Microsoft security alert.
August 12, 2025
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 98 vulnerabilities that were fixed in 12 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 12 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Office Security Update for August 2025
- Severity
- Critical 4
- Qualys ID
- 110503
- Vendor Reference
- KB5002752, KB5002756, KB5002758, KB5002763, KB5002765, Office Click-2-Run and Office 365 Release Notes, Office Release Notes for Mac
- CVE Reference
- CVE-2025-53730, CVE-2025-53731, CVE-2025-53733, CVE-2025-53734, CVE-2025-53735, CVE-2025-53736, CVE-2025-53737, CVE-2025-53738, CVE-2025-53739, CVE-2025-53740, CVE-2025-53741, CVE-2025-53759, CVE-2025-53761, CVE-2025-53784
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released the August 2025 Office Security Updates addressing vulnerabilities related to Remote Code Execution and Information Disclosure.
This security update contains the following:
KB5002752
KB5002756
KB5002758
KB5002765
KB5002763
Office Click-2-Run and Office 365 Release Notes and
Office Release Notes for MacQID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.
Operating System: MacOS
This QID checks for the vulnerable versions of affected Office Applications.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
- If left unpatched, the addressed vulnerabilities could allow attackers to execute arbitrary code or access sensitive information on affected systems.
- Solution
-
Customers are advised to refer to these Article(s):
CVE-2025-53730, CVE-2025-53731, CVE-2025-53733, CVE-2025-53734, CVE-2025-53735, CVE-2025-53736, CVE-2025-53737, CVE-2025-53738, CVE-2025-53739, CVE-2025-53740, CVE-2025-53741, CVE-2025-53759, CVE-2025-53761, and CVE-2025-53784 for more information regarding these vulnerabilities.Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-53730
CVE-2025-53731
CVE-2025-53733
CVE-2025-53734
CVE-2025-53735
CVE-2025-53736
CVE-2025-53737
CVE-2025-53738
CVE-2025-53739
CVE-2025-53740
CVE-2025-53741
CVE-2025-53759
CVE-2025-53761
CVE-2025-53784
-
Microsoft SharePoint Server Security Update for August 2025
- Severity
- Urgent 5
- Qualys ID
- 110504
- Vendor Reference
- KB5002769, KB5002770, KB5002771, KB5002772, KB5002773
- CVE Reference
- CVE-2025-49712, CVE-2025-53733, CVE-2025-53736, CVE-2025-53760
- CVSS Scores
- Base 10 / Temporal 7.4
- Description
-
Microsoft has released the August 2025 security updates to address vulnerabilities in SharePoint Server versions 2016, 2019, and SharePoint Subscription Edition, including issues related to Information Disclosure, Remote Code Execution, and Elevation of Privilege.
This security update contains the following KBs:
QID Detection Logic (Authenticated):
KB5002769
KB5002770
KB5002771
KB5002772
KB5002773
Operating System: Windows
The detection extracts the Install Path for Microsoft Sharepoint via the Windows Registry and flags the QID based on Vulnerable File Version. - Consequence
- If these vulnerabilities remain unpatched, attackers may exploit them to gain unauthorized access to sensitive information, execute arbitrary code remotely, or elevate privileges within the SharePoint environment.
- Solution
-
Customers are advised to refer to the below Article:
CVE-2025-49712,
CVE-2025-53733,
CVE-2025-53736, and
CVE-2025-53760for more information regarding the vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-49712
CVE-2025-53733
CVE-2025-53736
CVE-2025-53760
-
Microsoft SQL Server Elevation of Privilege Vulnerability for August 2025
- Severity
- Critical 4
- Qualys ID
- 384351
- Vendor Reference
- CVE-2025-24999, CVE-2025-47954, CVE-2025-49758, CVE-2025-49759, CVE-2025-53727
- CVE Reference
- CVE-2025-24999, CVE-2025-47954, CVE-2025-49758, CVE-2025-49759, CVE-2025-53727
- CVSS Scores
- Base 5.1 / Temporal 3.8
- Description
-
Microsoft has released a security update to address Remote code execution, Information disclosure, and Privilege escalation vulnerabilities in SQL Server.
Affected Software:
Microsoft SQL Server 2022 for x64-based Systems (CU 20)
Microsoft SQL Server 2019 for x64-based Systems (CU 32)
Microsoft SQL Server 2022 for x64-based Systems (GDR)
Microsoft SQL Server 2017 for x64-based Systems (CU 31)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2017 for x64-based Systems (GDR)
QID Detection Logic (Authenticated):
On Windows, this QID checks for the vulnerable version of SQL server via the registry keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft SQL Server and HKEY_LOCAL_MACHINE\WOW6432Node\SOFTWARE\Microsoft SQL Server and the related sub keys for SQL server.
- Consequence
-
Successful exploitation may allow an authorized attacker to elevate privileges over a network.
- Solution
-
Refer to,
CVE-2025-24999
CVE-2025-47954
CVE-2025-49758
CVE-2025-49759
CVE-2025-53727
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-24999
CVE-2025-47954
CVE-2025-49758
CVE-2025-49759
CVE-2025-53727
-
Microsoft Teams Remote Code Execution (RCE) Vulnerability for August 2025
- Severity
- Critical 4
- Qualys ID
- 384352
- Vendor Reference
- CVE-2025-53783
- CVE Reference
- CVE-2025-53783
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft Teams is a proprietary business communication platform and primarily competes with the similar service Slack, offering workspace chat and videoconferencing, file storage, and application integration.
Affected Versions:
Microsoft Teams for Desktop Versions Prior to Build 25122.1415.3698.6812
Microsoft Teams for Mac Versions Prior to Build 25122.1207.3700.1444QID Detection Logic (Auth):
QID checks for the vulnerable version of Teams. - Consequence
-
Successful exploitation may allow an unauthorized attacker to execute code over a network.
- Solution
-
The vendor has addressed this vulnerability in Microsoft Teams
For more information, please visit CVE-2025-53783Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-53783
-
Microsoft Exchange Server Security Update for August 2025
- Severity
- Critical 4
- Qualys ID
- 50142
- Vendor Reference
- CVE-2025-25005, CVE-2025-25006, CVE-2025-25007, CVE-2025-33051, CVE-2025-53786
- CVE Reference
- CVE-2025-25005, CVE-2025-25006, CVE-2025-25007, CVE-2025-33051, CVE-2025-53786
- CVSS Scores
- Base 7.5 / Temporal 5.5
- Description
-
Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems.
These vulnerabilities affect Exchange Server. A new feature was implemented to detect non-RFC 5322 compliant P2 FROM headers in incoming email messages.
Affected Software:
Exchange Server 2019
Exchange Server 2016QID Detection Logic: (Authenticated)
This QID detects vulnerable versions of Microsoft Exchange Server by retrieving the file version of Exsetup.exe.QID Detection Logic: (Unauthenticated)
This QID sends a HTTP GET request to "/owa" endpoint to detect vulnerable versions of Microsoft Exchange Server. - Consequence
-
Successful exploitation of this vulnerability allows an unauthenticated, remote attacker to forge email messages and conduct phishing or impersonation attacks against a targeted user.
- Solution
-
Customers are advised to refer to CVE-2025-25007,CVE-2025-25006,CVE-2025-25005, CVE-2025-33051 and CVE-2025-53786 for more details pertaining to this update.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
5063221
5063222
5063223
5063224
-
Microsoft Dynamics 365 (On-Premises) Multiple Security Vulnerabilities for August 2025
- Severity
- Critical 4
- Qualys ID
- 92292
- Vendor Reference
- CVE-2025-49745, CVE-2025-53728
- CVE Reference
- CVE-2025-49745, CVE-2025-53728
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft Dynamics 365 is a product line of enterprise resource planning and customer relationship management intelligent business applications.
Microsoft Dynamics 365 (On-Premises) contains the following vulnerabilities:
CVE-2025-53728 - Exposure of sensitive information to an unauthorized actor allows an unauthorized attacker to disclose information over a network.
CVE-2025-49745 - Improper neutralization of input during web page generation aka cross-site scripting, allows an unauthorized attacker to perform spoofing over a network.Affected Software:
Microsoft Dynamics CRM (on-premises) version 9.1QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe - Consequence
-
Depending on the vulnerability being exploited, a remote attacker could gain access to sensitive information or conduct cross-site scripting attacks on a targeted system.
