Yesterday was the second Tuesday of the month, Microsoft Patch Tuesday. The day the cyber security world thinks about Microsoft patches and vulnerabilities. But remember other vendors also release cyber security and functionality updates and patches on or around the same time – check those as well.
Our support team has been busy reviewing our client monitoring reports and the SOC to check that the Microsoft Patch Tuesday updates have been completed. Our team will also keep an eye on the reports for the next few days to check there are no issues, stagglers or absconders! It is always a busy time for us and should be for you or your IT or Cyber Security Support as well.
Here is Microsoft’s detailed page on Patch Tuesday for July 2025:
July 2025 Security Updates – Release Notes – Security Update Guide – Microsoft
Cyber security highlights
There is only one zero-day fault being patched this month, although one unpatched zero-day vulnerability is still bad.
Not sure what a zero-day vulnerability is? Have a look at this article which explains the zero-day risk to your organisation:
What are zero-day vulnerabilities
Microsoft’s Patch Tuesday update has fixed 137 vulnerabilities of which 14 are considered critical. Among these critical flaws were a number associated with Microsoft Office which could be exploited by simply opening a maliciously crafted document or even viewing it in a preview pane.
Here is a comprehensive article on BleepingComputer looking at this month’s updates:
Microsoft Patch Tuesday June 2025 – SANS Internet Storm Center
Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws – BleepingComputer
Ok, so you do not use Windows – you are a Mac person and proud of it, Patch Tuesday has no impact on you. But what happens when your supplier or best client skips the Patch Tuesday updates? These updates are important for everyone! Even more so this month as updates for Microsoft Office are on the way to fix critical errors mentioned above.
Your Takeaway from Microsoft Patch Tuesday.
As always the days around Patch Tuesday are busy for our team as they check the reports from the SOC and RMM to ensure the clients we look after, that everyone in their organisations has updated their systems. If you do not have that kind of support then get these updates done yourself and check that the auto-updating has auto-updated.
Why is Microsoft’s Patch Tuesday Important?
Last year a high-profile hack of the UK’s Electoral Commission, was partly attributed to a failure to apply updates and patches to their systems:
Just when you thought the election was behind us!
Patching and updates are an important step in every cyber security plan – you and you team must get them done – read about that here:
How Microsoft Patch Tuesday can help your cyber security planning
and here:
Don’t Skip That Restart | Octagon Technology
If you’d like our team to check that the updates are being done, have a look here.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Summer Cyber Security Webinars
The first summer webinar has happened – you have missed the live event but I have recorded it. It is not too late to sign up for the rest of the series and then you can get access to the recording of the episodes you missed.
