Microsoft August 2025 Patch Tuesday: Fixes, Zero-Day Vulnerabilities, and Active Directory Threats
Microsoft’s August 2025 Patch Tuesday introduced fixes for over 100 security vulnerabilities, including a Windows Kerberos zero-day called BadSuccessor that enables full Active Directory domain compromise under certain conditions. A range of critical vulnerabilities across Windows components, Azure, and Exchange Server were patched, some requiring additional manual hardening steps beyond the regular update procedures.
BadSuccessor Kerberos Zero-Day: Risks to Active Directory Domains
BadSuccessor is a newly disclosed Windows Kerberos vulnerability allowing attackers with proper prerequisites to fully compromise an Active Directory domain. Specifically, the exploit is possible only if at least one domain controller is running Windows Server 2025. Although the immediate risk is limited—only 0.7% of AD domains meet this requirement at disclosure—the vulnerability highlights the dangers posed by cross-version domain controller deployments and emphasizes the need for timely patching as well as comprehensive domain configuration reviews.
Azure and Windows Critical Vulnerabilities
Several critical-rated vulnerabilities received patches this month:
- CVE-2025-53767 (CVSS 10.0): Azure OpenAI Elevation of Privilege – Enables privilege escalation in Azure OpenAI environments.
- CVE-2025-53766 (CVSS 9.8): GDI+ Remote Code Execution – Could be exploited via crafted image files to execute code remotely.
- CVE-2025-50165 (CVSS 9.8): Windows Graphics Component Remote Code Execution – Poses a risk to any Windows machine processing malicious graphics files.
- CVE-2025-53792 (CVSS 9.1): Azure Portal Elevation of Privilege.
- CVE-2025-53787 (CVSS 8.2): Microsoft 365 Copilot BizChat Information Disclosure.
- CVE-2025-50177 (CVSS 8.1): Microsoft Message Queuing Remote Code Execution.
These vulnerabilities require prompt patching and, in some scenarios, follow-up administrative actions to mitigate exploitation risks.
Exchange Server Hybrid Vulnerability: CVE-2025-53786
CVE-2025-53786 allows attackers to pivot from a compromised on-premises Exchange Server into the cloud environment, risking attacker control of Exchange Online and related Office 365 services. This vulnerability affects Exchange Server 2016, 2019, and Subscription Edition. Researchers identified approximately 29,000 publicly accessible Exchange servers as still vulnerable. Effective remediation involves not only applying patches but also following specific Microsoft guidance to establish a hardened dedicated service for cloud-to-on-premises connectivity.
Windows NTLM Elevation of Privilege: CVE-2025-53778
CVE-2025-53778 is a critical Elevation of Privilege bug in Windows NTLM rated 8.8 in severity. Successful exploitation can yield SYSTEM-level privileges to attackers, increasing risk for lateral movement and persistence in Windows environments. Microsoft’s exploitability index lists this as “Exploitation More Likely,” necessitating swift action for organizations with Windows infrastructure.
Multiple Message Queuing Remote Code Execution Vulnerabilities
Microsoft patched several vulnerabilities (CVE-2025-50177, CVE-2025-53143, CVE-2025-53144, CVE-2025-53145) in Microsoft Message Queuing (MSMQ). CVE-2025-50177 is rated critical and assessed as “Exploitation More Likely.” Attackers could send crafted MSMQ messages to trigger remote execution of arbitrary code, threatening business process automation and legacy messaging deployments that depend on MSMQ.
Trend Micro Apex One Management Console: Command Injection Vulnerabilities Under Active Exploitation
A critical exploit in Trend Micro’s Apex One Management Console (affecting CVE-2025-54948/54987) is currently being actively targeted. The vulnerability can be leveraged for command injection, risking elevated privileges and full control of systems running affected Apex One installations.