- Solution
-
Customers are advised to refer to refer to CVE-2025-53728, CVE-2025-49745 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
5059086
5064483
-
Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability for August 2025
- Severity
- Serious 3
- Qualys ID
- 92293
- Vendor Reference
- CVE-2025-53788
- CVE Reference
- CVE-2025-53788
- CVSS Scores
- Base 6 / Temporal 4.4
- Description
-
An Elevation of Privilege Vulnerability exists in Windows Subsystem for Linux (WSL2).
Affected Versions:
Windows Subsystem for Linux (WSL2) version before 2.5.10Detection Logic (Windows):
This QID checks for the Windows Subsystem for Linux via the Uninstall Registry Keys. - Consequence
-
An attacker who successfully exploits this vulnerability could gain SYSTEM privileges.
- Solution
-
Customers are advised to refer to CVE-2025-53788 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-53788
-
Microsoft Windows Security Update for August 2025
- Severity
- Urgent 5
- Qualys ID
- 92295
- Vendor Reference
- KB5062552, KB5062553, KB5062554, KB5062557, KB5062560, KB5062561, KB5063709, KB5063871, KB5063875, KB5063877, KB5063878, KB5063889, KB5064010
- CVE Reference
- CVE-2025-48807, CVE-2025-49743, CVE-2025-49751, CVE-2025-49761, CVE-2025-49762, CVE-2025-50153, CVE-2025-50154, CVE-2025-50155, CVE-2025-50158, CVE-2025-50159, CVE-2025-50161, CVE-2025-50165, CVE-2025-50166, CVE-2025-50167, CVE-2025-50168, CVE-2025-50169, CVE-2025-50170, CVE-2025-50172, CVE-2025-50173, CVE-2025-50176, CVE-2025-50177, CVE-2025-53131, CVE-2025-53132, CVE-2025-53133, CVE-2025-53134, CVE-2025-53135, CVE-2025-53136, CVE-2025-53137, CVE-2025-53140, CVE-2025-53141, CVE-2025-53142, CVE-2025-53143, CVE-2025-53144, CVE-2025-53145, CVE-2025-53147, CVE-2025-53149, CVE-2025-53151, CVE-2025-53152, CVE-2025-53154, CVE-2025-53155, CVE-2025-53156, CVE-2025-53716, CVE-2025-53718, CVE-2025-53721, CVE-2025-53722, CVE-2025-53723, CVE-2025-53724, CVE-2025-53725, CVE-2025-53726, CVE-2025-53766, CVE-2025-53778, CVE-2025-53789
- CVSS Scores
- Base 5.4 / Temporal 4.2
- Description
-
Microsoft Windows Security Update for August 2025
Microsoft Windows Security Update for August 2025
KB5063709
KB5063875
KB5063877
KB5064010
KB5063878
KB5063889
KB5063871
QID Detection Logic (Authenticated):This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Customers are advised to refer following articles for more information on the vulnerabilities and patches.
Microsoft Windows Security Update for August 2025KB5063709
KB5063875
KB5063877
KB5064010
KB5063878
KB5063889
KB5063871
QID Detection Logic (Authenticated):This QID checks for the file version of 'ntoskrnl.exe'.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5063709
KB5063871
KB5063875
KB5063877
KB5063878
KB5063889
KB5064010
-
Microsoft Azure File Sync Elevation of Privilege Vulnerability for August 2025
- Severity
- Critical 4
- Qualys ID
- 92296
- Vendor Reference
- CVE-2025-53729
- CVE Reference
- CVE-2025-53729
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Azure File Sync enables you to centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of a Windows file server.
Affected : Azure File Sync from v18.0 prior to 18.3.0.0
Azure File Sync from v19.0 prior to 19.2.0.0
Azure File Sync from v20.0 prior to 20.1.0.0
Azure File Sync from v21.0 prior to 21.1.0.0.QID Detection Logic (Authenticated):
This QID checks for the file version of FileSyncSvc.exe. - Consequence
-
An attacker who successfully exploits this vulnerability could gain SYSTEM privileges.
