Sierpniowy Wtorek Microsoftu 2025. (P25-265)

cert.pse-online.pl 2 tygodni temu

Sierpniowy Patch Tuesday firmy Microsoft z 2025 r. zawiera aktualizacje zabezpieczeń dla 107 luk, w tym jedną publicznie ujawnioną lukę typu zero-day w systemie Windows Kerberos.

Ten Patch Tuesday naprawia również trzynaście luk „krytycznych”, z których dziewięć to luki umożliwiające zdalne wykonanie kodu, trzy to ujawnienie informacji, a jedna to podniesienie uprawnień.

Liczba błędów w każdej kategorii luk jest wymieniona poniżej:

• 44 luki umożliwiające podniesienie uprawnień

• 35 luk umożliwiających zdalne wykonanie kodu

• 18 luk umożliwiających ujawnienie informacji

• 4 luki umożliwiające odmowę usługi (DMS)

• 9 luk umożliwiających podszywanie się

TagCVE IDTytuł CVEKrytyczność
Azure File SyncCVE-2025-53729Microsoft Azure File Sync Elevation of Privilege VulnerabilityWysoka
Azure StackCVE-2025-53793Azure Stack Hub Information Disclosure VulnerabilityKrytyczna
Azure StackCVE-2025-53765Azure Stack Hub Information Disclosure VulnerabilityWysoka
Azure Virtual MachinesCVE-2025-49707Azure Virtual Machines Spoofing VulnerabilityKrytyczna
Azure Virtual MachinesCVE-2025-53781Azure Virtual Machines Information Disclosure VulnerabilityKrytyczna
Desktop Windows ManagerCVE-2025-53152Desktop Windows Manager Remote Code Execution VulnerabilityWysoka
Desktop Windows ManagerCVE-2025-50153Desktop Windows Manager Elevation of Privilege VulnerabilityWysoka
GitHub Copilot and Visual StudioCVE-2025-53773GitHub Copilot and Visual Studio Remote Code Execution VulnerabilityWysoka
Graphics KernelCVE-2025-50176DirectX Graphics Kernel Remote Code Execution VulnerabilityKrytyczna
Kernel Streaming WOW Thunk Service DriverCVE-2025-53149Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityWysoka
Kernel Transaction ManagerCVE-2025-53140Windows Kernel Transaction Manager Elevation of Privilege VulnerabilityWysoka
Microsoft Brokering File SystemCVE-2025-53142Microsoft Brokering File System Elevation of Privilege VulnerabilityWysoka
Microsoft Dynamics 365 (on-premises)CVE-2025-49745Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityWysoka
Microsoft Dynamics 365 (on-premises)CVE-2025-53728Microsoft Dynamics 365 (On-Premises) Information Disclosure VulnerabilityWysoka
Microsoft Edge for AndroidCVE-2025-49755Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityNiska
Microsoft Edge for AndroidCVE-2025-49736Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityŚrednia
Microsoft Exchange ServerCVE-2025-25005Microsoft Exchange Server Tampering VulnerabilityWysoka
Microsoft Exchange ServerCVE-2025-25006Microsoft Exchange Server Spoofing VulnerabilityWysoka
Microsoft Exchange ServerCVE-2025-25007Microsoft Exchange Server Spoofing VulnerabilityWysoka
Microsoft Exchange ServerCVE-2025-53786Microsoft Exchange Server Hybrid Deployment Elevation of Privilege VulnerabilityWysoka
Microsoft Exchange ServerCVE-2025-33051Microsoft Exchange Server Information Disclosure VulnerabilityWysoka
Microsoft Graphics ComponentCVE-2025-49743Windows Graphics Component Elevation of Privilege VulnerabilityWysoka
Microsoft Graphics ComponentCVE-2025-50165Windows Graphics Component Remote Code Execution VulnerabilityKrytyczna
Microsoft OfficeCVE-2025-53732Microsoft Office Remote Code Execution VulnerabilityWysoka
Microsoft OfficeCVE-2025-53740Microsoft Office Remote Code Execution VulnerabilityKrytyczna
Microsoft OfficeCVE-2025-53731Microsoft Office Remote Code Execution VulnerabilityKrytyczna
Microsoft Office ExcelCVE-2025-53759Microsoft Excel Remote Code Execution VulnerabilityWysoka
Microsoft Office ExcelCVE-2025-53737Microsoft Excel Remote Code Execution VulnerabilityWysoka
Microsoft Office ExcelCVE-2025-53739Microsoft Excel Remote Code Execution VulnerabilityWysoka
Microsoft Office ExcelCVE-2025-53735Microsoft Excel Remote Code Execution VulnerabilityWysoka
Microsoft Office ExcelCVE-2025-53741Microsoft Excel Remote Code Execution VulnerabilityWysoka
Microsoft Office PowerPointCVE-2025-53761Microsoft PowerPoint Remote Code Execution VulnerabilityWysoka
Microsoft Office SharePointCVE-2025-53760Microsoft SharePoint Elevation of Privilege VulnerabilityWysoka
Microsoft Office SharePointCVE-2025-49712Microsoft SharePoint Remote Code Execution VulnerabilityWysoka
Microsoft Office VisioCVE-2025-53730Microsoft Office Visio Remote Code Execution VulnerabilityWysoka
Microsoft Office VisioCVE-2025-53734Microsoft Office Visio Remote Code Execution VulnerabilityWysoka
Microsoft Office WordCVE-2025-53738Microsoft Word Remote Code Execution VulnerabilityWysoka
Microsoft Office WordCVE-2025-53736Microsoft Word Information Disclosure VulnerabilityWysoka
Microsoft Office WordCVE-2025-53784Microsoft Word Remote Code Execution VulnerabilityKrytyczna
Microsoft Office WordCVE-2025-53733Microsoft Word Remote Code Execution VulnerabilityKrytyczna
Microsoft TeamsCVE-2025-53783Microsoft Teams Remote Code Execution VulnerabilityWysoka
Remote Access Point-to-Point Protocol (PPP) EAP-TLSCVE-2025-50159Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege VulnerabilityWysoka
Remote Desktop ServerCVE-2025-50171Remote Desktop Spoofing VulnerabilityWysoka
Role: Windows Hyper-VCVE-2025-50167Windows Hyper-V Elevation of Privilege VulnerabilityWysoka
Role: Windows Hyper-VCVE-2025-53155Windows Hyper-V Elevation of Privilege VulnerabilityWysoka
Role: Windows Hyper-VCVE-2025-49751Windows Hyper-V Denial of Service VulnerabilityWysoka
Role: Windows Hyper-VCVE-2025-53723Windows Hyper-V Elevation of Privilege VulnerabilityWysoka
Role: Windows Hyper-VCVE-2025-48807Windows Hyper-V Remote Code Execution VulnerabilityKrytyczna
SQL ServerCVE-2025-49758Microsoft SQL Server Elevation of Privilege VulnerabilityWysoka
SQL ServerCVE-2025-24999Microsoft SQL Server Elevation of Privilege VulnerabilityWysoka
SQL ServerCVE-2025-53727Microsoft SQL Server Elevation of Privilege VulnerabilityWysoka
SQL ServerCVE-2025-49759Microsoft SQL Server Elevation of Privilege VulnerabilityWysoka
SQL ServerCVE-2025-47954Microsoft SQL Server Elevation of Privilege VulnerabilityWysoka
