Keep attempting to improve your SEO strategies.
July transformed into a surprisingly busy month for cybersecurity. It commenced slowly with a relatively ‘calm’ Patch Tuesday, as previously forecasted. Although 130 new Common Vulnerabilities and Exposures (CVEs) were addressed across all Microsoft releases, only one CVE was publicly disclosed, indicating a low risk. However, the situation escalated when two CVEs in SharePoint were reported as exploited, leading to a flurry of hotfixes towards the end of the month. The month concluded with a mix of security configuration issues related to Microsoft Exchange Server, alongside significant updates from Google and Apple, resulting in heightened activity across the board.
The Cybersecurity and Infrastructure Security Agency (CISA) flagged SharePoint flaws as Microsoft issued new fixes. It often takes multiple iterations to fully resolve a vulnerability, a lesson Microsoft learned with recent SharePoint fixes. Earlier in the year, during the Berlin Pwn2Own contest, a series of vulnerabilities known as the ‘ToolShell’ chain were exploited and subsequently patched in the July 2025 Patch Tuesday updates. Key vulnerabilities included CVE-2025-49704, a SharePoint Remote Code Execution Vulnerability, and CVE-2025-49706, a SharePoint Server Spoofing Vulnerability. Shortly after these updates, reports emerged that the fixes had been bypassed, leading to compromises in numerous organisations. On July 19th, Microsoft released a more ‘hardened’ fix addressing vulnerabilities CVE-2025-53770 and CVE-2025-53771, with separate releases for various SharePoint Server editions. Microsoft also recommended rotating the associated machine keys on impacted servers, as ransomware was reported to exploit the ToolShell attack chain. CISA included these vulnerabilities in its catalogue for immediate remediation by federal agencies, and hotfixes are anticipated to feature in the August Patch Tuesday releases.
Categories: Vulnerability Management, Software Updates, Cybersecurity Threats
Tags: July, CVEs, Microsoft, SharePoint, Vulnerability, Hotfixes, Exchange Server, Ransomware, Chromium, Apple