Technical Overview
Attackers exploit vulnerable management consoles by sending specially crafted requests containing injected commands, which the console executes without sufficient validation. This bug makes remote compromise as SYSTEM or root possible, particularly dangerous for environments where Apex One is used as central endpoint protection.
Mitigation Guidance
Trend Micro urges urgent patching and review of exposed management console interfaces. Organizations should restrict network access to trusted hosts, monitor for suspicious web requests to the console, and validate that patches are fully deployed across all managed systems.
Privilege Escalation in Amazon ECS: ECScape Vulnerability Unveiled
At Black Hat USA 2025, researchers detailed a new privilege escalation vulnerability, ECScape, which affects EC2-hosted Amazon Elastic Container Service (ECS) environments. The flaw lets attackers elevate privileges inside containers by abusing an undocumented WebSocket channel and EC2 Instance Metadata Service.
Technical Analysis
ECScape targets environments with multiple ECS containers deployed on a single EC2 instance. The exploit involves an attacker-controlled container connecting to an undocumented agent-to-agent WebSocket (ACS), allowing it to access IAM credentials of other containers. By combining this with IMDS access, attackers steal privileges well beyond those assigned to their own container, risking escalation to environment-wide compromise.
Defense Recommendations
Amazon users should review container IAM role assignments, restrict IMDS access, and deploy updated monitoring to detect anomalous inter-container communications. Separating containers by instance and minimizing shared network access can reduce exploitation risks.
AI Prompt Injection Attacks: AgentFlayer Exposes Risks to AI Agents
Zenity researchers showcased “AgentFlayer,” a set of practical prompt injection exploits, targeting leading AI agent platforms including ChatGPT, Microsoft Copilot Studio, and Cursor. Attackers can use both one-click and zero-click exploits to steal credentials, exfiltrate internal documents, and leak user conversation history.
Attack Mechanism
The exploits work by injecting malicious prompts into contexts processed by AI agents, either automatically (zero-click) or via seemingly benign interaction (one-click). These prompts forcibly trigger sensitive commands such as credential export or file retrieval without explicit user approval, bypassing agent controls and typical sandboxing approaches.
Mitigation Strategies
AI vendors should adopt comprehensive input sanitization, contextual prompt verification, and user approval for high-risk commands. Organizations using AI-based agents must monitor interactions, log agent actions, and minimize exposure of confidential content to untrusted sources.
Bouygues Telecom Data Breach: 6.4 Million Customers’ Information Exposed
Bouygues Telecom, a major French carrier, disclosed a data breach affecting 6.4 million customers, with exposed details including contact information, contract details, and IBANs. While passwords and card numbers remained secure, the compromised IBAN data heightens risks of banking fraud and regulatory consequences.
Breach Details and Customer Impact
Attackers accessed customer data via compromised internal systems. Sensitive IBAN exposure may facilitate targeted financial fraud and phishing. The breach highlights weaknesses in data segregation and protection mechanisms for financial identifiers within telecom infrastructure.
Recommended Actions
Customers should monitor banking transactions, review contracted services for suspicious activity, and remain vigilant for targeted phishing. Bouygues Telecom is expected to enhance monitoring and data protection, as regulatory agencies review their breach handling and compliance strategies.
European Media Freedoms Act: Banning State Surveillance of Journalists
The European Media Freedoms Act (EMFA) took effect EU-wide, outlawing most forms of government spyware and surveillance targeting journalists’ devices. The regulation immediately applies in all member states, closing loopholes that previously permitted spyware-based monitoring and eroding editorial independence.
Technical and Legal Implications
EMFA prohibits device monitoring, malware deployment, and interception of communications for journalists except under rare exceptions. This reshapes operational risk models for news organizations and imposes technical and policy requirements for local governments, forcing rapid modernization of investigative practices while empowering whistleblowers and sources.
Enforcement and Penalties
Countries found violating the new regulation face immediate court action, fines, and potential loss of EU funding, establishing a strong incentive for compliance and rapid reform of surveillance practices.