Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search

Heading for a bang for August! 36 RCEs for Microsoft Patch Tuesday August

Redazione RHC : 13 August 2025 09:48

August Patch Tuesday: Microsoft releases security updates that fix 107 vulnerabilities across its ecosystem products. The update includes fixes for 90 vulnerabilities, classified as follows: 13 are critical, 76 are important, one is moderate, and one is low.

Notably, none of these vulnerabilities are listed as actively exploited zero-day vulnerabilities, which offers some relief to IT administrators. The vulnerabilities fall into several categories, including Remote Code Execution (RCE), Elevation of Privilege (EoP), Information Disclosure, Spoofing, Denial of Service (DoS), and Tampering.

On August 12, 2025, Microsoft released its monthly Patch Tuesday security updates, addressing a significant number of vulnerabilities across its product ecosystem.

Remote code execution vulnerabilities dominate this month’s Patch Tuesday, with 36 vulnerabilities fixed, 10 of which are rated Critical. These flaws could allow attackers to execute arbitrary code, potentially compromising entire systems.

Key remote code execution vulnerabilities include:

  • DirectX Graphics Kernel (CVE-2025-50176, Critical): A type confusion flaw in the Graphics Kernel allows local code execution by an authorized attacker.
  • Microsoft Office (CVE-2025-53731, CVE-2025-53740, Critical): Multiple use-after-free vulnerabilities in Microsoft Office applications allow attackers to execute code locally.
  • Windows Graphics Component (CVE-2025-50165, Critical): An untrusted pointer dereference in Microsoft’s Graphics Component allows attackers to execute code over a network.
  • Microsoft Word (CVE-2025-53733, CVE-2025-53784, Critical): Flaws in Microsoft Word, including incorrect numeric type conversion and use-after-free issues, allow local code execution.
  • Windows Hyper-V (CVE-2025-48807, Critical): Improper restriction of communication channels in Hyper-V allows local code execution.
  • Microsoft Message Queuing (MSMQ) (CVE-2025-50177, Critical; CVE-2025-53143, CVE-2025-53144, CVE-2025-53145, Important): Multiple vulnerabilities, including use-after-free and type confusion flaws, affect MSMQ, allowing network-based code execution.
  • GDI+ ( CVE-2025-53766 , Critical): A heap buffer overflow in Windows GDI+ allows network-based code execution.
  • Windows Routing and Remote Access Service (RRAS) (CVE-2025-49757, CVE-2025-50160, CVE-2025-50162, CVE-2025-50163, CVE-2025-50164, CVE-2025-53720, Important): Heap-based heap buffer overflows in RRAS allow network-based code execution.
  • Microsoft Excel (CVE-2025-53741, CVE-2025-53759, CVE-2025-53737, CVE-2025-53739, Important) : Heap buffer overflow and use-after-free issues in Excel allow local code execution.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli