Microsoft has fixed more than 100 vulnerabilities in Windows and Office
By ForGeeks
On Tuesday, August 12, Microsoft released its monthly Patch Tuesday security update. The August release included 107 fixed vulnerabilities, including critical glitches in components of Windows, Office and the Edge browser. Despite the scope of the update, Microsoft said that at the time of publication, none of the vulnerabilities are being exploited in real-world attacks.
Microsoft said that the vulnerabilities are not being exploited in real-world attacks.
Vulnerabilities in Windows
Sixty-seven of the 107 issues that have been fixed are related to Windows 10, Windows 11 and Windows Server operating systems. Owners of older versions of Windows 7 and Windows 8.1 remain without security updates. Microsoft recommends upgrading to Windows 11 24H2 if device specifications allow.
Critical vulnerabilities in Windows
- CVE-2025-53766 – affects Graphics Device Interface API.
- CVE-2025-50165 – affects the Windows Graphics component.
They both allow remote code execution through specially crafted sites or images without user interaction.
- CVE-2025-48807 – allows code to be executed on the host from within a virtual machine.
- CVE-2025-53781 – data leakage.
- CVE-2025-49707 – virtual machine identity forgery vulnerability.
There are also 12 Routing and Remote Access Service (RRAS) vulnerabilities patched, six of which are related to remote code execution and the rest to information leakage. All of them are classified as high risk.
The only previously known vulnerability, CVE-2025-53779, is related to Kerberos in Windows Server 2025. Under certain conditions, it allows administrative access in the domain, but Microsoft has rated it as medium risk.
Vulnerabilities in Office
Microsoft Office products have been patched for 18 vulnerabilities, 16 of which are remote code execution (RCE) vulnerabilities. Four of them are recognized as critical: an attack is possible even through a preview window without opening a file. Two of them affect Word.
The remaining Office vulnerabilities are categorized as high-risk, requiring a specially crafted file to be opened in order to exploit them.
Security Updates for Edge
The security update for Microsoft’s Edge browser (version 139.0.3405.86) was released on August 7. It’s based on Chromium 139.0.7258.67 and closes several vulnerabilities in the engine. An Android version of Edge with the same build number has also been published, which closes two unique vulnerabilities in the mobile version of the browser.
