Keep attempting to improve your SEO for the August 2025 Patch Tuesday forecast.

July transformed into a surprisingly busy month for cybersecurity. It commenced slowly with a relatively ‘calm’ Patch Tuesday, as previously forecasted. Although 130 new Common Vulnerabilities and Exposures (CVEs) were addressed across all Microsoft releases, only one CVE was publicly disclosed, indicating a low risk. However, the situation escalated when two CVEs in SharePoint were reported as exploited, leading to a flurry of hotfixes towards the end of the month. The month also saw security configuration issues with Microsoft Exchange Server, alongside significant updates from Google and Apple, culminating in a period of heightened activity.

The Cybersecurity and Infrastructure Security Agency (CISA) flagged SharePoint flaws as Microsoft issued new fixes. It often requires multiple iterations to fully resolve a vulnerability, a lesson Microsoft learned with recent SharePoint fixes. Earlier in the year, during the Berlin Pwn2Own contest, a series of vulnerabilities known as the ‘ToolShell’ chain were exploited and subsequently addressed in the July 2025 Patch Tuesday updates. Key vulnerabilities included CVE-2025-49704, a SharePoint Remote Code Execution Vulnerability, and CVE-2025-49706, a SharePoint Server Spoofing Vulnerability. Shortly after these updates, reports emerged that the fixes had been bypassed, resulting in compromises for numerous organisations. On July 19th, Microsoft released a more ‘hardened’ fix, addressing vulnerabilities CVE-2025-53770 and CVE-2025-53771. Separate releases were made for Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Server 2019, and Microsoft SharePoint Enterprise Server 2016. Microsoft also recommended rotating the associated machine keys on the impacted servers. Reports indicated that ransomware was exploiting the ToolShell attack chain, prompting CISA to include these vulnerabilities in its catalogue for immediate remediation by federal agencies. Anticipation grew that these hotfixes would be included in the August Patch Tuesday releases as well.

In addition, Microsoft issued CVE-2025-53786 to address security issues related to Microsoft Exchange Server in hybrid environments. This CVE linked the April update and security hotfix with a series of instructions for securing on-premise Microsoft Exchange Server and Exchange Online. These systems share credentials and data, such as calendars and email contact lists, which can lead to compromises with minimal logging to indicate what transpired. An Exchange Server blog provided extensive details on the upcoming end-of-life for Exchange products and migration options to a more secure configuration. Other significant non-Microsoft updates emerged since the July 2025 Patch Tuesday. Google continued its weekly updates to the Chromium browser, releasing a patch on July 16th to address several vulnerabilities, including the zero-day CVE-2025-6558, which allowed a remote attacker to potentially perform a sandbox escape. Apple also released important updates during this period. 

Categories: Cybersecurity Vulnerabilities, Software Updates, Exploitation and Mitigation 

Tags: July, CVEs, Microsoft, SharePoint, Vulnerability, Hotfixes, Exchange Server, Ransomware, Chromium, Apple