On 12 August 2025, Microsoft released its August 2025 security update, addressing 107 newly disclosed vulnerabilities. Arctic Wolf highlighted four vulnerabilities in this bulletin based on their potential impact. At the time of disclosure, none of the vulnerabilities had been reported as exploited.
Vulnerabilities
| Vulnerability | CVSS | Description |
| CVE-2025-49712 | 8.8 | Microsoft SharePoint Remote Code Execution Vulnerability – Deserialisation of untrusted data in Microsoft Office SharePoint allows an authorised attacker to execute code over a network. |
| CVE-2025-50177 | 8.1 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability – Use after free in Windows Message Queuing allows an unauthorised attacker to execute code over a network. |
| CVE-2025-53778 | 8.8 | Windows NTLM Elevation of Privilege Vulnerability – Improper authentication in Windows NTLM allows an authorised attacker to elevate privileges over a network. |
| CVE-2025-53779 | 7.2 | Windows Kerberos Elevation of Privilege Vulnerability – Relative path traversal in Windows Kerberos allows an authorised attacker to elevate privileges over a network.
Although a technical write-up and public proof of concept exists for this vulnerability, active exploitation has not been observed by Microsoft. |
Recommendation
Upgrade to Latest Fixed Versions
Arctic Wolf strongly recommends that customers upgrade to the latest fixed versions.
| Product | CVE | Update |
| Windows Server 2025 | CVE-2025-53779, CVE-2025-53778, CVE-2025-50177 | 5063878, 5064010 |
| Windows Server 2022, 23H2 Edition | CVE-2025-53778, CVE-2025-50177 | 5063899 |
| Windows Server 2022 | CVE-2025-53778, CVE-2025-50177 | 5063880, 5063812 |
| Windows Server 2019 | CVE-2025-53778, CVE-2025-50177 | 5063877 |
| Windows Server 2016 | CVE-2025-53778, CVE-2025-50177 | 5063871 |
| Windows Server 2012 R2 | CVE-2025-53778, CVE-2025-50177 | 5063950 |
| Windows Server 2012 | CVE-2025-53778, CVE-2025-50177 | 5063906 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | CVE-2025-53778, CVE-2025-50177 | 5063947, 5063927 |
| Windows Server 2008 for 32-bit and x64-based Systems Service Pack 2 | CVE-2025-53778, CVE-2025-50177 | 5063888, 5063948 |
| Windows 11 Version 24H2 for x64-based and ARM64-based Systems | CVE-2025-53778, CVE-2025-50177 | 5063878, 5064010 |
| Windows 11 Version 23H2 for x64-based and ARM64-based Systems | CVE-2025-53778, CVE-2025-50177 | 5063875 |
| Windows 11 Version 22H2 for x64-based and ARM64-based Systems | CVE-2025-53778, CVE-2025-50177 | 5063875 |
| Windows 10 Version 22H2 for 32-bit, x64-based, and ARM64-based Systems | CVE-2025-53778, CVE-2025-50177 | 5063709 |
| Windows 10 Version 21H2 for 32-bit, x64-based, and ARM64-based Systems | CVE-2025-53778, CVE-2025-50177 | 5063709 |
| Windows 10 Version 1809 for 32-bit and x64-based Systems | CVE-2025-53778, CVE-2025-50177 | 5063877 |
| Windows 10 Version 1607 for 32-bit and x64-based Systems | CVE-2025-53778, CVE-2025-50177 | 5063871 |
| Windows 10 for 32-bit and x64-based Systems | CVE-2025-53778, CVE-2025-50177 | 5063889 |
| Microsoft SharePoint Server 2019 | CVE-2025-49712 | 5002769 |
| Microsoft SharePoint Enterprise Server 2016 | CVE-2025-49712 | 5002771 |
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.
References
Resources
Understand the threat landscape, and how to better defend your organisation, with the 2025 Arctic Wolf Threat Report.
See how Arctic Wolf utilises threat intelligence to harden your attack surface and stop threats earlier and faster.
