Security Update Overview for Microsoft and Adobe's July 2025 Patch Tuesday
In the tech world, July 2025 saw a significant wave of security updates from both Microsoft and Adobe.
Microsoft's July Patch Tuesday addressed a total of 140 vulnerabilities, with 14 classified as critical and 115 as important. Among the critical vulnerabilities, some notable ones include the AMD Transient Scheduler Attack in L1 Data Queue, the Microsoft SQL Server Remote Code Execution Vulnerability, the Windows KDC Proxy Service Remote Code Execution Vulnerability, and the Microsoft SharePoint Remote Code Execution Vulnerability.
One of the critical vulnerabilities addressed was CVE-2025-49724, a remote code execution vulnerability in the Windows Connected Devices Platform Service. This vulnerability could potentially allow an attacker to take control of a system remotely.
Another critical vulnerability, CVE-2025-48800, CVE-2025-48804, and CVE-2025-48818, are security feature bypass vulnerabilities in BitLocker. These vulnerabilities could potentially allow an attacker to bypass BitLocker's protections, putting encrypted data at risk.
CVE-2025-49744 is an elevation of privilege vulnerability in the Windows Graphics Component, while CVE-2025-49701 is a remote code execution vulnerability in Microsoft SharePoint. CVE-2025-47978 is a security feature bypass vulnerability in Windows Kerberos, and CVE-2025-48799 is an elevation of privilege vulnerability in the Windows Update Service.
In addition to these, vulnerabilities were addressed in various Microsoft products such as Windows Kernel, Remote Desktop Client, Windows Visual Basic Scripting, Microsoft Intune, Windows Routing and Remote Access Service (RRAS), Windows Hyper-V, and more.
Notably, one zero-day vulnerability was addressed in Microsoft Edge (Chromium-based).
Meanwhile, Adobe released 13 security advisories to address 60 vulnerabilities in various Adobe products. These include Adobe After Effects, Substance 3D Viewer, Adobe ColdFusion, Adobe Experience Manager Screens, Adobe Experience Manager Forms, Adobe FrameMaker, Adobe Illustrator, Substance 3D Stager, Adobe Dimension, Adobe Connect, Adobe InDesign, Adobe InCopy, and Adobe Audition.
However, it's worth noting that there are no search results providing the list of CVE numbers recommended by Qualys as the first mitigation measure for Microsoft security updates issued in July 2025.
These updates serve as a reminder for users to keep their systems and software up-to-date to ensure the highest level of security. As always, it's crucial to install these updates as soon as they become available.
