No fewer than eight critical flaws that could allow a threat actor to achieve remote code execution (RCE) on a targeted system are listed in Microsoft’s August Patch Tuesday update, which once again tops out at over 100 common vulnerabilities and exposures (CVEs).
Among the critical RCE bugs are vulnerabilities in various Microsoft products and services, including DirectX Graphics Kernel, GDI+, Hyper-V, Message Queuing, Office, and Word. Additionally, there is a solitary elevation of privilege (EoP) flaw in Windows NTLM, two information disclosure vulnerabilities in Hyper-V and Azure Stack Hub, and a spoofing vulnerability in Hyper-V.
The latest monthly drop does not contain any full zero-day exploits, except for one EoP vulnerability in Windows Kerberos, CVE-2025-53779, which, while exploit code has been made public, has not been exploited by any threat actor yet.
This vulnerability stems from a path traversal flaw in Kerberos, which improperly validates path inputs when handling the delegated Managed Service Account (dMSA) feature in Windows Server 2025. This flaw allows an attacker to create improper delegation relationships, impersonate privileged accounts, escalate to domain admin privileges, and potentially gain control of the Active Directory domain. However, exploitation is less likely as the attacker would need elevated access to certain attributes of the dMSA.
Mike Walters, president and co-founder of Action1, warned that the danger from CVE-2025-53779 increases when combined with other techniques. Large organizations with complex Active Directory environments, those using dMSAs for service account management, and high-risk targets should take precautions.
SharePoint flaws should be addressed
Defenders should also pay attention to a pair of vulnerabilities in SharePoint, CVE-2025-53760, which enables EoP, and CVE-2025-49712, which enables RCE. These vulnerabilities follow the ToolShell vulnerabilities in SharePoint, which received an out-of-synch patch in July and were exploited by threat actors against government targets.
Saeed Abbasi, Qualys Threat Unit senior manager for security research, highlighted the concern surrounding CVE-2025-49712.
“This RCE demands authentication but pairs dangerously with known auth bypasses. Attackers chaining this with prior flaws could achieve full server compromise and data exfiltration. Exposed SharePoint instances are prime footholds for lateral movement,” explained Abbasi.
Abbasi advised prioritizing and patching all SharePoint updates, rotating keys, and eliminating internet exposure to avoid regulatory scrutiny and breaches, as SharePoint remains a target for exploitation.
