مایکروسافت آپدیت امنیتی سه شنبه های ماه آگوست ۲۰۲۵ خود که شامل وصله های امنیتی برای ۱۰۷ آسیب پذیری، از جمله یک آسیبپذیری Zero-day افشا شدهی عمومی در Windows Kerberos، است را منتشر کرده است.
آپدیت امنیتی آگوست 2025 مایکروسافت همچنین 13 آسیبپذیری «بحرانی» را برطرف میکند که 9 مورد از آنها آسیبپذیریهای اجرای کد از راه دور، 3 مورد افشای اطلاعات و یک مورد افزایش امتیاز هستند.
تعداد آسیب پذیری ها در هر دسته به شکل زیر است:
• 44 Elevation of Privilege Vulnerabilities
• 35 Remote Code Execution Vulnerabilities
• 18 Information Disclosure Vulnerabilities
• 4 Denial of Service Vulnerabilities
• 9 Spoofing Vulnerabilities
یک آسیبپذیری zero-day که بهطور عمومی افشا شده بود، برطرف شد.
در آپدیت این ماه، یک آسیبپذیری zero-day که بهطور عمومی افشا شده بود را در Microsoft SQL Server برطرف کرد.
CVE-2025-53779 – Windows Kerberos Elevation of Privilege Vulnerability
این آسیب پذیری در Windows Kerberos به یک مهاجم احراز هویت شده اجازه میدهد تا به امتیازات مدیر دامنه دست یابد. به گفته مایکروسافت، پیمایش مسیر نسبی در Windows Kerberos به یک مهاجم مجاز اجازه میدهد تا امتیازات خود را در یک شبکه افزایش دهد و مهاجم برای سوءاستفاده از این نقص باید به ویژگیهای dMSA زیر دسترسی بالایی داشته باشد:
msds-groupMSAMembership: این ویژگی به کاربر اجازه میدهد تا از dMSA استفاده کند.
msds-ManagedAccountPrecededByLink: مهاجم به دسترسی نوشتن در این ویژگی نیاز دارد که به او اجازه میدهد کاربری را مشخص کند که dMSA بتواند از طرف او عمل کند.
آپدیت اخیر از سایر شرکتها
- 7-Zip released a security update for a path traversal flaw that could lead to RCE.
- Adobe released emergency updates for AEM Forms zero-days after PoCs were released.
- Cisco released patches for WebEx and Identity Services Engine.
- Fortinet released security updates today for multiple products, including FortiOS, FortiManager, FortiSandbox, and FortiProxy.
- Google released security updates for Android that fix two actively exploited Qualcomm vulnerabilities.
- Microsoft warned about a Microsoft Exchange flaw tracked as CVE-2025-53786 that could be used to hijack cloud environments.
- Proton fixed a bug in its new Authenticator app for iOS that logged users’ sensitive TOTP secrets in plaintext.
- SAP released the July security updates for multiple products, including numerous vulnerabilities with a 9.9 rating.
- Trend Micro released a “fix tool” for an actively exploited remote code execution vulnerability in Apex One. Full security updates will come at a later date.
- WinRAR released a security update at the end of July for an actively exploited path traversal bug that could lead to remote code execution.
لیست کامل آپدیت امنیتی آگوست 2025 مایکروسافت
| Tag | CVE ID | CVE Title | Severity |
| Azure File Sync | CVE-2025-53729 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | Important |
| Azure Stack | CVE-2025-53793 | Azure Stack Hub Information Disclosure Vulnerability | Critical |
| Azure Stack | CVE-2025-53765 | Azure Stack Hub Information Disclosure Vulnerability | Important |
| Azure Virtual Machines | CVE-2025-49707 | Azure Virtual Machines Spoofing Vulnerability | Critical |
| Azure Virtual Machines | CVE-2025-53781 | Azure Virtual Machines Information Disclosure Vulnerability | Critical |
| Desktop Windows Manager | CVE-2025-53152 | Desktop Windows Manager Remote Code Execution Vulnerability | Important |
| Desktop Windows Manager | CVE-2025-50153 | Desktop Windows Manager Elevation of Privilege Vulnerability | Important |
| GitHub Copilot and Visual Studio | CVE-2025-53773 | GitHub Copilot and Visual Studio Remote Code Execution Vulnerability | Important |
| Graphics Kernel | CVE-2025-50176 | DirectX Graphics Kernel Remote Code Execution Vulnerability | Critical |
| Kernel Streaming WOW Thunk Service Driver | CVE-2025-53149 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
| Kernel Transaction Manager | CVE-2025-53140 | Windows Kernel Transaction Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-53142 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Dynamics 365 (on-premises) | CVE-2025-49745 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics 365 (on-premises) | CVE-2025-53728 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Important |
| Microsoft Edge for Android | CVE-2025-49755 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | Low |
| Microsoft Edge for Android | CVE-2025-49736 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | Moderate |
| Microsoft Exchange Server | CVE-2025-25005 | Microsoft Exchange Server Tampering Vulnerability | Important |
| Microsoft Exchange Server | CVE-2025-25006 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Exchange Server | CVE-2025-25007 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Exchange Server | CVE-2025-53786 | Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2025-33051 | Microsoft Exchange Server Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-49743 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-50165 | Windows Graphics Component Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-53732 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-53740 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-53731 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Excel | CVE-2025-53759 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-53737 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-53739 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-53735 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-53741 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office PowerPoint | CVE-2025-53761 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-53760 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-49712 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2025-53730 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2025-53734 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-53738 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-53736 | Microsoft Word Information Disclosure Vulnerability | Important |
