2025-50165 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-50176 DirectX Graphics Kernel Remote Code Execution Vulnerability CVE-2025-50177 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability CVE-2025-53731 Microsoft Office Remote Code Execution Vulnerability CVE-2025-53733 Microsoft Word Remote Code Execution Vulnerability CVE-2025-53740 Microsoft Office Remote Code Execution Vulnerability CVE-2025-53766 GDI+ Remote Code Execution Vulnerability CVE-2025-53784 Microsoft Word Remote Code Execution Vulnerability CVE-2025-48807 Microsoft SQL Server Remote Code Execution Vulnerability Important severity CVE-2025-49712 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2025-49757 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-50160 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-50162 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-50163 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-50164 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-50169 Windows SMB Remote Code Execution Vulnerability CVE-2025-53131 Windows Media Remote Code Execution Vulnerability CVE-2025-53143 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability CVE-2025-53144 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability CVE-2025-53145 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability CVE-2025-53152 Desktop Windows Manager Remote Code Execution Vulnerability CVE-2025-53720 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-53730 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-53732 Microsoft Office Remote Code Execution Vulnerability CVE-2025-53734 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-53735 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53737 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53738 Microsoft Word Remote Code Execution Vulnerability CVE-2025-53739 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53741 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53759 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53761 Microsoft PowerPoint Remote Code Execution Vulnerability CVE-2025-53772 Web Deploy Remote Code Execution Vulnerability CVE-2025-53773 GitHub Copilot and Visual Studio Remote Code Execution Vulnerability CVE-2025-53783 Microsoft Teams Remote Code Execution Vulnerability

Information Disclosure (18 CVEs)

Critical severity CVE-2025-53774 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability CVE-2025-53781 Azure Virtual Machines Information Disclosure Vulnerability CVE-2025-53787 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability CVE-2025-53793 Azure Stack Hub Information Disclosure Vulnerability Important severity CVE-2025-33051 Microsoft Exchange Server Information Disclosure Vulnerability CVE-2025-50156 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-50157 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-50158 Windows NTFS Information Disclosure Vulnerability CVE-2025-50166 Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure Vulnerability CVE-2025-53136 NT OS Kernel Information Disclosure Vulnerability CVE-2025-53138 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53148 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53153 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53156 Windows Storage Port Driver Information Disclosure Vulnerability CVE-2025-53719 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53728 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability CVE-2025-53736 Microsoft Word Information Disclosure Vulnerability CVE-2025-53765 Azure Stack Hub Information Disclosure Vulnerability

Spoofing (7 CVEs)

Critical severity CVE-2025-49707 Azure Virtual Machines Spoofing Vulnerability Important severity CVE-2025-25006 Microsoft Exchange Server Spoofing Vulnerability CVE-2025-25007 Microsoft Exchange Server Spoofing Vulnerability CVE-2025-49745 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability CVE-2025-50154 Microsoft Windows File Explorer Spoofing Vulnerability CVE-2025-50171 Remote Desktop Spoofing Vulnerability CVE-2025-53769 Windows Security App Spoofing Vulnerability

Denial of Service (4 CVEs)

Important severity CVE-2025-49751 Windows Hyper-V Denial of Service Vulnerability CVE-2025-50172 DirectX Graphics Kernel Denial of Service Vulnerability CVE-2025-53716 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability CVE-2025-53722 Windows Remote Desktop Services Denial of Service Vulnerability

Tampering (1 CVE)

Important severity CVE-2025-25005 Microsoft Exchange Server Tampering Vulnerability

Appendix B: Exploitability and CVSS

This is a list of the August CVEs judged by Microsoft to be more likely to be exploited in the wild within the first 30 days post-release. (No CVE among this month’s patches is known to be already exploited in the wild, so that list doesn’t appear this month.) The list is further arranged by CVE.

Exploitation more likely within the next 30 days CVE-2025-49743 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2025-50167 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-50168 Win32k Elevation of Privilege Vulnerability CVE-2025-50177 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability CVE-2025-53132 Win32k Elevation of Privilege Vulnerability CVE-2025-53147 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-53156 Windows Storage Port Driver Information Disclosure Vulnerability CVE-2025-53778 Windows NTLM Elevation of Privilege Vulnerability CVE-2025-53786 Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability

This is a list of August’s CVEs with a Microsoft-assessed CVSS Base score of 8.0 or higher. They are arranged by score and further sorted by CVE. For more information on how CVSS works, please see our series on patch prioritization schema.

