Microsoft's August 2025 Patch Tuesday Fixes 107 Vulnerabilities, Including Critical Windows GDI+ Bug and Publicly Disclosed Kerberos Zero-Day
Microsoft's August 2025 Patch Tuesday addressed a significant number of vulnerabilities, including a critical heap-based buffer overflow in Windows GDI+ and a publicly disclosed Windows Kerberos zero-day. The updates patched a total of 107 vulnerabilities across various products.
The most severe vulnerability, CVE-2025-53766, is a heap-based buffer overflow in Windows GDI+ that could be exploited for remote code execution or information disclosure without user interaction. Meanwhile, a publicly disclosed Windows Kerberos zero-day (CVE-2025-53779) was patched, allowing an authenticated attacker to gain domain admin rights via relative path traversal.
The August updates fixed 12 critical vulnerabilities, 93 important ones, one moderate, and one low in severity, spread across different Microsoft products. Notably, the identity of the person who disclosed the Windows Kerberos zero-day remains unknown, as of October 2025, according to public sources.
Microsoft's August 2025 Patch Tuesday provided crucial security updates, addressing a total of 107 vulnerabilities, with 12 rated critical. The updates patched a serious heap-based buffer overflow and a publicly disclosed Windows Kerberos zero-day, enhancing overall system security.
