Update on July Software Updates
Microsoft has released its July 2025 Patch Tuesday updates, addressing a total of 128 vulnerabilities across its products. This is a significant increase compared to the average of 100 vulnerabilities patched each month since July 2017.
Critical Vulnerabilities and Affected Services
The highest-rated vulnerability this month is CVE-2025-47981, a remote code execution (RCE) flaw in SPNEGO Extended Negotiation. This vulnerability, which allows an unauthorized attacker to execute code over a network, affects Windows versions beyond 1607 due to a specific group policy object being enabled by default.
Another critical RCE vulnerability, CVE-2025-49701, is found in Microsoft Office SharePoint. This vulnerability requires prior authentication to a vulnerable SharePoint Server and could potentially allow an authorized attacker to execute code over a network.
Elevation of Privilege and Remote Code Execution
Elevation of Privilege (EoP) vulnerabilities account for 41.4% of the vulnerabilities patched this month, followed by Remote Code Execution (RCE) vulnerabilities at 31.3%. Notable EoP vulnerabilities include CVE-2025-49695, a use after free in Microsoft Office that allows an unauthorized attacker to execute code locally, and CVE-2025-49735, a use after free in Windows KDC Proxy Service (KPSSVC) that allows an unauthorized attacker to execute code over a network.
SharePoint Flaws and Other Noteworthy Vulnerabilities
SharePoint continues to be a hot target, with two new remote code execution bugs (CVE-2025-49701 and CVE-2025-49704) requiring prior authentication to a vulnerable SharePoint Server. Other noteworthy vulnerabilities include CVE-2025-49719, an information disclosure bug in SQL Server, which was disclosed publicly prior to being patched, and CVE-2025-49724, a use after free in Windows Connected Devices Platform Service that allows an unauthorized attacker to execute code over a network.
No Active Exploitation Reported
According to Brian Donohue, Principal Security Researcher at Red Canary, none of the patched vulnerabilities appear to have been exploited actively in the wild. However, it's important to note that the 11-month streak of patching at least one zero day that was exploited in the wild has ended this month.
Omitted Vulnerabilities and Indicators of Compromise
Tenable's Satnam Narang, sr. staff research engineer, has noted that the release omitted nine vulnerabilities reported by AMD and MITRE. Organizations should not only apply the available patches for CitrixBleed 2, but also review log files for known indicators of compromise and invalidate session tokens promptly.
In summary, Microsoft's July 2025 Patch Tuesday addresses a significant number of critical vulnerabilities, with a focus on SharePoint and remote code execution flaws. While no active exploitation has been reported, it's crucial for organizations to apply these patches and remain vigilant in their cybersecurity practices.
