Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little or no help from users.
August’s patch batch from Redmond includes an update for CVE-2025-53786, a vulnerability that allows an attacker to pivot from a compromised Microsoft Exchange Server directly into an organization’s cloud environment, potentially gaining control over Exchange Online and other connected Microsoft Office 365 services. Microsoft first warned about this bug on Aug. 6, saying it affects Exchange Server 2016 and Exchange Server 2019, as well as its flagship Exchange Server Subscription Edition.
Ben McCarthy, lead cyber security engineer at Immersive, said a rough search reveals approximately 29,000 Exchange servers publicly facing on the internet that are vulnerable to this issue, with many of them likely to have even older vulnerabilities.
McCarthy said the fix for CVE-2025-53786 requires more than just installing a patch, such as following Microsoft’s manual instructions for creating a dedicated service to oversee and lock down the hybrid connection.
“In effect, this vulnerability turns a significant on-premise Exchange breach into a full-blown, difficult-to-detect cloud compromise with effectively living off the land techniques which are always harder to detect for defensive teams,” McCarthy said.
CVE-2025-53779 is a weakness in the Windows Kerberos authentication system that allows an unauthenticated attacker to gain domain administrator privileges. Microsoft credits the discovery of the flaw to Akamai researcher Yuval Gordon, who dubbed it “BadSuccessor” in a May 2025 blog post. The attack exploits a weakness in “delegated Managed Service Account” or dMSA — a feature that was introduced in Windows Server 2025.
Some of the critical flaws addressed this month with the highest severity (between 9.0 and 9.9 CVSS scores) include a remote code execution bug in the Windows GDI+ component that handles graphics rendering (CVE-2025-53766) and CVE-2025-50165, another graphics rendering weakness. Another critical patch involves CVE-2025-53733, a vulnerability in Microsoft Word that can be exploited without user interaction and triggered through the Preview Pane.
One final critical bug tackled this month deserves attention: CVE-2025-53778, a bug in Windows NTLM, a core function of how Windows systems handle network authentication. According to Microsoft, the flaw could allow an attacker with low-level network access and basic user privileges to exploit NTLM and elevate to SYSTEM-level access — the highest level of privilege in Windows. Microsoft rates the exploitation of this bug as “more likely,” although there is no evidence the vulnerability is being exploited at the moment.
Feel free to holler in the comments if you experience problems installing any of these updates. As ever, the SANS Internet Storm Center has its useful breakdown of the Microsoft patches indexed by severity and CVSS score, and AskWoody.com is keeping an eye out for Windows patches that may cause problems for enterprises and end users.
GOOD MIGRATIONS
Windows 10 users out there likely have noticed by now that Microsoft really wants you to upgrade to Windows 11. The reason is that after the Patch Tuesday on October 14, 2025, Microsoft will stop shipping free security updates for Windows 10 computers. The trouble is, many PCs running Windows 10 do not meet the hardware specifications required to install Windows 11 (or they do, but just barely).
If the experience with Windows XP is any indicator, many of these older computers will wind up in landfills or else will be left running in an unpatched state. But if your Windows 10 PC doesn’t have the hardware chops to run Windows 11 and you’d still like to get some use out of it safely, consider installing a newbie-friendly version of Linux, like Linux Mint.
Like most modern Linux versions, Mint will run on anything with a 64-bit CPU that has at least 2GB of memory, although 4GB is recommended. In other words, it will run on almost any computer produced in the last decade.
There are many versions of Linux available, but Linux Mint is likely to be the most intuitive interface for regular Windows users, and it is largely configurable without any fuss at the text-only command-line prompt. Mint and other flavors of Linux come with LibreOffice, which is an open source suite of tools that includes applications similar to Microsoft Office, and it can open, edit and save documents as Microsoft Office files.
If you’d prefer to give Linux a test drive before installing it on a Windows PC, you can always just download it to a removable USB drive. From there, reboot the computer (with the removable drive plugged in) and select the option at startup to run the operating system from the external USB drive. If you don’t see an option for that after restarting, try restarting again and hitting the F8 button, which should open a list of bootable drives. Here’s a fairly thorough tutorial that walks through exactly how to do all this.
And if this is your first time trying out Linux, relax and have fun: The nice thing about a “live” version of Linux (as it’s called when the operating system is run from a removable drive such as a CD or a USB stick) is that none of your changes persist after a reboot. Even if you somehow manage to break something, a restart will return the system back to its original state.
So far today’s OS patches have not caused a problem. But an MS Edge browser update (version 139.0.3405.86) introduces a color display bug rendering PNG files with some transparency as black color. After investigation, I find the problem is internal to the Edge browser engine and have reported it to Microsoft for resolution. e.g. This little png icon in the link should be yellow.
The source of this issue Rust-based PNG image handling library (aka crate) being incorporated into WebKit browsers that internally vectorizes all PNG graphic files. The resulting display of PNGs which were created (years ago) with more than the standard 216-color palette come out as all-black globs. So – breaking things that worked. I had to re-render hundreds of PNG files to PNG-8 to workaround this ‘progress’.
Right on!
On the six PC’s I maintain, I’ve also noticed a speed improvement using Linux, as opposed to the originally installed Windows versions (four Win 10, one v. 8.1, and one 32-bix XP machine, kept for sentiment’s sake).
All my regularly used apps (LibreOffice, Thunderbird and other native Linux version, and Windows apps such as Shotcut, PDF-XChange, Sumatra, 7-Zip and other Windows apps running in wine). Two of those machines still can dual-boot to Win 10.
Now, come October, I’ll switch to Linux only, except perhaps for tax software. (Anyone know of USA tax software running in Linux or in wine?)
You can do your taxes online.
You can also fill out paper forms and mail them in the old fashioned way, which is paradoxically, the most secure way to file and has a few other benefits.
Not when USPS workers are involved in mail theft and check washing mailed from inside the post office.
If you do them before a hacker files them online first.
This may be well hiddeen statement, but apparently there is ESU program (Extended Security Updates ) for Windows 10 consumer devices also . This enables (atleast additional 1 year) use of non-viable devices. Refer to https://support.microsoft.com/en-us/windows/windows-10-consumer-extended-security-updates-esu-program-33e17de9-36b3-43bb-874d-6c53d2e4bf42
Thought every seasoned admin canned NTLM ages ago.
very interesting
What Web browsers are available for Linux Mint?
Firefox, Google Chrome, Chromium
@ Richard Wessels -I did not know the answer so I searched it.
The answer came up that Firefox is preferred and comes per-installed, but
there are many others available. I also want to mention that I am enjoying DuckDuckGo’s A.I. feature,
which has worked well at giving the skinny on most things, although it equivocates on more subtle questions.
Straight-forward questions of fact seem to be answered concisely, but then I am not schooled in IT matters in general.
I have been happily using linux for many years and Firefox, too. For Apple users not interested in learning a lot about their OS, but only using their computer for general purposes,
linux mint provides similar functionality and more options to go as deep as you want to go into computers.
I find it weird that most people prefer to stay in MS world, others prefer Apple world, while linux is available. So I guess I am shilling for linux. Personally I see a lot of arrogance and fanboyism in most things human. It is part and parcel of our era and age, and maybe all eras of human beings. One bit of arrogance is that we all can know everything; just google it. Before A.I. became a feature of search, search results seemed somewhat arbitrary and skewed to me. Another arrogance is that search algorithms are not fully transparent, easy to determine, and/or adjusted to the users’ desires, but must remain the secret sauce of proprietary companies. If we have to be chained to only one system, in a capitalist enterprise world, why do need to be restricted to only a computer system that is based only on the profit motive ? Is that the only way to view the world ? When there is only one choice, that is not much of a choice.
Take your pick Richard;
sudo apt install firefox
sudo apt install vivaldi
sudo apt install opera
sudo apt install chromium-browser
sudo apt install brave-browser
sudo apt install falkon
sudo apt install midori
Good there – and thanks!
I love this one: “… is that none of your changes persist after a reboot.”. Like booting up the live Linux, mounting lets say some available disk and cleaning them with some “rm” instruction won’t persist.
Keep in mind, the DAU!
Linux Mint is based on either Debian or Ubuntu — and Ubuntu is based on Debian — which is to say: Mint and Ubuntu are based on Debian. There are many other variants of Linux.
A new version of Debian (Debian 13 aka ‘Trixie’) was made available this past Saturday 9 Aug 2025.
I’ve been dual-booting Debian (for the reasons mentioned in the article and some comments) for about 5 years — with an old version of Windows for off-line use.
‘For about 5 years’: then and now, Debian was one of the few versions of Linux available for 32-bit machines. For many folks, that’s irrelevant, but it weighed in my decision. I’ll add: of the three versions of Linux I’ve named — Debian, Mint, Ubuntu — Debian is IMHO the least user-friendly, but that’s just my opinion.
If you’re considering strolling down this path — Linux as an alternative to Windows — and if you’re considering a Linux version based on Debian (Debian itself or one of the many variants), BECAUSE THE CURRENT VERSION OF DEBIAN WAS RELEASED LESS THAN A WEEK AGO, I suggest waiting (perhaps a month?) for early adopters to learn some important lessons.
Me? I’m waiting (perhaps a month?) before embarking on the inevitable upgrade.
Some city halls around the world are still facing issues because of this vulnerability. Unfortunately, the lack of qualified professionals ends up making the problem worse.
https://icebergsecurity.cloud/blog/postagem/malware-rouba-dados-via-outlook/