Overview

• Microsoft’s August Patch Tuesday release resolves more than 100 vulnerabilities across Windows, Office, Azure and Hyper-V, including multiple critical remote-code-execution flaws with no reports of active exploitation at release.
• A publicly disclosed Kerberos elevation-of-privilege flaw (CVE-2025-53779) was patched after researchers published functional exploit code that could allow attackers with delegated Managed Service Account access to gain domain administrator rights.
• Shadowserver scans show tens of thousands of unpatched hybrid deployments remain exposed despite last week’s CISA directive on Exchange Server (CVE-2025-53786).
• Recent SharePoint ToolShell zero-days that compromised over 400 organizations prompted Microsoft to patch related vulnerabilities and warn defenders to secure internet-facing SharePoint servers.
• Industry experts noted nearly two in five patches address elevation-of-privilege vulnerabilities, highlighting a shift toward post-compromise attack vectors and underscoring the need to secure domain controllers and cloud-service configurations.