Microsoft Patch Tuesday, August 2025 Edition – Krebs on Safety

Microsoft at this time launched updates to repair greater than 100 safety flaws in its Windows working programs and different software program. At least 13 of the bugs acquired Microsoft’s most-dire “critical” score, that means they may very well be abused by malware or malcontents to achieve distant entry to a Windows system with little or no assist from customers.

August’s patch batch from Redmond contains an replace for CVE-2025-53786, a vulnerability that permits an attacker to pivot from a compromised Microsoft Exchange Server immediately into a corporation’s cloud setting, doubtlessly gaining management over Exchange Online and different related Microsoft Office 365 providers. Microsoft first warned about this bug on Aug. 6, saying it impacts Exchange Server 2016 and Exchange Server 2019, in addition to its flagship Exchange Server Subscription Edition.

Ben McCarthy, lead cyber safety engineer at Immersive, stated a tough search reveals roughly 29,000 Exchange servers publicly dealing with on the web which can be susceptible to this difficulty, with a lot of them prone to have even older vulnerabilities.

McCarthy stated the repair for CVE-2025-53786 requires extra than simply putting in a patch, comparable to following Microsoft’s guide directions for making a devoted service to supervise and lock down the hybrid connection.

“In effect, this vulnerability turns a significant on-premise Exchange breach into a full-blown, difficult-to-detect cloud compromise with effectively living off the land techniques which are always harder to detect for defensive teams,” McCarthy stated.

CVE-2025-53779 is a weak spot within the Windows Kerberos authentication system that permits an unauthenticated attacker to achieve area administrator privileges. Microsoft credit the invention of the flaw to Akamai researcher Yuval Gordon, who dubbed it “BadSuccessor” in a May 2025 blog post. The assault exploits a weak spot in “delegated Managed Service Account” or dMSA — a function that was launched in Windows Server 2025.

Some of the important flaws addressed this month with the best severity (between 9.0 and 9.9 CVSS scores) embrace a distant code execution bug within the Windows GDI+ element that handles graphics rendering (CVE-2025-53766) and CVE-2025-50165, one other graphics rendering weak spot. Another important patch entails CVE-2025-53733, a vulnerability in Microsoft Word that may be exploited with out person interplay and triggered via the Preview Pane.

One last important bug tackled this month deserves consideration: CVE-2025-53778, a bug in Windows NTLM, a core perform of how Windows programs deal with community authentication. According to Microsoft, the flaw might permit an attacker with low-level community entry and primary person privileges to take advantage of NTLM and elevate to SYSTEM-level entry — the best stage of privilege in Windows. Microsoft charges the exploitation of this bug as “more likely,” though there is no such thing as a proof the vulnerability is being exploited for the time being.

Feel free to holler within the feedback if you happen to expertise issues putting in any of those updates. As ever, the SANS Internet Storm Center has its useful breakdown of the Microsoft patches listed by severity and CVSS rating, and AskWoody.com is conserving an eye fixed out for Windows patches that will trigger issues for enterprises and finish customers.

GOOD MIGRATIONS

Windows 10 customers on the market possible have observed by now that Microsoft actually desires you to improve to Windows 11. The purpose is that after the Patch Tuesday on October 14, 2025, Microsoft will cease transport free safety updates for Windows 10 computer systems. The bother is, many PCs working Windows 10 don’t meet the {hardware} specs required to put in Windows 11 (or they do, however simply barely).

If the expertise with Windows XP is any indicator, many of those older computer systems will wind up in landfills or else will probably be left working in an unpatched state. But in case your Windows 10 PC doesn’t have the {hardware} chops to run Windows 11 and also you’d nonetheless prefer to get some use out of it safely, contemplate putting in a newbie-friendly model of Linux, like Linux Mint.

Like most fashionable Linux variations, Mint will run on something with a 64-bit CPU that has not less than 2GB of reminiscence, though 4GB is beneficial. In different phrases, it would run on virtually any laptop produced within the final decade.

There are many variations of Linux obtainable, however Linux Mint is prone to be probably the most intuitive interface for normal Windows customers, and it’s largely configurable with none fuss on the text-only command-line immediate. Mint and different flavors of Linux include LibreOffice, which is an open supply suite of instruments that features purposes just like Microsoft Office, and it might probably open, edit and save paperwork as Microsoft Office recordsdata.

If you’d want to offer Linux a take a look at drive earlier than putting in it on a Windows PC, you may at all times simply obtain it to a detachable USB drive. From there, reboot the pc (with the detachable drive plugged in) and choose the choice at startup to run the working system from the exterior USB drive. If you don’t see an possibility for that after restarting, attempt restarting once more and hitting the F8 button, which ought to open an inventory of bootable drives. Here’s a fairly thorough tutorial that walks via precisely how one can do all this.

And if that is your first time making an attempt out Linux, chill out and have enjoyable: The good factor a couple of “live” model of Linux (because it’s referred to as when the working system is run from a detachable drive comparable to a CD or a USB stick) is that none of your adjustments persist after a reboot. Even if you happen to by some means handle to interrupt one thing, a restart will return the system again to its authentic state.