Storage Port DriverCVE-2025-53156Windows Storage Port Driver Information Disclosure VulnerabilityWysoka
Web DeployCVE-2025-53772Web Deploy Remote Code Execution VulnerabilityWysoka
Windows Ancillary Function Driver for WinSockCVE-2025-53718Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityWysoka
Windows Ancillary Function Driver for WinSockCVE-2025-53134Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityWysoka
Windows Ancillary Function Driver for WinSockCVE-2025-49762Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityWysoka
Windows Ancillary Function Driver for WinSockCVE-2025-53147Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityWysoka
Windows Ancillary Function Driver for WinSockCVE-2025-53154Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityWysoka
Windows Ancillary Function Driver for WinSockCVE-2025-53137Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityWysoka
Windows Ancillary Function Driver for WinSockCVE-2025-53141Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityWysoka
Windows Cloud Files Mini Filter DriverCVE-2025-50170Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityWysoka
Windows Connected Devices Platform ServiceCVE-2025-53721Windows Connected Devices Platform Service Elevation of Privilege VulnerabilityWysoka
Windows DirectXCVE-2025-53135DirectX Graphics Kernel Elevation of Privilege VulnerabilityWysoka
Windows DirectXCVE-2025-50172DirectX Graphics Kernel Denial of Service VulnerabilityWysoka
Windows Distributed Transaction CoordinatorCVE-2025-50166Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure VulnerabilityWysoka
Windows File ExplorerCVE-2025-50154Microsoft Windows File Explorer Spoofing VulnerabilityWysoka
Windows GDI+CVE-2025-53766GDI+ Remote Code Execution VulnerabilityKrytyczna
Windows InstallerCVE-2025-50173Windows Installer Elevation of Privilege VulnerabilityWysoka
Windows KerberosCVE-2025-53779Windows Kerberos Elevation of Privilege VulnerabilityŚrednia
Windows KernelCVE-2025-49761Windows Kernel Elevation of Privilege VulnerabilityWysoka
Windows KernelCVE-2025-53151Windows Kernel Elevation of Privilege VulnerabilityWysoka
Windows Local Security Authority Subsystem Service (LSASS)CVE-2025-53716Local Security Authority Subsystem Service (LSASS) Denial of Service VulnerabilityWysoka
Windows MediaCVE-2025-53131Windows Media Remote Code Execution VulnerabilityWysoka
Windows Message QueuingCVE-2025-53145Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityWysoka
Windows Message QueuingCVE-2025-53143Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityWysoka
Windows Message QueuingCVE-2025-50177Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityKrytyczna
Windows Message QueuingCVE-2025-53144Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityWysoka
Windows NT OS KernelCVE-2025-53136NT OS Kernel Information Disclosure VulnerabilityWysoka
Windows NTFSCVE-2025-50158Windows NTFS Information Disclosure VulnerabilityWysoka
Windows NTLMCVE-2025-53778Windows NTLM Elevation of Privilege VulnerabilityKrytyczna
Windows PrintWorkflowUserSvcCVE-2025-53133Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityWysoka
Windows Push NotificationsCVE-2025-53725Windows Push Notifications Apps Elevation of Privilege VulnerabilityWysoka
Windows Push NotificationsCVE-2025-53724Windows Push Notifications Apps Elevation of Privilege VulnerabilityWysoka
Windows Push NotificationsCVE-2025-50155Windows Push Notifications Apps Elevation of Privilege VulnerabilityWysoka
Windows Push NotificationsCVE-2025-53726Windows Push Notifications Apps Elevation of Privilege VulnerabilityWysoka
Windows Remote Desktop ServicesCVE-2025-53722Windows Remote Desktop Services Denial of Service VulnerabilityWysoka
Windows Routing and Remote Access Service (RRAS)CVE-2025-50157Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityWysoka
Windows Routing and Remote Access Service (RRAS)CVE-2025-53153Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityWysoka
Windows Routing and Remote Access Service (RRAS)CVE-2025-50163Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityWysoka
Windows Routing and Remote Access Service (RRAS)CVE-2025-50162Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityWysoka
Windows Routing and Remote Access Service (RRAS)CVE-2025-50164Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityWysoka
Windows Routing and Remote Access Service (RRAS)CVE-2025-53148Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityWysoka
Windows Routing and Remote Access Service (RRAS)CVE-2025-53138Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityWysoka
Windows Routing and Remote Access Service (RRAS)CVE-2025-50156Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityWysoka
Windows Routing and Remote Access Service (RRAS)CVE-2025-49757Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityWysoka
Windows Routing and Remote Access Service (RRAS)CVE-2025-53719Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityWysoka
Windows Routing and Remote Access Service (RRAS)CVE-2025-53720Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityWysoka
Windows Routing and Remote Access Service (RRAS)CVE-2025-50160Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityWysoka
Windows Security AppCVE-2025-53769Windows Security App Spoofing VulnerabilityWysoka
Windows SMBCVE-2025-50169Windows SMB Remote Code Execution VulnerabilityWysoka
Windows StateRepository APICVE-2025-53789Windows StateRepository API Server file Elevation of Privilege VulnerabilityWysoka
Windows Subsystem for LinuxCVE-2025-53788Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege VulnerabilityWysoka
Windows Win32K – GRFXCVE-2025-50161Win32k Elevation of Privilege VulnerabilityWysoka
Windows Win32K – GRFXCVE-2025-53132Win32k Elevation of Privilege VulnerabilityWysoka
Windows Win32K – ICOMPCVE-2025-50168Win32k Elevation of Privilege VulnerabilityWysoka
Idź do oryginalnego materiału
  1. Strona główna
  2. Podatności i biuletyny
  3. Sierpniowy Wtorek Microsoftu 2025. (P25-265)

