Microsoft July 2025 Patch Tuesday | Krebs on Security
July 2025 Patch Tuesday: Critical Updates Released for Windows, Microsoft Configuration Manager, and Adobe Products
Table of Contents
This month’s Patch Tuesday brings a significant wave of security updates from Microsoft and adobe, addressing a wide range of vulnerabilities. Several of teh microsoft fixes are particularly concerning due to thier ease of exploitation and potential impact.Staying on top of these updates is crucial for maintaining a secure computing environment.
Critical Microsoft Vulnerabilities Demand Immediate Attention
Microsoft has released patches for 72 vulnerabilities this month, a significant number that underscores the ongoing battle against cyber threats. Several stand out as particularly urgent.
Preview Pane Exploitation: CVE-2025-49697 & CVE-2025-49702
Two high-priority vulnerabilities, CVE-2025-49697 and CVE-2025-49702, have been identified in Microsoft Office. Microsoft rates both as having a high likelihood of exploitation. Worryingly, these vulnerabilities do not require user interaction to be triggered and can be exploited simply by viewing a malicious file in the Preview pane. This makes them especially risky, as users may be compromised without even opening a document. Prompt patching is essential to mitigate this risk.
SmartScreen Bypass & Configuration Manager RCE
Two additional high-severity bugs require immediate attention. CVE-2025-49740 (CVSS 8.8) allows malicious files to bypass Microsoft Defender SmartScreen, the built-in Windows feature designed to block untrusted downloads and malicious websites. This effectively weakens a key layer of defence against malware.
Even more concerning is CVE-2025-47178 (CVSS 8.0), a remote code execution (RCE) flaw in Microsoft Configuration Manager (ConfigMgr), a widely used enterprise tool for managing devices. Ben Hopkins of immersive highlights the severity of this vulnerability,noting it requires very low privileges to exploit - even read-only access coudl be sufficient.
Hopkins explains the potential consequences are severe: “Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries as the privileged SMS service account in Microsoft Configuration Manager. This access can be used to manipulate deployments, push malicious software or scripts to all managed devices, alter configurations, steal sensitive data, and potentially escalate to full operating system code execution across the enterprise, giving the attacker broad control over the entire IT environment.” Organizations using ConfigMgr should prioritize patching this vulnerability.
Adobe Security Updates: Protect your Creative Suite
Alongside Microsoft’s updates, adobe has released security updates for a broad range of its software, including:
After Effects
Adobe Audition
Illustrator
FrameMaker
ColdFusion
Adobe routinely addresses vulnerabilities in its creative and enterprise software. Keeping these applications up-to-date is vital for protecting your data and systems. Check the Adobe security bulletin for detailed data on each update.
Resources for Staying Informed
Navigating a large Patch Tuesday like this can be challenging. Here are some helpful resources:
Microsoft Update Guide: https://msrc.microsoft.com/update-guide/en-US – Provides detailed information on each Microsoft patch, including severity and affected products.
SANS Internet Storm Center: https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%2C%20July%202025/32088 – Offers a breakdown of each patch indexed by severity, making it easier to prioritize.
AskWoody: https://www.askwoody.com/ – A valuable resource for identifying potentially problematic Windows updates.
Protecting Your Systems: Best Practices
Whether your a home user or a system administrator, taking a proactive approach to patching is essential.
For home Users: