On Tuesday, Microsoft launched critical fixes for an extensive set of 111 security vulnerabilities affecting its software portfolio. Among these, one flaw was disclosed as publicly known at the time of release. Of the total vulnerabilities, 16 are classified as Critical, 92 as Important, 2 as Moderate, and 1 as Low in severity. Notably, 44 of these vulnerabilities are related to privilege escalation, while others include remote code execution (35), information disclosure (18), spoofing (8), and denial-of-service (4) defects.
This update follows the previous month’s Patch Tuesday, during which Microsoft addressed 16 vulnerabilities within its Chromium-based Edge browser. This included two significant spoofing bugs affecting Edge on Android devices, further highlighting Microsoft’s commitment to enhancing security across its platforms.
Among the vulnerabilities addressed is a significant privilege escalation vulnerability affecting Microsoft Exchange Server hybrid deployments (CVE-2025-53786, CVSS score: 8.0). Additionally, the publicly disclosed zero-day vulnerability, CVE-2025-53779 (CVSS score: 7.2), pertains to a flaw in Windows Kerberos caused by a case of relative path traversal. This vulnerability was discovered and reported by Akamai researcher Yuval Gordon and was previously detailed in May 2025 under the codename BadSuccessor.
The BadSuccessor technique allows a threat actor with sufficient privileges to compromise an Active Directory (AD) domain by misusing delegated Managed Service Account (dMSA) objects. While exploitation requires pre-existing control over certain dMSA attributes, it poses a considerable threat as it could enable attackers to escalate privileges and gain total control over the Active Directory domain.
Experts like Adam Barnett from Rapid7 have highlighted that while the immediate risk is limited, the vulnerability can be exploited in a multi-exploit chain, allowing attackers to transition from minimal administrative rights to full domain control. This could lead to unauthorized impersonation of privileged accounts and the ability to modify security settings, group policies, and audit logs, effectively covering their tracks.
Satnam Narang from Tenable noted that at the time of disclosure, only 0.7% of Active Directory domains had met the prerequisite for exploitation, indicating that while the vulnerability is critical, its immediate impact may be limited. Attackers would need at least one domain controller running Windows Server 2025 to fully exploit this vulnerability.
Some notable vulnerabilities patched by Microsoft this month include:
CVE-2025-53767 (CVSS score: 10.0) - Azure OpenAI Elevation of Privilege Vulnerability CVE-2025-53766 (CVSS score: 9.8) - GDI+ Remote Code Execution Vulnerability CVE-2025-50165 (CVSS score: 9.8) - Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-53792 (CVSS score: 9.1) - Azure Portal Elevation of Privilege Vulnerability CVE-2025-53787 (CVSS score: 8.2) - Microsoft 365 Copilot BizChat Information Disclosure Vulnerability CVE-2025-50177 (CVSS score: 8.1) - Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability CVE-2025-50176 (CVSS score: 7.8) - DirectX Graphics Kernel Remote Code Execution VulnerabilityMicrosoft has confirmed that the three cloud service vulnerabilities impacting Azure OpenAI, Azure Portal, and Microsoft 365 Copilot BizChat have been remediated and require no customer action. However, vulnerabilities like CVE-2025-53766 pose a significant threat as they allow attackers to execute arbitrary code, leading to full system compromise when users interact with specially crafted files.
Moreover, Check Point has identified a flaw in a Rust-based component of the Windows kernel, which could result in a system crash and potentially disrupt numerous computers across an organization. This underscores the necessity of continuous vigilance and proactive patching to maintain system integrity, even with advanced security technologies in place.
In addition to Microsoft, numerous other vendors have released security updates over the past few weeks to address various vulnerabilities. Notable companies include:
7-Zip Adobe Amazon Web Services Apple Cisco Google Linux distributions (e.g., Debian, Ubuntu) Mozilla Zoom And many moreOrganizations are urged to stay updated with the latest patches and security updates to protect themselves from potential exploits stemming from these vulnerabilities. Regular monitoring and application of security best practices are essential in safeguarding digital environments.
