Full Report
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Analysis Summary
# Critical Patches Issued for Microsoft Products, August 12, 2025
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user.
## Key Points
- Multiple vulnerabilities have been discovered in Microsoft products.
- The most severe vulnerability could allow for remote code execution with elevated privileges.
- Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
## Threat Actors
No reports of these vulnerabilities being exploited in the wild.
## TTPs
Multiple techniques used, including:
- Remote code execution
- Elevated privileges
- Malicious code injection
## Affected Systems
- Microsoft Exchange Server
- SQL Server
- Role: Windows Hyper-V
- Azure Virtual Machines
- Microsoft Office SharePoint
- Microsoft Edge for Android
- Microsoft Graphics Component
- Microsoft Dynamics 365 (on-premises)
- Windows Routing and Remote Access Service (RRAS)
- Windows Kernel
- Windows Ancillary Function Driver for WinSock
- Desktop Windows Manager
- Windows File Explorer
- Windows Push Notifications
- Windows NTFS
- Remote Access Point-to-Point Protocol (PPP) EAP-TLS
- Windows Win32K - GRFX
- Windows Distributed Transaction Coordinator
- Windows Win32K - ICOMP
- Windows SMB
- Windows Cloud Files Mini Filter Driver
- Remote Desktop Server
- Windows DirectX
- Windows Installer
- Graphics Kernel
- Windows Message Queuing
- Windows Media
- Windows PrintWorkflowUserSvc
- Windows NT OS Kernel
- Kernel Transaction Manager
- Microsoft Brokering File System
- Kernel Streaming WOW Thunk Service Driver
- Storage Port Driver
- Windows Local Security Authority Subsystem Service (LSASS)
- Windows Connected Devices Platform Service
- Windows Remote Desktop Services
- Azure File Sync
- Microsoft Office VisiMicrosoft Office
- Microsoft Office Word
- Microsoft Office Excel
- Microsoft Office PowerPoint
- Azure Stack
- Windows GDI
- Azure OpenAI
- Windows Security App
- Web Deploy
- GitHub Copilot and VisualStudioMicrosoft 365 Copilot's Business Chat
- Windows NTLM
- Windows Kerberos
- Microsoft Teams
- Windows Subsystem for Linux
- Windows StateRepository API
- Azure Portal
## Mitigations
- Apply appropriate patches or mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing.
- Safeguard 7.1: Establish and Maintain a Vulnerability Management Process
- Safeguard 7.4: Perform Automated Application Patch Management
- Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software
- Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts
- Remind all users not to visit untrusted websites or follow links/open files provided by unknown or untrusted sources.
- Safeguard 14.1: Establish and Maintain a Security Awareness Program
## Conclusion
The most severe vulnerability could allow for remote code execution with elevated privileges, posing significant risks to affected systems and users. It is crucial to apply patches and implement recommended mitigations to minimize the impact of this incident.