Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

August 2025 Patch Tuesday: SharePoint, Exchange & Zero-Day Trends

Ivanti
07/14/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


My name is Chris and joining me today as always is Todd. And we are looking forward to going through all the new updates and news that have come out this month. We'll go ahead and get started. So we're going to go through what released yesterday. We're going to talk a little bit about the latest news, cybersecurity events, vulnerabilities being exploited, things like that. That you may want to be aware of. And then we're going to switch over to going through the bulletins releases specifically that we're going to be talking about that released in our catalog yesterday, and then Todd's going to walk us through what we call between the Patch Tuesdays. So that's for those of you who are on here regularly, you know, we've got a lot of updates that happen in between Patch Tuesdays, so we try to do a recap of those to help people understand what are the other things that you should be keeping an eye on. So that's the lineup. Starting off with the updates that came out this month, Adobe did have a rather large release, 13 overall products that were updated, five of those that we support currently with the Creative Suite. And then Google Chrome did release later in the day. So we did capture that. And then we've got seven updates from Microsoft this month, including Exchange and SQL. So a couple of not so regular products being updated this month as well. So we're going to cover all of the updates there and some of the specific high risk items that you'll want to be aware of. So starting off with a little bit of news, and this is where I'm going to go over to sharing my screen and going through some of these articles specifically to touch on what kind of the key points are that you may be interested in. So as I do that, go ahead and if you've already downloaded the presentation, you can grab those links and be able to jump into these articles as well. All of these will link to the articles that I'm about to show you. First, SharePoint got a little bit of attention somewhere around mid-July. There were a couple of vulnerabilities that were actively being exploited. And Microsoft and CISA have both been pretty loud about the guidance around this to make sure people are aware of and taking immediate action on this. So you can see that the CISA article here has actually been updated multiple times in the past few weeks. And you may, if you're, if you're running SharePoint, especially a public facing SharePoint, you're probably already aware of, of many of the details of this, but there's a publicly reported attack chain called Toolshell that was exploiting two CVEs that were the original exploit that was occurring that drove this release to, to occur. So that was the first event. And later on, Microsoft resolved the issue, but have now since found that there are two new CVEs that are able to bypass the originals. These two had not been exploited, have not been exploited actively as of yet. But if a threat actor is already actively exploiting the first pair for them to go through reverse engineer the chain and be able to exploit the new pair, probably not that significant of an effort. I was actually just talking with some of my colleagues just this week about this, but basically this is, this is one of those things that you don't really hear about in the value drivers for transitioning to cloud, but on-prem software has a lot of security risks nowadays between AI tools and just decryption tools in general. A threat actor can get their hands on code for a piece of software and decrypt it pretty much with a 90, 90%, 91% or better accuracy. So once a new update is released, they can decompile that and start looking at the changes. So that's why this is such a, you know, additional risk is to go from the original pair of CVEs into exploiting the new bypasses that Microsoft has already identified and resolved. Isn't going to be that big of an effort for a threat actor to go and do. It's just going to be time, really not, not significant effort. So there is a high risk that this new pair will be exploited and definitely something that if you're running the SharePoint and you've only taken action on the first pair, you would definitely want to apply the update and get the second pair resolved as well. So there's, there's a, a lot of information in here about making sure that your detection guidance, you know, the making sure that you're looking for indicators of compromise, you know, making sure your threat detection and event logging are, are updated in place and looking for, you know, any signs of exploitation there. There is, Microsoft's MSR, sorry, the MSRC article that came up, Microsoft had a blog post that they posted and then a deeper level of guidance on the MSRC. I don't know why that word's not working for me today. Getting more in depth on this. So one of the pieces of guidance that they are talking about, and I just need to scroll down here to get to it. They're giving you a few steps on how to make sure that once you've updated to get the, all four CVEs resolved, the original pair that were exploited and the new two vulnerabilities that are vulnerabilities that were discovered and fixed. You want to make sure you've upgraded, ensure your anti-malware scanning is in place, whether it's Defender or whatever vendor you're using, make sure it's configured correctly on SharePoint and make sure that you're set up correctly. More importantly, they are highly suggesting that you rotate your SharePoint server ASP.NET machine keys. If your system were to have been compromised, this would, after you've updated the fixes and got those in place, changing these keys out will ensure that they don't have anything else that's been