Source URL: https://blog.talosintelligence.com/microsoft-patch-tuesday-july-2025/
Source: Cisco Talos Blog
Title: Microsoft Patch Tuesday for July 2025 — Snort rules and prominent vulnerabilities
Feedly Summary: Microsoft has released its monthly security update for July 2025, which includes 132 vulnerabilities affecting a range of products, including 14 that Microsoft marked as “critical.”
AI Summary and Description: Yes
**Summary:** The text discusses Microsoft’s July 2025 security update, revealing numerous vulnerabilities across various products, including critical remote code execution (RCE) vulnerabilities. The report highlights specific CVEs, their severity scores, and the complexity of potential exploits, along with Cisco Talos’ response through new Snort rulesets for enhanced detection of these vulnerabilities.
**Detailed Description:**
The July 2025 security update from Microsoft includes crucial information for security and compliance professionals, particularly regarding vulnerabilities that could significantly impact enterprise environments. The key points from the update include:
– **Total Vulnerabilities**: 132 vulnerabilities were disclosed, of which 14 were categorized as “critical.”
– **Exploitation Status**: None of the reported vulnerabilities were actively exploited in the wild at the time of the report.
– **Critical Vulnerabilities Overview**:
– **CVE-2025-49735**: Remote Code Execution (RCE) vulnerability in Windows KDC Proxy Service (CVSS 3.1 score: 8.1). Exploitation requires an unauthenticated attacker to exploit a cryptographic protocol issue, noting that this affects servers configured as KDC Proxy Protocol servers only.
– **CVE-2025-49704**: RCE in Microsoft SharePoint Server (CVSS 3.1 score: 7.7) due to improper code generation control, which allows somewhat privileged attackers to execute arbitrary code remotely with low attack complexity.
– **Multiple vulnerabilities in Microsoft Office (CVE-2025-49695 to CVE-2025-49703)**: These vulnerabilities mainly focus on code access issues and include “use after free” scenarios, indicating varying levels of attack complexity and likelihood of exploitation.
– **CVE-2025-48822**: RCE vulnerability in Windows Hyper-V (CVSS 3.1 score: 8.6) which allows unauthorized exploitation but is assessed to be less likely.
– **CVE-2025-47981**: Critical RCE vulnerability (CVSS 3.1 score: 9.8) affecting Windows 10 clients that allows network-based code execution.
– **CVE-2025-49717**: RCE in Microsoft SQL Server (CVSS 3.1 score: 8.5) with low likelihood of exploitation.
– **CVE-2025-47980**: Information disclosure vulnerability assessed with low complexity and likelihood.
– **Cisco Talos’ Response**:
– Talos announces the release of a new Snort ruleset to detect exploitation attempts based on the disclosed vulnerabilities.
– Customers are encouraged to update their Snort rulesets to benefit from the latest protections against these vulnerabilities.
– **Key Snort Rules**: Several rules are specified for Snort 2 and 3, highlighting their purpose in detecting possible exploitation attempts on the noted vulnerabilities.
This update is particularly relevant for professionals tasked with maintaining security in Microsoft environments, as the risks posed by these vulnerabilities could lead to significant breaches if left unaddressed. The accompanying Snort rules provide a measure for enhanced security defense strategies against potential exploitation.