Microsoft August 2025 Patch Tuesday: 107 Flaws Fixed, Including a Windows Kerberos Zero-Day

Microsoft August 2025 Patch Tuesday: 107 Flaws Fixed, Including a Windows Kerberos Zero-Day

On August 12, 2025, Microsoft released its monthly Patch Tuesday updates, addressing 107 vulnerabilities across its product ecosystem. Among them is a publicly disclosed zero-day in Windows Kerberos (CVE-2025-53779), posing a serious risk to enterprise environments.

🔐 The Zero-Day
The Kerberos flaw allows an authenticated attacker to gain domain administrator privileges, potentially giving them full control over an Active Directory environment.

• Exploiting it requires access to certain dMSA attributes like msds-groupMSAMembership and msds-ManagedAccountPrecededByLink.
• The vulnerability was discovered by Yuval Gordon (Akamai), who published a technical analysis earlier this year.

⚠️ Other Highlights from this Patch Tuesday

• 13 vulnerabilities rated Critical
• 35 Remote Code Execution
• 44 Elevation of Privilege
• 18 Information Disclosure
• 9 Spoofing
• 4 Denial of Service

📌 Notably, the zero-day could be weaponized quickly, making it critical for organizations to patch immediately. Delays in updates leave systems vulnerable to exploitation and lateral movement inside networks.

👉 Alcaeus Services recommends that businesses deploy August security updates as a priority, especially domain controllers running Windows Kerberos.