Microsoft Vulnerabilities – Known Exploited Vulnerabilities Catalog August 2025

by

On this page, I list the security vulnerabilities affecting Microsoft operating systems or other Microsoft software that have been recently added to the Known Exploited Vulnerabilities Catalog by CISA.

This should be a one page placeholder for all security vulnerabilities that have been found to be used in known cyber attacks. Some may have even been used in ransomware campaigns. For the month of August, the following security vulnerabilities have been added by the CISA to the KEV (Known Exploited Vulnerabilities Catalog):

CVE-2013-3893 – Internet Explorer

This is a very old vulnerability affecting Internet Explorer versions between Internet Explorer 6 and 11. Essential details of the security vulnerability are:

  • This security vulnerability impacts Internet Explorer versions between 6 and 11.
  • This is a very old vulnerability, first detected and reported in 2013. However, new exploitation attempts have been detected.
  • Microsoft released a security advisory in 2013 that covered the vulnerability and provided a fix for the said security vulnerability.
  • Microsoft’s security advisory MS13-080 can be read here.
  • CISA added this vulnerability to the KEV catalog on 12 August 2025.
  • CISA expects the systems to be retired before 2 September 2025.
  • The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

CVE-2007-0671 – Remote Code Execution – Microsoft Office

This ‘Remote Code Execution’ vulnerability affects Microsoft Office products and was first detected and reported in 2007. We look at the most essential details related to CVE-2007-0671.

  • CVE-2007-0671 was first reported in 2007.
  • The CISA added it to the KEV catalog on 12 August. The date of resolution for this vulnerability is 2 September 2025.
  • Microsoft’ security bulleting covering CVE-2007-0671 can be read here.

This vulnerability affects the following versions of Microsoft Office:

  • Microsoft Office 2000 Service Pack 3
  • Microsoft Office XP Service Pack 3
  • Microsoft Office 2003 Service Pack 2
  • Microsoft Office 2004 for Mac
  • Microsoft Visio 2002 Service Pack 2
  • Microsoft Project 2002 Service Pack 1
  • Microsoft Project 2000 Service Release 1

These software were patched by Microsoft to resolve the vulnerability. However, this is a very old vulnerability. New exploitation efforts have been detected. Therefore, it looks like the mitigation against the security vulnerability is not working or effective.

So, the best recommendation is to retire these software or stop using the software before the resolution date.



Rajesh Dhawan

Simplifying technology, one step at a time.