Microsoft已發布其2025年8月的補丁星期二更新,一個實質性的安全包,可在其產品線上遍布其產品線 的107個漏洞。該更新於8月12日發布的更新解決了13個關鍵缺陷和1個公開披露的零日,強調了企業系統面臨的持續安全挑戰。
本月的版本仍在保安研究人員指出的趨勢繼續,並以高高的特權(eop)漏洞為代表了較大的漏洞,這些漏洞代表了固定能力的最大類別。貼片的巨大音量和嚴重性突出了IT管理員迅速應用這些更新的重要性。
kerberos零日缺陷使Active Directory處於風險
該更新最重要的威脅最重要的威脅是CVE-2025-53779,是CVE-2025-53779,是一個公共公開的零透明的Windows-days kerbersibles kererability。 Microsoft警告說,此缺陷允許特權升級,並指出:“ Windows Kerberos中的相對路徑遍歷允許授權攻擊者通過網絡提升特權。”
成功的利用可以使攻擊者獲得攻擊者的核心管理員,從而使攻擊者有效地控制一個網絡,並獲得了一個核心的核心核心。這破壞了Kerberos依賴於Active Directory環境中的服務帳戶管理的整個可信賴的委託模型。
根本原因是A 。通過操縱特定的DMSA屬性,例如MSDS-ManagedAccountPrecedByLink,攻擊者可以建立不當的委派關係並假冒高度特權的帳戶。
剝削並不是很瑣碎的,因為它要求攻擊者已經擁有高級的特權來修改所需的DMSA屬性。 However, for a threat actor who has already established a foothold, this vulnerability provides a direct path to escalating their access to the highest level.
Adding to the urgency, the vulnerability’s mechanics were 研究人員在2025年5月首先詳細介紹了Akamai 。 While Microsoft officially rates the flaw as “Exploitation Less Likely,”the existence of a functional proof-of-concept makes it a high-priority patch for all organizations.
Critical Graphics Bugs Create ‘Wormable’ RCE Threats
Two critical remote code execution (RCE) vulnerabilities in the Windows Graphics Component present a severe risk, both earning the highest possible CVSS嚴重程度得分為9.8。它們的共享特徵(網絡攻擊向量,低複雜性,對用戶交互的不需要)使它們異常危險。
第一個CVE-2025-50165是一個不受信任的指針解除核心JPEG圖像解碼管道中的指針解碼缺陷。攻擊者可以通過說服用戶簡單地查看專門精心設計的JPEG文件來利用它,該文件可以通過電子郵件,即時消息或網站提供。無需點擊或其他操作。
這使缺陷特別陰險。正如Action1 所指出的那樣,“這是一個特別危險的內存脆弱性,因為它發生在操作系統的核心級別的 時巨大。網絡安全工程師本·麥卡錫(Ben McCarthy)解釋說:“攻擊向量非常廣泛,因為當操作系統處理專門製作的JPEG圖像時,漏洞就會觸發。” This means any application that renders images, from email clients generating previews to Office documents with embedded pictures, can become an entry point for an attack.
The second flaw, CVE-2025-53766, is a heap-based buffer overflow in the GDI+ component, triggered when processing malicious metafiles (like WMF or EMF formats) embedded in documents. Microsoft突出了一個特別令人震驚的場景,攻擊者可以通過簡單地上傳包含惡意元素的文檔來妥協Web服務。
,而微軟將這兩個漏洞評估為“剝削可能性較小”,因為“剝削可能性較小”,其屬性是他們的屬性,即創建“蠕蟲”的理想,而無需人性化,而無需人性化。 The presence of two such deep architectural flaws in the Windows graphics stack suggests they may have been uncovered during a comprehensive security review.
