Table of Contents
July turned into a surprisingly busy month. It started slowly with a fairly ‘calm’ Patch Tuesday as I forecasted in my last blog. Although there were 130 new CVEs addressed across all the Microsoft releases, there was only one publicly disclosed CVE, so the risk was low. But a short time later, two CVEs in SharePoint were reported exploited, and the month started to heat up with hotfixes near the end of the month. Mix in some security configuration issues with Microsoft Exchange Server and some major updates from Google and Apple, and the month ended with lots of activity.
It can take a few iterations to completely fix a vulnerability. Microsoft found this out with a recent round of SharePoint vulnerability fixes. Earlier this year in the Berlin Pwn2Own contest, a series of vulnerabilities called the ‘ToolShell’ chain were exploited and subsequently fixed in the Microsoft July 2025 Patch Tuesday updates. The key vulnerabilities a CVE-2025-49704 SharePoint Remote Code Execution Vulnerability and CVE-2025-49706 SharePoint Server Spoofing Vulnerability.
Not long after this release, Microsoft, Google, and others reported these fixes had been bypassed and many organizations had been compromised. On July 19th Microsoft released an update with a more ‘hardened’ fix with associated vulnerabilities CVE-2025-53770 and CVE-2025-53771. There are separate releases for Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Server 2019 and Microsoft SharePoint Enterprise Server 2016. In addition to applying the updates, Microsoft recommends you rotate the associated machine keys on the impacted servers.
There is reported ransomware that is taking advantage of this ToolShell attack chain and CISA has included them in their catalog of exploited vulnerabilities for immediate fix by federal agencies. Anticipate these hotfixes will be included in the August Patch Tuesday releases as well.
Zero-Day in Chromium, dozens of Apple CVEs fixed in latest releases
Microsoft issued CVE-2025-53786 to address security issues with respect to Microsoft Exchange Server in hybrid environments. This CVE ties together the April update and security hotfix with a series of instructions on securing on-premise Microsoft Exchange Server and Exchange Online. They share credentials and data such as calendars, email contact lists, etc. which can lead to compromise with little logging to show what happened. This Exchange Server blog, provides extensive details on the upcoming EOL of Exchange products as well as migration options to a more secure configuration.
There are a few other major non-Microsoft updates to be aware of since last July 2025 Patch Tuesday. Google continues with weekly updates to the Chromium browser with a release on July 16th to address several vulnerabilities including zero-day CVE-2025-6558. This vulnerability allowed a remote attacker to potentially perform a sandbox escape. Apple also released a series of major updates for its operating systems and applications. Of note, from these updates include Ventura 13.7.7 with 41 CVEs, Sonoma 14.7.7 with 50 CVEs, Sequioa 15.6 with 89 CVEs, and Safari for Ventura and Sonoma with 17 CVEs fixed.
August Patch Tuesday forecast
- We know SharePoint will receive some important updates this month and don’t forget there is more to do than just applying the updates and walking away – you need to consider updating your machine keys. Expect all the usual OS and app updates, but it’s been a while so may see a security fix in.NET framework or maybe SQL Server this month.
- Adobe continues with a steady stream of updates for the Creative Cloud suite of products so expect more this month with maybe Photoshop being the focus.
- Apple released their major updates on July 29th, and since we haven’t heard of any major issues, we should have a break for another month or two. Just make sure you have all the latest updates deployed.
- Google releases Chrome updates almost every Patch Tuesday but be aware they are often seen late in the day.
- The last set of security releases from Mozilla was July 22nd, so we are due for the Firefox and Thunderbird updates along with their ESR versions.
Fixing vulnerabilities in software can often seem like plugging holes in a dam – just when you get one fixed, another leak appears. Microsoft found that out with these recent SharePoint vulnerabilities, but we’ve seen it before (remember Print NightMare) and we’ll see it again. Let’s just hope this time they don’t need to try, try, again.
