Yesterday was Patch Tuesday for Microsoft, which means tons of security updates across the company’s products and services. Specifically, 107 new security vulnerabilities have been patched.
Microsoft classifies several of the vulnerabilities in Windows and Office as critical, but also says that none of the vulnerabilities are currently being exploited in the wild.
Keep reading for an overview of fixed security flaws and how they might affect you. The next Patch Tuesday will be September 9th, 2025.
Security updates for Windows
A large number of the vulnerabilities—67 this time—are spread across the various Windows versions for which Microsoft still offers security updates, namely Windows 10, Windows 11, and Windows Server.
Users on Windows 7 and Windows 8.1 haven’t been getting security updates for quite some time, so will remain vulnerable. If that’s you and your system requirements allow it, you should upgrade to Windows 11 24H2 to continue receiving security updates.
Critical Windows vulnerabilities
Microsoft has identified CVE-2025-53766, a remote code execution (RCE) vulnerability in the Graphics Device Interface API for graphical applications, as well as CVE-2025-50165, another RCE vulnerability but in the Windows Graphics Component, as critical. A visit to a specially prepared website is sufficient to inject and execute arbitrary code without user interaction. With the latter vulnerability, an attacker simply needs to craft an image to be embedded in a web page.
Microsoft has categorized three vulnerabilities in Hyper-V as critical. CVE-2025-48807 is an RCE vulnerability which, if exploited, makes it possible to execute code on the host from the guest system. CVE-2025-53781 is a data leak that allows confidential information to be accessed. CVE-2025-49707 is a spoofing vulnerability that allows a virtual machine to fake a different identity when communicating with external systems.
Microsoft has fixed 12 vulnerabilities in the Routing and Remote Access Service (RRAS), half of which are RCE vulnerabilities, the other half are data leaks. All are categorized as high risk.
The only previously publicized vulnerability in this Patch Tuesday is CVE-2025-53779 in Kerberos for Windows Server 2025. Under certain conditions, a successful attacker can gain administrator rights for domains. Microsoft classifies it as medium risk only.
Security updates for Office
Microsoft has fixed 18 vulnerabilities in its Office product family, including 16 RCE vulnerabilities. Four of these RCE vulnerabilities are labeled as critical because the preview window is considered an attack vector. This means an attack can occur via a file displayed in the preview, even if the user doesn’t click on it or open it. Two of these vulnerabilities are in Word.
Microsoft categorizes the other Office vulnerabilities as high risk. Here, a user must open a prepared file for the exploit code to take effect.
Security updates for Edge browser
The latest security update to Edge 139.0.3405.86 was released on August 7th and is based on Chromium 139.0.7258.67. It fixes several vulnerabilities in the Chromium base.
Edge for Android 139.0.3405.86 is slightly newer and Microsoft has made this version available to close two Edge-specific gaps.
Войдите, чтобы добавить комментарий
Другие сообщения в этой группе
Google Gemini continues to push the limits of what it knows about you
Nobody really expects Windows on Arm PCs to keep up with their cousin
In the age of uber-fast internet, spotty Wi-Fi connections can be sup
What’s the difference between a gaming laptop and a handheld gaming P
It looks like we’ve got a genuine arms race going on between Samsung
Remember the summer of 2024 when a faulty CrowdStrike update crashed
I don’t recommend anything under 16GB of RAM if you want a laptop tha