Office, Azure AI, and Exchange Also Receive Urgent Patches
The security updates extend well beyond the core operating system, addressing critical vulnerabilities in Microsoft’s most essential productivity and cloud platforms.特別是,辦公室套件收到了一組危險的遠程代碼執行缺陷的補丁程序,這些缺陷可能使攻擊者能夠用武器的文檔妥協系統。
其中幾個,包括CVE-2025-53740和CVE-2025-53784,CVE-2025-53740和CVE-2025-53784,至關重要的是使用Microsoft in Microsoft in Microsoft in Microsoft and Wort and Wort and Wort。這些缺陷只需通過在Outlook Preview Pane中查看惡意文件而觸發這些缺陷,無需點擊或直接交互。這款“ Zero-Click”攻擊矢量顯著降低了剝削的標準,將一封簡單的電子郵件轉變為系統妥協的潛在門戶。
另一個關鍵詞漏洞,CVE-2025-53733,源於另一種錯誤類型-不同類型的錯誤-不正確的數字轉換-在範圍內進行了寬闊的記憶力管理範圍內的構造架構架構架構。這些獨特但嚴重的錯誤同時發現了Microsoft的重點安全性審查可能會發現系統性弱點。
在雲中,Microsoft在其Azure Openai服務中修補了最大程度(CVSS 10)的最大程度(CVSS 10),CVE-2025-53767。儘管客戶無需在Microsoft處理服務器端修復程序時採取行動,但在旗艦AI產品中存在完美的得分漏洞,這是對該域中新興攻擊表面的明顯提醒。正如一位專家所觀察到的那樣:“這是一個有趣的說明,突出了AI技術如何仍然需要密切監控,仔細的修補和強大的護欄,就像組織堆棧中的任何其他技術一樣。”
最後,管理公司或混合環境的管理員必須特別注意CVE-2025-53786,Microseft of Priverilege of Privation of Privation of Privation of Privation of Privation of Privation of Privation of Privation of Perivation of Flaw。與大多數補丁不同,此脆弱性需要手動安裝hotfix 。這一額外的步驟造成了操作負擔,並增加了某些服務器可能保持不受保護的風險,這是交換的歷史作為威脅參與者的高價值目標的重大關注。
立即進行補丁,並準備Windows 10 End of Windows Support
本月的補丁是組織基礎的重要安全基礎。從核心Windows組件到雲服務的各種修補產品都展示了維護安全的IT環境的複雜性。
版本也及時提醒了即將到來的截止日期。 Microsoft將停止為Windows 10的大多數版本提供免費的安全更新。 2025年10月14日之後10.組織仍在運行較舊的OS必須遷移或註冊付費的擴展安全更新(ESU)程序以保持保護。
完整的補丁程序的完整列表2025年8月2025日,星期二href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53729″ targe href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53793″ target=“ _ black”> cve-2025-53793 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53765″ target=“ _ black”> cve-2025-53765 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-49707″ target=“ _ black”> cve-2025-49707 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53781″ target=“ _ black”> cve-2025-53781 azure virtulual機器信息披露信息href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53152″ target=“ _ black”> cve-2025-53152 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50153″ target=“ _ black”> cve-2025-50153 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53773″ target=“ _ black”> cve-2025-53773 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50176″ target=“ _ black”> cve-2025-50176 directx directx grablex graphics grange遠程代碼kernel遠程代碼執行脆弱的kirtalability callerability callerability callerability witer wow wow wow wow wow wow wow a a a a a a a a a a a a a a a a a a a a a a a a a。 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53149″ target=“ _ black”> cve-2025-53149 kerneling wow wow wow wow wow wow wow thunk thunk thunk服務駕駛員透視率重要的Kernelability重要的Kernel-Kernel Transaltions Manager cve-2025-53140 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53142″ target=“ _ black”> cve-2025-53142 Microsoft Broking Broking Broker Broker Broker Broker Broker Broking File fileilege vileilege vileilege vileilege vileilege vilemability teperagetion Microsoftiss 365(Onpermises 365) cve-2025-49745 microsoft Microsoft 365(雜貨)scripting scripting scripting scripting scripting scripting sprofting Mirstise 365(Onteroft ofterics 365) href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53728″ target=“ _ black”> cve-2025-53728 Microsoft Microsoft 365(跨部門)信息透露透露率的Microsoft and androsoft for Microsoft androsoft androide cve-2025-49755 Microsoft Edge(基於Chromium spo)的Android Spoofing bulnerability Lownerability Lownerability Lownerapic href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-49736″ target=“ _ black”> cve-2025-49736 Microsoft Edge(基於Chromium spofering spo vulnerability Microsoft Micerofter Esserter Micerofter Esserter Androsoft Expressere Mrosofter Esserter Androsoft Edge) href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-25005″ target=“ _ black”> cve-2025-25005 Microsoft Exchange Exchange Serverage Tampering Server tamppering tampering tampering tampering tampering tampering tamppering wittem Microsoft Exchange Server cve-2025-25006 Microsoft Exchange Serventa href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-25007″ target=“ _ black”> cve-2025-25007 Microsoft Exchange Serverains欺騙漏洞 href=”https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786″ target=”_blank”>CVE-2025-53786 Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability Important Microsoft Exchange Server cve-2025-33051 Microsoft Exchange Serveff Sprenta href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-49743″ target=“ _ black”> cve-2025-49743 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50165″ target=“ _ black”> cve-2025-50165 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53732″ target=“ _ brank”> cve-2025-53732 microsoft Office遠程代碼遠程代碼執行脆弱的Microsoft Office cve-2025-53740 Microsoft Microsoft Offect Office遠程代碼遠程代碼CRICATINE MICROSOFT CALINGE MICROSOFTAIL href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53731″ target=“ _ black”> cve-2025-53731 microsoft遠程遠程代碼執行脆弱的Microsoft