CVSS Base CVSS Temporal CVE Title 10.0 8.7 CVE-2025-53767 Azure OpenAI Elevation of Privilege Vulnerability 9.8 8.5 CVE-2025-50165 Windows Graphics Component Remote Code Execution Vulnerability 9.8 8.5 CVE-2025-53766 GDI+ Remote Code Execution Vulnerability 9.1 7.9 CVE-2025-50171 Remote Desktop Spoofing Vulnerability 9.1 7.9 CVE-2025-53792 Azure Portal Elevation of Privilege Vulnerability 8.8 7.7 CVE-2025-24999 Microsoft SQL Server Elevation of Privilege Vulnerability 8.8 7.7 CVE-2025-47954 Microsoft SQL Server Elevation of Privilege Vulnerability 8.8 7.7 CVE-2025-49712 Microsoft SharePoint Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-49757 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-49758 Microsoft SQL Server Elevation of Privilege Vulnerability 8.8 7.7 CVE-2025-49759 Microsoft SQL Server Elevation of Privilege Vulnerability 8.8 7.7 CVE-2025-50163 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-53131 Windows Media Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-53143 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-53144 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-53145 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-53727 Microsoft SQL Server Elevation of Privilege Vulnerability 8.8 7.7 CVE-2025-53772 Web Deploy Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-53778 Windows NTLM Elevation of Privilege Vulnerability 8.4 7.3 CVE-2025-53731 Microsoft Office Remote Code Execution Vulnerability 8.4 7.3 CVE-2025-53733 Microsoft Word Remote Code Execution Vulnerability 8.4 7.3 CVE-2025-53740 Microsoft Office Remote Code Execution Vulnerability 8.4 7.3 CVE-2025-53784 Microsoft Word Remote Code Execution Vulnerability 8.2 7.1 CVE-2025-53787 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability 8.1 7.1 CVE-2025-50177 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability 8.0 7.0 CVE-2025-50160 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 8.0 7.0 CVE-2025-50162 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 8.0 7.0 CVE-2025-50164 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 8.0 7.0 CVE-2025-53132 Win32k Elevation of Privilege Vulnerability 8.0 7.0 CVE-2025-53720 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 8.0 7.0 CVE-2025-53786 Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability

Appendix C: Products Affected

This is a list of August’s patches sorted by product family, then sub-sorted by severity. Each list is further arranged by CVE. Patches that are shared among multiple product families are listed multiple times, once for each product family. Certain significant issues for which advisories have been issued are covered in Appendix D, and issues affecting Windows Server are further sorted in Appendix E. All CVE titles are accurate as made available by Microsoft; for further information on why certain products may appear in titles and not product families (or vice versa), please consult Microsoft.

Windows (65 CVEs)

Critical severity CVE-2025-50165 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-50176 DirectX Graphics Kernel Remote Code Execution Vulnerability CVE-2025-50177 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability CVE-2025-53766 GDI+ Remote Code Execution Vulnerability CVE-2025-53778 Windows NTLM Elevation of Privilege Vulnerability Important severity CVE-2025-49743 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2025-49751 Windows Hyper-V Denial of Service Vulnerability CVE-2025-49757 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-49761 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-49762 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-50153 Desktop Windows Manager Elevation of Privilege Vulnerability CVE-2025-50154 Microsoft Windows File Explorer Spoofing Vulnerability CVE-2025-50155 Windows Push Notifications Apps Elevation of Privilege Vulnerability CVE-2025-50156 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-50157 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-50158 Windows NTFS Information Disclosure Vulnerability CVE-2025-50159 Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege Vulnerability CVE-2025-50160 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-50161 Win32k Elevation of Privilege Vulnerability CVE-2025-50162 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-50163 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-50164 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-50166 Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure Vulnerability CVE-2025-50167 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-50168 Win32k Elevation of Privilege Vulnerability CVE-2025-50169 Windows SMB Remote Code Execution Vulnerability CVE-2025-50170 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2025-50171 Remote Desktop Spoofing Vulnerability CVE-2025-50172 DirectX Graphics Kernel Denial of Service Vulnerability CVE-2025-50173 Windows Installer Elevation of Privilege Vulnerability CVE-2025-53131 Windows Media Remote Code Execution Vulnerability CVE-2025-53132 Win32k Elevation of Privilege Vulnerability CVE-2025-53133 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-53134 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-53135 DirectX Graphics Kernel Elevation of Privilege Vulnerability CVE-2025-53136 NT OS Kernel Information Disclosure Vulnerability CVE-2025-53137 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-53138 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53140 Windows Kernel Transaction Manager Elevation of Privilege Vulnerability CVE-2025-53141 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-53142 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-53143 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability CVE-2025-53144 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability CVE-2025-53145 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability CVE-2025-53147 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-53148 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53149 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability CVE-2025-53151 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-53152 Desktop Windows Manager Remote Code Execution Vulnerability CVE-2025-53153 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53154 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-53155 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-53156 Windows Storage Port Driver Information Disclosure Vulnerability CVE-2025-53716 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability CVE-2025-53718 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-53719 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-53720 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2025-53721 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability CVE-2025-53722 Windows Remote Desktop Services Denial of Service Vulnerability CVE-2025-53723 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-53724 Windows Push Notifications Apps Elevation of Privilege Vulnerability CVE-2025-53725 Windows Push Notifications Apps Elevation of Privilege Vulnerability CVE-2025-53726 Windows Push Notifications Apps Elevation of Privilege Vulnerability CVE-2025-53789 Windows StateRepository API Server file Elevation of Privilege Vulnerability Moderate severity CVE-2025-53779 Windows Kerberos Elevation of Privilege Vulnerability

