1.0 Introduction
Recently, Microsoft has released security updates to address multiple vulnerabilities in its products including a publicly disclosed zero-day vulnerability.
2.0 Impact
These vulnerabilities allow an authenticated attacker to gain domain administrator privileges over a network and by exploiting these vulnerabilities could result in unauthorized access, code execution, privilege escalation, or disruption of services depending on the affected component.
3.0 Affected Products
Zero-Day Vulnerability:
- CVE-2025-53779 (High) – Windows Kerberos Elevation of Privilege Vulnerability
Critical Vulnerabilities:
- CVE-2025-53767 – Azure OpenAI
- CVE-2025-50165 – Microsoft Graphics Component
- CVE-2025-53766 – Windows GDI+
- CVE-2025-50171 – Remote Desktop Server
- CVE-2025-53792 – Azure Portal
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the Microsoft MSRC Security Update Guide and apply the necessary updates.
Kindly refer to the following URL: https://msrc.microsoft.com/update-guide/releaseNote/2025-Aug
Generally, we advise users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web: https://www.cybersecurity.my
5.0 References