Microsoft on Tuesday rolled out fixes for a huge set of 111 safety flaws throughout its software program portfolio, together with one flaw that has been disclosed as publicly identified on the time of the discharge.
Of the 111 vulnerabilities, 16 are rated Essential, 92 are rated Essential, two are rated Average, and one is rated Low in severity. Forty-four of the vulnerabilities relate to privilege escalation, adopted by distant code execution (35), info disclosure (18), spoofing (8), and denial-of-service (4) defects.
That is along with 16 vulnerabilities addressed in Microsoft’s Chromium-based Edge browser because the launch of final month’s Patch Tuesday replace, together with two spoofing bugs affecting Edge for Android.
Included among the many vulnerabilities is a privilege escalation vulnerability impacting Microsoft Trade Server hybrid deployments (CVE-2025-53786, CVSS rating: 8.0) that Microsoft disclosed final week.
The publicly disclosed zero-day is CVE-2025-53779 (CVSS rating: 7.2), one other privilege escalation flaw in Home windows Kerberos that stems from a case of relative path traversal. Akamai researcher Yuval Gordon has been credited with discovering and reporting the bug.
It is value mentioning right here that the problem was documented intimately again in Could 2025 by the net infrastructure and safety firm, giving it the codename BadSuccessor. The novel method basically permits a risk actor with ample privileges to compromise an Energetic Listing (AD) area by misusing delegated Managed Service Account (dMSA) objects.
“The excellent news right here is that profitable exploitation of CVE-2025-53779 requires an attacker to have pre-existing management of two attributes of the hopefully nicely protected dMSA: msds-groupMSAMembership, which determines which customers might use credentials for the managed service account, and msds-ManagedAccountPrecededByLink, which incorporates a listing of customers on whose behalf the dMSA can act,” Adam Barnett, lead software program engineer at Rapid7, informed The Hacker Information.
“Nonetheless, abuse of CVE-2025-53779 is actually believable as the ultimate hyperlink of a multi-exploit chain which stretches from no entry to whole pwnage.”
Action1’s Mike Walters famous that the trail traversal flaw might be abused by an attacker to create improper delegation relationships, enabling them to impersonate privileged accounts, escalate to a website administrator, and doubtlessly acquire full management of the Energetic Listing area.
“An attacker who already has a compromised privileged account can use it to maneuver from restricted administrative rights to full area management,” Walters added. “It will also be paired with strategies reminiscent of Kerberoasting or Silver Ticket assaults to keep up persistence.”
“With area administrator privileges, attackers can disable safety monitoring, modify Group Coverage, and tamper with audit logs to cover their exercise. In multi-forest environments or organizations with companion connections, this flaw may even be leveraged to maneuver from one compromised area to others in a provide chain assault.”
Satnam Narang, senior workers analysis engineer at Tenable, stated the instant influence of BadSuccessor is restricted, as solely 0.7% of Energetic Listing domains had met the prerequisite on the time of disclosure. “To take advantage of BadSuccessor, an attacker will need to have no less than one area controller in a website operating Home windows Server 2025 with a purpose to obtain area compromise,” Narang identified.
A number of the notable Essential-rated vulnerabilities patched by Redmond this month are under –
- CVE-2025-53767 (CVSS rating: 10.0) – Azure OpenAI Elevation of Privilege Vulnerability
- CVE-2025-53766 (CVSS rating: 9.8) – GDI+ Distant Code Execution Vulnerability
- CVE-2025-50165 (CVSS rating: 9.8) – Home windows Graphics Part Distant Code Execution Vulnerability
- CVE-2025-53792 (CVSS rating: 9.1) – Azure Portal Elevation of Privilege Vulnerability
- CVE-2025-53787 (CVSS rating: 8.2) – Microsoft 365 Copilot BizChat Data Disclosure Vulnerability
- CVE-2025-50177 (CVSS rating: 8.1) – Microsoft Message Queuing (MSMQ) Distant Code Execution Vulnerability
- CVE-2025-50176 (CVSS rating: 7.8) – DirectX Graphics Kernel Distant Code Execution Vulnerability
Microsoft famous that the three cloud service CVEs impacting Azure OpenAI, Azure Portal, and Microsoft 365 Copilot BizChat have already been remediated, and that they require no buyer motion.
Verify Level, which disclosed CVE-2025-53766 alongside CVE-2025-30388, stated the vulnerabilities permit attackers to execute arbitrary code on the affected system, resulting in a full system compromise.
“The assault vector includes interacting with a specifically crafted file. When a consumer opens or processes this file, the vulnerability is triggered, permitting the attacker to take management,” the cybersecurity firm stated.
The Israeli agency revealed that it additionally uncovered a vulnerability in a Rust-based part of the Home windows kernel that may end up in a system crash that, in flip, triggers a tough reboot.
“For organizations with massive or distant workforces, the chance is critical: attackers may exploit this flaw to concurrently crash quite a few computer systems throughout an enterprise, leading to widespread disruption and expensive downtime,” Verify Level stated. “This discovery highlights that even with superior safety applied sciences like Rust, steady vigilance and proactive patching are important to sustaining system integrity in a fancy software program setting.”
One other vulnerability of significance is CVE-2025-50154 (CVSS rating: 6.5), an NTLM hash disclosure spoofing vulnerability that is truly a bypass for the same bug (CVE-2025-24054, CVSS rating: 6.5) that was plugged by Microsoft in March 2025.
“The unique vulnerability demonstrated how specifically crafted requests may set off NTLM authentication and expose delicate credentials,” Cymulate researcher Ruben Enkaoua stated. “This new vulnerability […] permits an attacker to extract NTLM hashes with none consumer interplay, even on absolutely patched techniques. By exploiting a refined hole left within the mitigation, an attacker can set off NTLM authentication requests robotically, enabling offline cracking or relay assaults to achieve unauthorized entry.”
Software program Patches from Different Distributors
Along with Microsoft, safety updates have additionally been launched by different distributors over the previous a number of weeks to rectify a number of vulnerabilities, together with —
- 7-Zip
- Adobe
- Amazon Net Providers
- AMD
- AMI
- Apple
- Arm
- ASUS
- Atlassian
- Autodesk
- Axis Communications
- Bosch
- Broadcom (together with VMware)
- Verify Level
- Cisco
- CODESYS
- D-Hyperlink
- Dell
- Drupal
- Elastic
- Emerson
- F5
- Fortinet
- Fortra
- Foxit Software program
- FUJIFILM
- Fujitsu
- Gigabyte
- GitLab
- Google Android and Pixel
- Google Chrome
- Google Cloud
- Google Put on OS
- HMS Networks
- HP
- HP Enterprise (together with Aruba Networking)
- Huawei
- IBM
- Intel
- Ivanti
- Juniper Networks
- Lenovo
- Linux distributions AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Crimson Hat, Rocky Linux, SUSE, and Ubuntu
- MediaTek
- Mitel
- Mitsubishi Electrical
- Moxa
- Mozilla Firefox, Firefox ESR, and Thunderbird
- NVIDIA
- Palo Alto Networks
- Qualcomm
- Rockwell Automation
- Salesforce
- Samsung
- SAP
- Schneider Electrical
- ServiceNow
- Siemens
- SolarWinds
- SonicWall
- Sophos
- Splunk
- Spring Framework
- Supermicro
- Synology
- TP-Hyperlink
- Development Micro
- WinRAR
- Xerox
- Zimbra
- Zoom, and
- Zyxel