365 (16 CVEs)

Critical severity CVE-2025-53731 Microsoft Office Remote Code Execution Vulnerability CVE-2025-53733 Microsoft Word Remote Code Execution Vulnerability CVE-2025-53740 Microsoft Office Remote Code Execution Vulnerability CVE-2025-53774 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability CVE-2025-53784 Microsoft Word Remote Code Execution Vulnerability CVE-2025-53787 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability Important severity CVE-2025-53730 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-53734 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-53735 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53736 Microsoft Word Information Disclosure Vulnerability CVE-2025-53737 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53738 Microsoft Word Remote Code Execution Vulnerability CVE-2025-53739 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53741 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53759 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53761 Microsoft PowerPoint Remote Code Execution Vulnerability

Office (16 CVEs)

Critical severity CVE-2025-53731 Microsoft Office Remote Code Execution Vulnerability CVE-2025-53733 Microsoft Word Remote Code Execution Vulnerability CVE-2025-53740 Microsoft Office Remote Code Execution Vulnerability CVE-2025-53766 GDI+ Remote Code Execution Vulnerability CVE-2025-53784 Microsoft Word Remote Code Execution Vulnerability Important severity CVE-2025-53730 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-53732 Microsoft Office Remote Code Execution Vulnerability CVE-2025-53734 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-53735 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53736 Microsoft Word Information Disclosure Vulnerability CVE-2025-53737 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53738 Microsoft Word Remote Code Execution Vulnerability CVE-2025-53739 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53741 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53759 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53761 Microsoft PowerPoint Remote Code Execution Vulnerability

Azure (7 CVEs)

Critical severity CVE-2025-49707 Azure Virtual Machines Spoofing Vulnerability CVE-2025-53767 Azure OpenAI Elevation of Privilege Vulnerability CVE-2025-53781 Azure Virtual Machines Information Disclosure Vulnerability CVE-2025-53792 Azure Portal Elevation of Privilege Vulnerability CVE-2025-53793 Azure Stack Hub Information Disclosure Vulnerability Important severity CVE-2025-53729 Microsoft Azure File Sync Elevation of Privilege Vulnerability CVE-2025-53765 Azure Stack Hub Information Disclosure Vulnerability

SQL (6 CVEs)

Critical severity CVE-2025-24999 Microsoft SQL Server Elevation of Privilege Vulnerability CVE-2025-48807 Microsoft SQL Server Remote Code Execution Vulnerability Important severity CVE-2025-47954 Microsoft SQL Server Elevation of Privilege Vulnerability CVE-2025-49758 Microsoft SQL Server Elevation of Privilege Vulnerability CVE-2025-49759 Microsoft SQL Server Elevation of Privilege Vulnerability CVE-2025-53727 Microsoft SQL Server Elevation of Privilege Vulnerability

Exchange (5 CVEs)

Important severity CVE-2025-25005 Microsoft Exchange Server Tampering Vulnerability CVE-2025-25006 Microsoft Exchange Server Spoofing Vulnerability CVE-2025-25007 Microsoft Exchange Server Spoofing Vulnerability CVE-2025-33051 Microsoft Exchange Server Information Disclosure Vulnerability CVE-2025-53786 Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability

Excel (4 CVEs)

Important severity CVE-2025-53735 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53737 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53739 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-53741 Microsoft Excel Remote Code Execution Vulnerability

SharePoint (4 CVEs)

Critical severity CVE-2025-53733 Microsoft Word Remote Code Execution Vulnerability Important severity CVE-2025-49712 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2025-53736 Microsoft Word Information Disclosure Vulnerability CVE-2025-53760 Microsoft SharePoint Elevation of Privilege Vulnerability

Word (3 CVEs)

Critical severity CVE-2025-53733 Microsoft Word Remote Code Execution Vulnerability Important severity CVE-2025-53736 Microsoft Word Information Disclosure Vulnerability CVE-2025-53738 Microsoft Word Remote Code Execution Vulnerability

Dynamics 365 (2 CVEs)

Important severity CVE-2025-49745 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability CVE-2025-53728 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

PowerPoint (1 CVE)

Important severity CVE-2025-53761 Microsoft PowerPoint Remote Code Execution Vulnerability

Teams (1 CVE)

Important severity CVE-2025-53783 Microsoft Teams Remote Code Execution Vulnerability

Visual Studio (1 CVE)

Important severity CVE-2025-53773 GitHub Copilot and Visual Studio Remote Code Execution Vulnerability

Web Deploy (1 CVE)

Important severity CVE-2025-53772 Web Deploy Remote Code Execution Vulnerability

Windows Security App (1 CVE)

Important severity CVE-2025-53769 Windows Security App Spoofing Vulnerability

Windows Subsystem for Linux (WSL2) (1 CVE)

Important severity CVE-2025-53788 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability

Appendix D: Advisories and Other Products

There are 10 Edge-related advisories in August’s release, all but two of which originated outside Microsoft.

CVE-2025-8576 Chromium: CVE-2025-8576 Use after free in Extensions CVE-2025-8577 Chromium: CVE-2025-8577 Inappropriate implementation in Picture In Picture CVE-2025-8578 Chromium: CVE-2025-8578 Use after free in Cast CVE-2025-8579 Chromium: CVE-2025-8579 Inappropriate implementation in Gemini Live in Chrome CVE-2025-8580 Chromium: CVE-2025-8580 Inappropriate implementation in Filesystems CVE-2025-8581 Chromium: CVE-2025-8581 Inappropriate implementation in Extensions CVE-2025-8582 Chromium: CVE-2025-8582 Insufficient validation of untrusted input in DOM CVE-2025-8583 Chromium: CVE-2025-8583 Inappropriate implementation in Permissions CVE-2025-49736 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability CVE-2025-49755 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

In addition, eight of CVEs appear in this month’s Patch Tuesday information only to assure the public that they have already been mitigated, whether as part of the normal course of cloud business or (in the case of two Windows patches) as part of last month’s patch collection, though they were unnamed in that release. Since this month’s CVSS 10.0 CVE is among those eight, we are listing those here with their CVE, title, impact, severity, and CVSS base score.

CVE-2025-48807 Microsoft SQL Server Remote Code Execution Vulnerability Remote Code Execution Critical 7.5 CVE-2025-49707 Azure Virtual Machines Spoofing Vulnerability Spoofing Critical 7.9 CVE-2025-53767 Azure OpenAI Elevation of Privilege Vulnerability Elevation of Privilege Critical 10.0 CVE-2025-53774 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability Information Disclosure Critical 6.5 CVE-2025-53781 Azure Virtual Machines Information Disclosure Vulnerability Information Disclosure Critical 7.7 CVE-2025-53787 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability Information Disclosure Critical 8.2 CVE-2025-53789 Windows StateRepository API Server file Elevation of Privilege Vulnerability Elevation of Privilege Important 7.8 CVE-2025-53792 Azure Portal Elevation of Privilege Vulnerability Elevation of Privilege Critical 9.1

There were no Adobe advisories included in the August release.

Appendix E: Affected Windows Server versions

This is a table of the 66 CVEs in the August release affecting Windows Server versions 2008 through 2025. CVE-2025-48807 and CVE-2025-53789, the two CVEs that shipped in July but were left out of the official information last month as mentioned above, are included here. The table differentiates among major versions of the platform but doesn’t go into deeper detail (eg., Server Core). Critical-severity issues are marked in red; an “x” indicates that the CVE does not apply to that version. Administrators are encouraged to use this appendix as a starting point to ascertain their specific exposure, as each reader’s situation, especially as it concerns products out of mainstream support, will vary. For specific Knowledge Base numbers, please consult Microsoft.