Powiązane

Aktywnie wykorzystywana krytyczna podatność w wirtualnej centrali FreePBX

Aktywnie wykorzystywana krytyczna podatność w wirtualnej cen...

3 dni temu
Krytyczna luka w Chrome wykryta przez agenta AI — co warto wiedzieć

Krytyczna luka w Chrome wykryta przez agenta AI — co warto w...

4 dni temu
Krytyczna podatność w Chrome. Znalazł ją agent AI

Krytyczna podatność w Chrome. Znalazł ją agent AI

5 dni temu
Podatności w oprogramowaniu Payload CMS

Podatności w oprogramowaniu Payload CMS

5 dni temu
Cisco NetScaler pod ostrzałem – groźny zero-day umożliwia zdalne przejęcie systemów

Cisco NetScaler pod ostrzałem – groźny zero-day umożliwia zd...

6 dni temu
Podatności w oprogramowaniu OpenSolution QuickCMS

Podatności w oprogramowaniu OpenSolution QuickCMS

6 dni temu
Pełna widoczność punktów końcowych jako fundament bezpieczeństwa

Pełna widoczność punktów końcowych jako fundament bezpieczeń...

1 tydzień temu
Podatności w oprogramowaniu CGM CLININET

Podatności w oprogramowaniu CGM CLININET

1 tydzień temu
Chrome i Firefox z podatnościami

Chrome i Firefox z podatnościami

1 tydzień temu