Office Excel cve-2025-53759 microsoft Excel Excel Excel Excel Excel遠程代碼執行href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53737″ target=“ _ brank”> cve-2025-53737 microsoft Excel Excel Excel Excel Excel Excel Excel Excel遠程代碼執行href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53739″ target=“ _ black”> cve-2025-53739 microsoft Excel Excel Excel Excel Excel Excel遠程代碼執行href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53735″ target=“ _ black”> cve-2025-53735 microsoft Excel Excel Excel Excel Excel Excel Excel遠程代碼脆弱的Microsoft Office Excel excel Excel excel Excel excel excel excel cve-2025-53741 microsoft excel excel遠程代碼執行href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53761″ target=“ _ black”> cve-2025-53761 microsoft microsoft href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53760″ target=“ _ black”> cve-2025-53760 microsoft sharepoint sharpoint sharpoint sharepoint sharpoint of profeilege sharpoint of profeilege sharpoint of microsoft Encelapoint Shareepoint shareepoint shareepoint shareepoint a a a a a a a a href=”https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49712″ target=”_blank”>CVE-2025-49712 Microsoft SharePoint Remote Code Execution Vulnerability Important Microsoft Office Visio cve-2025-53730 Microsoft Office遠程代碼遠程代碼執行脆弱的Microsoft Office Office visio cve-2025-53734 microsoft Office visio遠程代碼執行脆弱的Microsoft Office Word cve-2025-53738 microsoft microsoft Word遠程代碼遠程代碼執行href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53736″ target=“ _ blank”> cve-2025-53736 Microsoft Word信息披露脆弱性Microsoft Office Word words Word CVE-2025-53784 Microsoft Word Remote Code Execution Vulnerability Critical Microsoft Office Word cve-2025-53733 microsoft microsoft Word遠程代碼遠程代碼callyability callyability callyability callyability callyability callerability callerability Microsoft callerability callerability callerability callerability Microsoft callerability callerability callerables href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53783″ target=“ _ black”> cve-2025-53783 Microsoft Microsoft Microsoft遠程代碼遠程代碼執行脆弱的遠程接入點至PPP協議(PPP) href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50159″ target=“ _ black”> cve-2025-50159 遠程訪問點對點協議(PPP) href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50171″ target=“ _ brank”> cve-2025-50171 遠程桌面欺騙脆弱性: href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50167″ target=“ _ black”> cve-2025-50167 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53155″ target=“ _ black”> cve-2025-53155 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-49751″ target=“ _ black”> cve-2025-49751 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53723″ target=“ _ black”> cve-2025-53723 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-48807″ target=“ _ black”> cve-2025-48807 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-49758″ target=“ _ black”> cve-2025-49758 Microsoft SQL SQL SQL Server sql Server toperilege sql buleilege sql sql Server cve-2025-24999 Microsoft SQL SQL SQL SQL SER href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53727″ target=“ _ black”> cve-2025-53727 Microsoft SQL SQL SQL SERS SQL Server toperilege sql buleilege sql sql Server cve-2025-49759 Microsoft SQL SQL SQL Server sql Server toperilege sql buleilege sql sql Server cve-2025-47954 microsoft sql SQL SQL SQL SQL SQL SECS sql SERS SERPERIELE SERVE for locilege bolderability重要的存儲端口駕駛員 cve-2025-53156 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53772″ target=“ _ black”> cve-2025-53772 Web web web web temploy Web遠程遠程代碼執行範圍href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53718″ target=“ _ black”> cve-2025-53718 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53134″ target=“ _ black”> cve-2025-53134 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-49762″ target=“ _ black”> cve-2025-49762 Windows輔助功能驅動器,用於winsock for winsock for winsock for winsock for winsock for winsock winsock for winsock winsillability winsock winsillability winterabilita href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53147″ target=“ _ black”> cve-2025-53147 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53154″ target=“ _ black”> cve-2025-53154 Windows輔助功能驅動器,用於Winsock vifnerabilita href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53137″ target=“ _ black”> cve-2025-53137 windows輔助功能驅動器,用於winsock for winsock for winsock for winsock for winsock for winsock for winsock for winsock winsillabilita href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53141″ target=“ _ black”> cve-2025-53141 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50170″ target=“ _ black”> cve-2025-50170 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53721″ target=“ _ black”> cve-2025-53721 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53135″ target=“ _ black”> cve-2025-53135 directx directx圖形圖形範圍tragilege togrilege topryge witch winders witch a direct a a