| Microsoft Office Word | CVE-2025-53784 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office Word | CVE-2025-53733 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Teams | CVE-2025-53783 | Microsoft Teams Remote Code Execution Vulnerability | Important |
| Remote Access Point-to-Point Protocol (PPP) EAP-TLS | CVE-2025-50159 | Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege Vulnerability | Important |
| Remote Desktop Server | CVE-2025-50171 | Remote Desktop Spoofing Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-50167 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-53155 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-49751 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-53723 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-48807 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| SQL Server | CVE-2025-49758 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2025-24999 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2025-53727 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2025-49759 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2025-47954 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important |
| Storage Port Driver | CVE-2025-53156 | Windows Storage Port Driver Information Disclosure Vulnerability | Important |
| Web Deploy | CVE-2025-53772 | Web Deploy Remote Code Execution Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-53718 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-53134 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-49762 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-53147 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-53154 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-53137 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-53141 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2025-50170 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Connected Devices Platform Service | CVE-2025-53721 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| Windows DirectX | CVE-2025-53135 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important |
| Windows DirectX | CVE-2025-50172 | DirectX Graphics Kernel Denial of Service Vulnerability | Important |
| Windows Distributed Transaction Coordinator | CVE-2025-50166 | Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure Vulnerability | Important |
| Windows File Explorer | CVE-2025-50154 | Microsoft Windows File Explorer Spoofing Vulnerability | Important |
| Windows GDI+ | CVE-2025-53766 | GDI+ Remote Code Execution Vulnerability | Critical |
| Windows Installer | CVE-2025-50173 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Kerberos | CVE-2025-53779 | Windows Kerberos Elevation of Privilege Vulnerability | Moderate |
| Windows Kernel | CVE-2025-49761 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2025-53151 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Local Security Authority Subsystem Service (LSASS) | CVE-2025-53716 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Important |
| Windows Media | CVE-2025-53131 | Windows Media Remote Code Execution Vulnerability | Important |
| Windows Message Queuing | CVE-2025-53145 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important |
| Windows Message Queuing | CVE-2025-53143 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important |
| Windows Message Queuing | CVE-2025-50177 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Critical |
| Windows Message Queuing | CVE-2025-53144 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important |
| Windows NT OS Kernel | CVE-2025-53136 | NT OS Kernel Information Disclosure Vulnerability | Important |
| Windows NTFS | CVE-2025-50158 | Windows NTFS Information Disclosure Vulnerability | Important |
| Windows NTLM | CVE-2025-53778 | Windows NTLM Elevation of Privilege Vulnerability | Critical |
| Windows PrintWorkflowUserSvc | CVE-2025-53133 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Important |
| Windows Push Notifications | CVE-2025-53725 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | Important |
| Windows Push Notifications | CVE-2025-53724 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | Important |
| Windows Push Notifications | CVE-2025-50155 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | Important |
| Windows Push Notifications | CVE-2025-53726 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | Important |
| Windows Remote Desktop Services | CVE-2025-53722 | Windows Remote Desktop Services Denial of Service Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-50157 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-53153 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-50163 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-50162 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-50164 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-53148 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-53138 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-50156 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49757 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-53719 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-53720 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-50160 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Security App | CVE-2025-53769 | Windows Security App Spoofing Vulnerability | Important |
| Windows SMB | CVE-2025-50169 | Windows SMB Remote Code Execution Vulnerability | Important |
| Windows StateRepository API | CVE-2025-53789 | Windows StateRepository API Server file Elevation of Privilege Vulnerability | Important |
| Windows Subsystem for Linux | CVE-2025-53788 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2025-50161 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2025-53132 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – ICOMP | CVE-2025-50168 | Win32k Elevation of Privilege Vulnerability | Important |
منبع:
