Microsoft patches “BadSuccessor” zero day in August updates, 13 critical flaws also fixed
Microsoft’s August 2025 Patch Wednesday delivers fixes for 107 vulnerabilities, including a publicly disclosed Kerberos flaw in Windows Server 2025 tracked as CVE-2025-53779 and nicknamed “BadSuccessor.” Thirteen issues in this release are rated critical.
“BadSuccessor” was first documented in May by Akamai researcher Yuval Gordon. The bug is a privilege escalation weakness in the Windows Server 2025 implementation of Kerberos. According to the researcher, an attacker could compromise any user in Active Directory, and building an exploit is trivial. The issue, along with a proof of concept, was reported to the Microsoft Security Response Center, which validated the finding. At the time, Microsoft assessed the case as moderate and said it did not meet the threshold for immediate servicing.
Security firms have labelled “BadSuccessor” the lone zero day in this month’s release. Rapid7 and Qualys warned that a successful attack could result in domain administrator privileges. There is no evidence of active exploitation.
Beyond Kerberos, Microsoft has fixed critical remote code execution and other high impact bugs across Windows, Microsoft Office, the Hyper V hypervisor, and the Message Queuing component.
What administrators should do now
-
Prioritise domain controllers that run Windows Server 2025. Apply the August updates as a matter of urgency.
-
Patch broadly for the 13 critical issues, including Office, Hyper V, and MSMQ.
-
Review privileged access in Active Directory. Monitor for unusual authentication behaviour while updates roll out.
-
Communicate outage windows early. Verify that endpoints and servers receive the updates, then confirm service health.
Microsoft has not provided a timeline for any further mitigations. Organisations should complete patching promptly and continue monitoring for new guidance.
Photo Credit: DepositPhotos.com