a cve-2025-50172 directx directx grablics graphics graglics kernel decrial of服務易於服務易於服務脆弱的Windows Transations TransAction coordinator cve-2025-50166 Windows Windows Windows Distributed Transaction trassation trassaction Coordinator(MSDTC) href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50154″ target=“ _ black”> cve-2025-50154 Microsoft Windows File Explorer spofiring spofing viles spofiring spofing viles spoofing viles gdi gdi+ cve-2025-53766 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50173″ target=“ _ brank”> cve-2025-50173 windows安裝程序的特權脆弱性弱點kerberos cve-2025-50173 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53779″ target=“ _ black”> cve-2025-53779 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-49761″ target=“ _ black”> cve-2025-49761 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53151″ target=“ _ black”> cve-2025-53151 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53716″ target=“ _ black”> cve-2025-53716 當地安全權威子系統服務(LSASS) href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53131″ target=“ _ black”> cve-2025-53131 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53145″ target=“ _ black”> cve-2025-53145 microsoft Microsoft messagn Message Queuing(MSMQ)遠程代碼遠程執行witly Windows questection questution quiption witly windows questect href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53143″ target=“ _ black”> cve-2025-53143 microsoft Microsoft messagn Message quesuing(msmq)遠程代碼遠程代碼可執行遠程執行信息href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50177″ target=“ _ black”> cve-2025-50177 microsoft messect queuing(msmq) href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53144″ target=“ _ black”> cve-2025-53144 microsoft microsoft message quesuing(msmq)遠程代碼執行遠程代碼執行遠程執行重要的Windows nt os kernel nt href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53136″ target=“ _ brank”> cve-2025-53136 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50158″ target=“ _ blank”> cve-2025-50158 windows ntfs windows ntfs信息披露信息href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53778″ target=“ _ black”> cve-2025-53778 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53133″ target=“ _ black”> cve-2025-53133 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53725″ target=“ _ black”> cve-2025-53725 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53724″ target=“ _ black”> cve-2025-53724 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50155″ target=“ _ black”> cve-2025-50155 Windows推送通知應用程序的高度易用窗口 cve-2025-50155 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53726″ target=“ _ black”> cve-2025-53726 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53722″ target=“ _ black”> cve-2025-53722 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50157″ target=“ _ black”> cve-2025-50157 Windows路由和遠程訪問服務(RRAS) href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53153″ target=“ _ black”> cve-2025-53153 Windows路由和遠程訪問服務(RRAS)信息公開漏洞公開漏洞的信息揭示重要的Windows和遠程訪問(遠程路由服務(A) href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50163″ target=“ _ brank”> cve-2025-50163 ICE(RRAS)遠程代碼執行脆弱性重要的Windows路由和遠程訪問服務(RRAS) cve-2025-50164 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53148″ target=“ _ black”> cve-2025-53148 Windows roting and遠程訪問服務(RRAS)信息公開漏洞披露重要的Windows和遠程訪問(RRAS) href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53138″ target=“ _ black”> cve-2025-53138 Windows路由和遠程訪問服務(RRAS)信息公開漏洞披露重要的Windows和遠程訪問(RRAS) href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50156″ target=“ _ black”> cve-2025-50156 Windows路由和遠程訪問服務(RRAS)信息公開信息披露漏洞的信息重要的Winders coutherability Winders coutherability Winders途徑和遠程訪問 cve-2025-49757 Windows Routing and Windows Routing and Remote Access and Remote Access Service(RRAS)遠程代碼可執行Windows和遠程訪問(RRAS) href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53719″ target=“ _ black”> cve-2025-53719 Windows Ruting and Windows路由和遠程訪問服務(RRAS)信息公開漏洞披露重要的Windows和遠程訪問(RRAS) cve-2025-53720 Windows路由和遠程訪問服務(RRAS)遠程代碼執行範圍遠程代碼執行遠程路由和遠程訪問(RRAS) href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50160″ target=“ _ black”> cve-2025-50160 Windows Rateing and遠程訪問服務(RRAS) href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-53769″ target=“ _ blank”> cve-2025-53769 href=“ https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-50169″ target=“ _ black”> cve-2025-50169 href=”https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53789″ target=”_blank”>CVE-2025-53789 Windows StateRepository API Server file Elevation of Privilege Vulnerability Important Windows Subsystem for Linux CVE-2025-53788 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability Important Windows Win32K – GRFX CVE-2025-50161 Win32k Elevation of Privilege Vulnerability Important Windows Win32K – GRFX CVE-2025-53132 Win32k Elevation of Privilege Vulnerability Important Windows Win32K – ICOMP CVE-2025-50168 Win32k Elevation of Privilege Vulnerability Important