- Solution
-
Customers are advised to refer to CVE-2025-53729 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-53729
-
Microsoft Windows Server Security Update for August 2025
- Severity
- Urgent 5
- Qualys ID
- 92297
- Vendor Reference
- KB5062553, KB5062557, KB5062570, KB5062572, KB5062592, KB5062597, KB5062618, KB5062619, KB5062632, KB5063871, KB5063877, KB5063878, KB5063880, KB5063888, KB5063899, KB5063906, KB5063927, KB5063947, KB5063950, KB5064010
- CVE Reference
- CVE-2025-48807, CVE-2025-49743, CVE-2025-49751, CVE-2025-49757, CVE-2025-49761, CVE-2025-49762, CVE-2025-50153, CVE-2025-50154, CVE-2025-50155, CVE-2025-50156, CVE-2025-50157, CVE-2025-50158, CVE-2025-50159, CVE-2025-50160, CVE-2025-50161, CVE-2025-50162, CVE-2025-50163, CVE-2025-50164, CVE-2025-50165, CVE-2025-50166, CVE-2025-50167, CVE-2025-50168, CVE-2025-50169, CVE-2025-50170, CVE-2025-50172, CVE-2025-50173, CVE-2025-50176, CVE-2025-50177, CVE-2025-53131, CVE-2025-53132, CVE-2025-53133, CVE-2025-53134, CVE-2025-53135, CVE-2025-53136, CVE-2025-53137, CVE-2025-53138, CVE-2025-53140, CVE-2025-53141, CVE-2025-53142, CVE-2025-53143, CVE-2025-53144, CVE-2025-53145, CVE-2025-53147, CVE-2025-53148, CVE-2025-53149, CVE-2025-53151, CVE-2025-53152, CVE-2025-53153, CVE-2025-53154, CVE-2025-53155, CVE-2025-53156, CVE-2025-53716, CVE-2025-53718, CVE-2025-53719, CVE-2025-53720, CVE-2025-53721, CVE-2025-53722, CVE-2025-53723, CVE-2025-53724, CVE-2025-53725, CVE-2025-53726, CVE-2025-53766, CVE-2025-53778, CVE-2025-53779, CVE-2025-53789
- CVSS Scores
- Base 5.4 / Temporal 4.2
- Description
-
Microsoft Windows Security Update for August 2025
KB5063888
KB5063948
KB5063899
KB5063880
KB5063812
KB5063877
KB5063950
KB5063878
KB5064010
KB5063871
KB5063906
KB5063947
KB5063927
QID Detection Logic (Authenticated):This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Customers are advised to refer following articles for more information on the vulnerabilities and patches.
Microsoft Windows Security Update for August 2025KB5063888
KB5063948
KB5063899
KB5063880
KB5063812
KB5063877
KB5063950
KB5063878
KB5064010
KB5063871
KB5063906
KB5063947
KB5063927
QID Detection Logic (Authenticated):This QID checks for the file version of 'ntoskrnl.exe'.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5063871
KB5063877
KB5063878
KB5063880
KB5063888
KB5063899
KB5063906
KB5063927
KB5063947
KB5063950
KB5064010
-
Microsoft Visual Studio Security Update for August 2025
- Severity
- Critical 4
- Qualys ID
- 92298
- Vendor Reference
- CVE-2025-53773
- CVE Reference
- CVE-2025-53773
- CVSS Scores
- Base 5.4 / Temporal 4.3
- Description
-
Microsoft Visual Studio Security Update for August 2025
Affected Versions:
Microsoft Visual Studio 2022 Version 17.14 prior to 17.14.12
QID Detection Logic (Authenticated):
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key 'HKLM\SOFTWARE\Microsoft' and file 'devenv.exe' version to check the version of the Visual Studio. - Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Customers are advised to refer following articles for more information on the vulnerabilities and patches.
CVE-2025-53773
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-53773
-
Microsoft Windows Remote Desktop Services Spoofing Vulnerability for August 2025
- Severity
- Urgent 5
- Qualys ID
- 92299
- Vendor Reference
- CVE-2025-50171
- CVE Reference
- CVE-2025-50171
- CVSS Scores
- Base 6.4 / Temporal 4.7
- Description
-
Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.
Affected Version
Affects Windows Server 2025 and 2022QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'. Also, it checks if Remote Desktop Service exist on the machine. - Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity and confidentiality.
- Solution
-
Customers are advised to refer following articles for more information on the vulnerabilities and patches.
KB5063878
KB5063899
KB5063880
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5063878
KB5063880
KB5063899
These new vulnerability checks are included in Qualys vulnerability signature 2.6.393-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110503
- 110504
- 384351
- 384352
- 50142
- 92292
- 92293
- 92295
- 92296
- 92297
- 92298
- 92299
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.