Microsoft has flushed out a hundred flaws within Windows. Among them, a Zero Day fault in the Kerberos safety protocol allows an authenticated pirate to obtain full powers on a business network. The publisher has corrected all these vulnerabilities in the context of his Tuesday patch.
True to his habits, Microsoft has just published his Patch Tuesday For the month of August 2025. After having corrected 137 vulnerabilities in the Windows code last month, Microsoft tackles 107 other flaws in its operating system. We find in particular thirteen vulnerabilities considered to be critical, which in particular allow to execute malicious remote code on a computer. Some of the breaches can also lead to data leaks or the elevation of privileges.
As tenable explains to us, the faults discovered after a system has already been hacked increase, while those allowing to execute directly the malicious code decrease. For the second month in a row, the majority of corrected faults concern the elevation of privileges, that is to say when a hacker already present on a system obtains more rights than expected. They represent 39.3 % of vulnerabilities corrected in August, compared to 41.4 % in July.
Above all, Microsoft indicates that it has flushed and corrected A flaw considered as Zero Day. For Microsoft, a Zero Day flaw is a vulnerability that has been made public or has already been used before the provision of an official fix.
Read also: Microsoft Defender Vulnerable – Pirates deceive the Windows Antivirus to deploy Ransomware Akira
A flaw in a Windows security protocol
Vulnerability is in Windows Kerberosa safety protocol used by the operating system in business networks to check the identity of a user or computer. A fault, discovered last May by researcher Yuval Gordon of Akamai, allows an attacker to obtain domain administrator privileges.
In other words, the attacker grants himself Almost all rights on the network. It can therefore create, modify or delete any user or group account, access all files and all folders, even those protected, install software on all computers in the domain, change the network security configuration, and take total control of servers.
This is a so -called crossing of the relative paths (relative path traversal), which leaves a Attacking accessing files or resources outside the planned location, playing on how the access paths are treated by the system. To exploit this breach, the attacker must already have an authenticated account on the network. This is why Microsoft believes that the probability of an exploitation remains limited. Nothing indicates that the flaw was actively exploited by cybercriminals.
We nevertheless recommend that you install the Tuesday patch on your Windows computer. Open them Parameters of your PC, go to Update and securitythen in Windows Update click on Search for updates. If updates are already available, they will download and settle automatically on your PC.
🔴 To not miss any 01net news, follow us on Google News and Whatsapp.
Source :
Microsoft