tampered with that could allow them to continue to bypass protections in place within your environment. So once you, you follow all of those steps, you should be protected against these vulnerabilities in your environment. So there is a bit of reading to do there to, to make sure you've gone through all the steps. There's, you know, links to the articles from both CISA and Microsoft to get you all the details you may need there. The next update that we wanted to talk about is for Exchange Server. Now Exchange Server did have a security update this month, five vulnerabilities, highest rating on any of those was important. No major security concerns on that. What is, you know, coming up on, you know, a lot of conversations there is if you are a Exchange Server user and you have the hybrid deployment deployed in your environment, there's a couple of key changes that are coming that you want to be prepared for, and we've provided a link to the article that goes through these in more detail. So the first change is a transitioning to a dedicated Exchange Hybrid application. So they talk about the details of that and what it means. The second major change is a deprecation of EWS calls and switching over to a REST-based Microsoft Graph API set of calls for Exchange Hybrid. So if you're using any of those type of API calls on EWS, you'll want to be aware of this and how you would switch over to using the same on the REST-based Microsoft Graph API instead. If you go down a little bit further, there is a timeline here that talks through the transitioning of many of these capabilities, you need to be done with all of these changes and make sure that you're in place before October 2026, or you could experience disruptions to capabilities within your Exchange Hybrid deployment. So if you are on an Exchange Hybrid deployment, this is an article that you should make sure you've read up on and have started to implement those changes before that timeframe in October. October 2026 is when the retirement of EWS in Exchange Online is going to occur. All right. Next is kind of just a, it was a really good article talking about some of the trends that are being seen. And if you read my blog from yesterday on Patch Tuesday, I started it off more with talking about, you know, there's a different mindset that we need to get into in getting ahead of vulnerabilities and being able to respond to vulnerabilities more quickly. So I talk about that a little bit in there. And the first thing is really starting to, you know, think through how you define your risk appetite and make sure that you've configured for being able to remediate based on that, on that risk appetite, what this means is you've already made the majority of decisions that need to be made when Patch Tuesday comes around or when there's a zero day or when there's a, a new browser release, you know, cause they're all on a continuous release cycle every week. You already know the answer to when and how those things are going to be deployed. You've made those decisions. So really it's, it's more of a matter of on that, when that new finding comes in, you just need to determine, is there anything of a high risk that needs to take a faster track or do you let it get resolved in the course of your current you know, routine, you know, maintenance, you know, your once a month maintenance that typically starts around Patch Tuesday or have some of you are already moving towards doing a parallel kind of track where you do your monthly maintenance or routine maintenance that comes around each month. And then you have tracks for additional work, like priority updates that you do on a more weekly basis, like the browsers sitting down and having that thinking through that within your environment will help you trying to get ahead of this type of trend or trend that's going on. So CSO online released this article talking about the fact that 32% of exploited vulnerabilities in 2025 are zero day or one day exploits. So that means that, you know, we are having to detect, prioritize, and respond to many of these threats much faster than we've had to in the past, and that number is growing. So there's a pretty good breakdown of some of the trends here. And some of the areas that are definitely, you know, getting hit hardest, there were 432 new CVEs tracked by VulnCheck is the threat Intel vendor in this case that were added to their known exploited vulnerability database in the first half of this year. 132 of those CVEs were added by the U S cybersecurity and infrastructure CISA to its KEV list. So if you're going based on CISA's KEV list, you know, you're, you're only getting a subset of all exploited vulnerabilities that are out there. I've talked with the team responsible for that CISA KEV list before. They do good work. They're, they're trying to prioritize the tip of the iceberg, the worst of the worst, the ones that you absolutely have to take action on soonest, but it's not all of the vulnerabilities that are being exploited. So like VulnCheck, like our own vulnerability Intel, we're tracking a larger number of CVEs that are actively being exploited at any given time, and it's a pretty large order of magnitude difference, so it's always good to look at that and determine is CISA KEV enough, or do you need additional vulnerability Intel? Those of you using the Ivanti Neurons for patch management solution, you know that we've got that same vulnerability Intel in our risk-based vulnerability management platform is also feeding into the patch catalog in the Neurons patch solution. So you get a lot of that, any of those exploits relating to our products that we support, the, the products in our catalog, you'll get that known exploited information there, but getting that better understanding of what's actively being exploited is a key part of how we get ahead of these challenges. They also