Microsoft Monthly Security Update (July 2025)
RISK: Extremely High Risk
TYPE: Operating Systems - Windows OS
Microsoft has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes |
| Windows |  Medium Risk | Information Disclosure Spoofing Elevation of Privilege Remote Code Execution Denial of Service Data Manipulation Security Restriction Bypass | |
| Azure | Medium Risk | Elevation of Privilege Remote Code Execution | |
| Extended Security Updates (ESU) | Medium Risk | Elevation of Privilege Information Disclosure Remote Code Execution Denial of Service Security Restriction Bypass | |
| Microsoft Office |  Extremely High Risk | Elevation of Privilege Information Disclosure Remote Code Execution Security Restriction Bypass Spoofing | CVE-2025-53770 is being exploited in the wild. An unauthorised attacker who successfully committed deserialization of untrusted data can initiate remote code execution in on-premises Microsoft SharePoint Server. CVE-2025-53770 is a patch bypass for CVE-2025-49704. Proof of Concept exploit code is publicly available for CVE-2025-53770 .
CVE-2025-53771 is being exploited in the wild. An authorised attacker can exploit this vulnerability to trigger spoofing due to improper limitation of a pathname to a restricted directory. CVE-2025-53771 is a patch bypass for CVE-2025-49706.
CVE-2025-49704 is being exploited in the wild. Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-49706 is being exploited in the wild. Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. |
| SQL Server | Medium Risk | Remote Code Execution Information Disclosure | |
| Developer Tools | Medium Risk | Remote Code Execution Elevation of Privilege | |
| System Center | Medium Risk | Remote Code Execution | |
| Browser | Medium Risk | Remote Code Execution Information Disclosure | |
| Apps | Medium Risk | Elevation of Privilege |
Number of 'Extremely High Risk' product(s): 1
Number of 'High Risk' product(s): 0
Number of 'Medium Risk' product(s): 8
Number of 'Low Risk' product(s): 0
Evaluation of overall 'Risk Level': Extremely High Risk
[Updated on 2025-07-21]
Updated Description, Risk Level, Solutions and Related Links.
[Updated on 2025-07-22]
Updated Solutions.
[Updated on 2025-07-23]
Updated Description, Solutions and Related Links.
[Updated on 2025-07-24]
Updated Description.
Impact
- Remote Code Execution
- Elevation of Privilege
- Information Disclosure
- Denial of Service
- Security Restriction Bypass
- Spoofing
- Data Manipulation
System / Technologies affected
- Windows
- Azure
- Extended Security Updates (ESU)
- Microsoft Office
- SQL Server
- Developer Tools
- System Center
- Browser
- Apps
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
For CVE-2025-49704 and CVE-2025-49706 :
Apply fixes issued on Microsoft Monthly Security Update (July 2025)
For CVE-2025-53770 and CVE-2025-53771 :
- SharePoint Online in Microsoft 365:
- No actions needed
- Microsoft SharePoint Server Subscription Edition (on-premises):
- Apply fixes issued by the vendor:
Security Update for Microsoft SharePoint Server Subscription Edition (KB5002768)
- Apply fixes issued by the vendor:
- Microsoft SharePoint Server 2019 (on-premises):
- Microsoft SharePoint Server 2016 (on-premises):
- Please follow the steps below to mitigate potential attacks:
- Use supported versions of on-premises SharePoint Server
- Apply the latest security updates linked above
- Deploy Microsoft Defender for Endpoint protection, or equivalent threat solutions
- Ensure the Antimalware Scan Interface (AMSI) is turned on and configured correctly. For more information, please refer to https://learn.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal
- Rotate SharePoint Server ASP.NET machine keys
Vulnerability Identifier
Source
Related Link
- https://msrc.microsoft.com/update-guide/releaseNote/2025-Jul
- https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
- https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770
- https://www.cisa.gov/news-events/alerts/2025/07/22/cisa-adds-two-known-exploited-vulnerabilities-catalog
- https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
Related Tags
Share with