Microsoft just fixed over 107 flaws including one serious zero-day — update your PC right now

News
By published

Zero-day exploit could give attackers admin privileges over a network

Microsoft Windows 11 running on an Apple MacBook laptop.
(Image credit: Shutterstock)

Yesterday was Microsoft’s August 2025 Patch Tuesday, and it was a busy one: The company issued patches for 107 total vulnerabilities including one zero-day flaw for an exploit in Windows Kerberos.

Bleeping Computer reports that of the total flaws that were fixed, thirteen were rated critical. Of those thirteen critical flaws, nine were remote code execution style vulnerabilities, three were information disclosure attacks and one was an elevation of privilege.

The style of bugs from the total number of vulnerabilities breaks down to:

  • 44 Elevation of Privilege vulnerabilities
  • 35 Remote Code Execution vulnerabilities
  • 18 information disclosure vulnerabilities
  • 4 denial of service vulnerabilities
  • 9 spoofing vulnerabilities

The zero-day vulnerability (tracked as CVE-2025-53779)is a Windows Kerberos Elevation of Privilege Vulnerability. It’s a flaw in Kerberos that would permit authenticated hackers to have domain administrator privileges over a network. However, according to Microsoft, the attacker would require elevated access to two dMSA attributes in order to exploit the vulnerability.

The two attributes are msds-groupMSAMembership, which would allow the user to utilize the dMSA and msds-ManagedAccountPreceededByLink, where the attacker needs write access to the attribute which allows them to specify a user that the dMSA can act on behalf of.

Microsoft has attributed the discovery of the flaw to Yuval Gordon of Akamai who published a technical report on the flaw in May.

Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.

More from Tom's Guide

Contract Length
Arrow
Showing 1 of 1 deals
Filters
Arrow
75% off - 1st year
Norton
Norton 360 Deluxe
$119.99
View
See more Computing News
TOPICS
Amber Bouman
Amber Bouman
Senior Editor Security

Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps. 

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.