Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
Yesterday was Microsoft’s August 2025 Patch Tuesday, and it was a busy one: The company issued patches for 107 total vulnerabilities including one zero-day flaw for an exploit in Windows Kerberos.
Bleeping Computer reports that of the total flaws that were fixed, thirteen were rated critical. Of those thirteen critical flaws, nine were remote code execution style vulnerabilities, three were information disclosure attacks and one was an elevation of privilege.
- 44 Elevation of Privilege vulnerabilities
- 35 Remote Code Execution vulnerabilities
- 18 information disclosure vulnerabilities
- 4 denial of service vulnerabilities
- 9 spoofing vulnerabilities
The zero-day vulnerability (tracked as CVE-2025-53779)is a Windows Kerberos Elevation of Privilege Vulnerability. It’s a flaw in Kerberos that would permit authenticated hackers to have domain administrator privileges over a network. However, according to Microsoft, the attacker would require elevated access to two dMSA attributes in order to exploit the vulnerability.
The two attributes are msds-groupMSAMembership, which would allow the user to utilize the dMSA and msds-ManagedAccountPreceededByLink, where the attacker needs write access to the attribute which allows them to specify a user that the dMSA can act on behalf of.
Microsoft has attributed the discovery of the flaw to Yuval Gordon of Akamai who published a technical report on the flaw in May.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
More from Tom's Guide
- Email security features are being hijacked to steal Microsoft 365 logins — what you need to know
- National Public Data is giving out your address and phone number — here's how to stop them
- Hackers love these 7 smart home devices — here’s how to keep them secure
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
