Patchday Microsoft: Attackers can become domain admins
Important security updates for Exchange Server, Office and Windows, among others, were released on Patchday in August.
(Image: heise online)
Even if there are no reported attacks so far, admins of Microsoft software should ensure that Windows Update is active and the latest security patches are installed. A vulnerability in Kerberos is publicly known, and attacks may be imminent.
Dangerous security vulnerabilities
If attackers successfully exploit the Kerberos vulnerability (CVE-2025-53779 “high”) in Windows Server 2025, they can take over entire domains as an admin. The vulnerability is found in the delegated Managed Service Account (dMSA) feature introduced in Windows Server 2025. However, according to a warning message, attackers must already have certain access rights for dMSA to be able to initiate an attack.
Malicious code vulnerabilities threaten Windows and Office, among others. For example, local attackers can use a vulnerability (CVE-2025-50176 “high”) in the DirectX Graphics Kernel to push and execute malicious code on Windows 11 PCs. A Word vulnerability (CVE-2025-53733 “high”) can also allow malicious code to pass through to computers. According to Microsoft, attackers can initiate attacks via the preview of a document.
Videos by heise
If an attack on Azure Virtual Machines (CVE-2025-53781 “high”) succeeds, information can be leaked. A vulnerability in the NTLM authentication process (CVE-2025-53778 “high”) can give attackers system rights under Windows. Windows 11 and various Windows Server editions, among others, are at risk.
Complete overview
Microsoft lists further information on gaps and security updates closed on Patchday in August in the Security Update Guide.
(des)
