In July 2025, Microsoft Patch provided the largest batch of security fixes, addressing around 137 vulnerabilities in months across its product ecosystem. This included one zero-day in SQL server and 14 critical flaws and was disclosed publicly. This is seen to be a massive update approximately double of June’s total and comes as Google simultaneous patches with a critical zero-day in chrome which is being actively exploited. The Microsoft patch along with the simultaneous exploitation of the vulnerabilities in Chrome is a mark of a challenging week for IT security teams across nations.
Microsoft’s Massive Security Update
Microsoft’s July patch is one of the most significant security releases of the year. The 137 vulnerabilities with 53 elevations are across multiple product lines. This is followed by 41 remote code execution flaws and disclosure issues with 18 information.
The zero-day, CVE-2025-49719 which was publicly disclosed affects Microsoft SQL server paving for unauthenticated attackers to breach the network and its uninitialized memory. This public disclosure raises significant concerns over the claims by the Microsoft of exploitation as ‘unlikely’ considering that there is a circulating proof-of-concept.
Critical vulnerabilities included:
- CVE-2025-47981: Windows SPNEGO Extended Negotiation Heap Based Buffer Overflow with a CVSS score of 9.8 (execution) attack vector of remote without user interaction
- CVE-2025-49704: The attack code uses the valid credentials to run a remote code execution vulnerability in SharePoint
- Several Office RCE vulnerabilities (CVE-2025-49695, CVE-2025-49696
- However, CVE-2025-49697, CVE-2025-49702) remains unpatched that can be exploited through Preview Pane
Chrome Zero-Day Under Active Attack
Google has published out-of-band updates to address a critical type of confusion vulnerability (CVE-2025-6554) in its Chrome web browser that it says is being actively exploited in the wild against Windows, macOS, and Linux users. This is the fourth zero-day Chrome bug found by Google’s Threat Analysis Group.
The defect enables an attacker to carry out arbitrary read and write operations via a maliciously crafted HTML page, which ultimately might result in complete remote code execution. Security experts suspect that nation-state actors could be using the flaw for surveillance purposes.
- Windows: Prior to 138.0.7204.96/.97
- macOS: Prior to 138.0.7204.92/.93
- Linux: Prior to 138.0.7204.96
Why This Matters
Microsoft’s largest Patch release with an exploited Chrome zero-day created havoc in the security teams discovered by the Google’s threat analysis group. It posed a dual challenge to the organisations to deploy critical patches with simultaneously managing disruptions in the regular business operations.
Key risk factors include:
- Major vulnerabilities in widely used software create imminent risks showcasing supply chain exposures.
- The Chrome zero-day is already being used as an active exploitation in the real world.
- The volume of fixes may lead to prioritization challenges.
What Organizations Should Do
Immediate Actions:
- Patch Chrome immediately across all systems to address CVE-2025-6554.
- Prioritize SQL Server updates for the publicly disclosed zero-day (CVE-2025-49719).
- Focus on critical RCE flaws in Office and SharePoint.
- Test and deploy Windows updates following the changes in the management procedures.
Strategic Considerations:
- Implement automated patching for browsers to reduce exposure windows.
- Enhance monitoring for SQL Server environments and unusual database activity.
- Review incident response plans given the increased threat landscape.
- Consider browser isolation for high-risk users.
News for the Week
SafePay Ransomware Disrupts Global IT Supply Chain
On 3rd July, global IT distributor Ingram Micro confirmed that there was a Safepay ransomware attack which led to the shutdown of certain critical system, including its AI powered Xvantage platform and impulse licensing system. The attacks primary target was Global protect VPN infrastructure, which disrupted operations for the thousands of downstream partners worldwide. In recent times SafePay has emerged as one of the active groups of ransomwares.
Bitcoin Depot Breach Exposes 27,000 Crypto Users
Cryptocurrency ATM operator Bitcoin depot disclosed that there was a breach affecting 26,732 customers and the attack had exposed sensitive information such as name, phone number, driver’s license number and address. Though the breach had occurred on June 23, 2024, the notification was delayed till July 2025 as a federal investigation was ongoing.
Microsoft Outlook Suffers Major Global Outage
On July 9th, 2025, there was a significant outage for hours, which affected millions of users worldwide. The disruption began at 22:20 UTC on July 9th and impacted all services related to Outlook Mobile and desktop. Microsoft attributed the outage towards inefficient mailbox infrastructure. Services were restored for most users 19:21 GMT in July. The incident raised concerns in regard to cloud service and their reliability and business continuity planning.
Source: https://www.computerworld.com/article/4020870/microsofts-19-hour-outlook-outage-exposes-fragility-in-cloud-infrastructure.html#:~:text=The%20incident%2C%20which%20lasted%20for,fully%20saturated%20all%20affected%20infrastructure.
