Large August replace fixes dozens of safety flaws in Home windows and Workplace

Important Home windows vulnerabilities

A lot of the vulnerabilities—58 this time—are unfold throughout the assorted Home windows variations for which Microsoft nonetheless provides safety updates: Home windows 10, Home windows 11, and Home windows Server.

Home windows 7 and eight.1 are not getting safety updates, so they continue to be as weak as ever. For those who’re nonetheless on these variations and your system necessities enable for it, it is best to swap to Home windows 11 as quickly as attainable to proceed receiving safety updates.

Microsoft has categorized 7 safety vulnerabilities in Home windows as essential, together with 4 distant code execution (RCE) vulnerabilities. 5 of those essential vulnerabilities are in graphics parts. It may be sufficient to open an contaminated picture file (say, loaded from a web site) to execute malicious code. The CVE-2025-53799 information leak vulnerability stands out as a result of its exploitation can solely expose a small a part of working reminiscence. It stays unclear why this one’s thought-about essential.

Microsoft has additionally mounted 5 safety vulnerabilities in Hyper-V, one in every of which (CVE-2025-55224) is categorized as essential. The others are elevation of privilege (EOP) vulnerabilities. CVE-2025-54918 within the NT LAN Supervisor can be an EOP vulnerability labeled as essential. An attacker with person rights can acquire system authorizations by way of the community, and it’s easy sufficient that it might be used as a part of a focused assault.

Different Home windows vulnerabilities

The vulnerability with the best vulnerability rating is CVE-2025-55232 within the Excessive Efficiency Compute (HPC) Pack. An attacker may remotely inject code and not using a person account and execute it on their very own. This makes the vulnerability doubtlessly wormable inside an HPC community. As a rule, it solely impacts clusters of high-performance computer systems which are already safe. Microsoft recommends blocking TCP port 5999.

Microsoft has eradicated 10 vulnerabilities within the Routing and Distant Entry Service (RRAS) this month, in comparison with 12 final month. This time there are solely two RCE vulnerabilities, the remainder are information leaks. All are categorized as excessive danger. Within the Home windows Firewall service, Microsoft has mounted 6 EOP vulnerabilities which are thought-about excessive danger. An attacker with person rights may use these to acquire the authorizations of an area system account in an effort to execute malicious code.

Important Workplace vulnerabilities

Microsoft has mounted 16 vulnerabilities in its Workplace product household, together with 12 distant code execution (RCE) vulnerabilities. Certainly one of these RCE vulnerabilities (CVE-2025-54910) is labeled as essential as a result of the preview window is taken into account an assault vector. Which means that an assault may happen just by displaying an contaminated file within the preview, even when the person doesn’t click on on it or open it.

Microsoft categorizes the opposite Workplace vulnerabilities as excessive danger. Right here, a person should open an contaminated file for the exploit code to take impact (“open to personal”). There are 8 mounted RCE vulnerabilities in Excel alone.

Browser safety updates

The newest safety replace to Edge 140.0.3485.54 was launched on September fifth and is predicated on Chromium 140.0.7339.81. It fixes a number of Chromium vulnerabilities in addition to an Edge-specific vulnerability. Google has since launched a brand new safety replace, which Microsoft must reply to later this week.