talk about a few other key trends, like the, what are the larger buckets of devices or types of software vulnerabilities that are being targeted? So far this year, the one of the largest is 86 of those stemmed from the CMS platforms that you may be running. So, especially if you're using things like WordPress, WordPress was a significant contributor to that 86 CVEs that are in those CMS platforms. And a lot of it is the WordPress plugins. Those plugins can be very risky. Yes, they help you to deliver content more effectively, but many of them can be exploited and are being exploited. So that's the largest bucket is your CMS systems. That unfortunately is our pieces of software that typically need to be updated by your web team. They're not solutions that those teams can just use a patch management solution to quickly update because oftentimes like WordPress, when you update WordPress, you potentially could break a whole bunch of plugins. That bake all of your content generate and present correctly. So those are a bit more complicated. The second most impacted category were network edge devices. If you were at Black Hat or have any seen any of the recent news there, there's a number of different vulnerabilities and nation state level threat actors who are targeting everything from commercial or corporate level devices to, you know, commercial, you know, home Soho type devices. So there's a lot of vulnerabilities in those network edge devices that are being targeted across the industry. I'll pretty much all vendors. Um, there were some recent news from Amber Wolf. They were, they were hitting a few of those vendors pretty hard for not being responsive to vulnerabilities, even when they'd known about them for a while. So definitely a lot to look at in that network edge device bucket. Again, complex devices that usually need somebody from network security team to be able to update those devices to ensure that they update and you don't break routing or firewall or other, you know, VPN access, any of those types of capabilities. So a lot of times you need people to update those devices, server software, 61 of those 432 are targeting, you know, typical server software that we're running within our environments. Open source was another 55 operating system, another 38. So those that rounds out kind of the top five categories. And that's the majority of those 432 vulnerabilities that are being exploited this year. So, yeah, there's, there's definitely a lot. There's certain vendors that, uh, you know, are definitely large vendors that we have a lot of instances of in our environments like Microsoft or Cisco or Apple, or, you know, those are definitely going to be ones that are going to be most targeted because they are everywhere. So making sure that you've got the right tools in place to understand what you've got, what's being targeted and how you're responding to those as quickly as possible. So the number of zero days are increasing. The number of vulnerabilities that are exploited within, you know, a very short time after a fix is released is also increasing. So trying to understand how you're responding more quickly to those, this article just gives a good read on, on what the trends are and what you need to try to prepare for. There, this has been ongoing for a couple of months now, but, uh, there were additional advisories sent out by some of the European security institutions that were trying to recommend organizations update their net scaler infrastructure tool or devices within their environment. These, there's a CVE that's been actively being exploited for a few months now. And the, they've done some research on how many devices are still exposed to that worldwide. So there's two CVEs that they're tracking from the research that this, uh, this firm did. There were 3,300 internet connected net scaler instances that were vulnerable to 5777 and another 4,100 instances that are still vulnerable to 6543. Again, these are being targeted by a nation state threat actors as well as potentially others. So urgent kind of make sure that you, if you are running these types of devices, that you are responding to and getting these resolved because there is escalating amounts of traffic trying to exploit these. So this is just the advisory from the National Cybersecurity Central and CSE that was recommending the actions to be taken. So again, if you are running a net scaler device, that's one of the, the larger trending campaigns that was being called out. Another one that is fairly recent is the RomCom vulnerability in WinRAR. So RomCom attackers aren't the only ones that have been leveraging this, but they, the WinRAR vulnerability is definitely trending right now. There's a number of attacks going on against Russian organizations, but there are other threat actors who are starting to take advantage of this as well. So this vulnerability in WinRAR, if you're running WinRAR anywhere in your environment, you'll want to definitely get that updated. One other thing that they mentioned towards the end of this article is 7-Zip users. If you are using 7-Zip, there is a vulnerability that has now been publicly disclosed and, you know, has a high risk of being exploited in the, in the near future here. So that one is an elevated risk because of that disclosure. So WinRAR, 7-Zip, these are common tools that we have throughout our environments. You'll want to make sure that you're getting those updated wherever they may reside in your environment. Okay. Let's jump back into the presentation. Here, we do have one public disclosure on the Microsoft side. 7.2 CVSS score. The attacker in this case to exploit this vulnerability has to take a few steps that, you know, would make it so that they could actually exploit this. But there is proof of concept level code available for this. So threat actors have a little bit of a headstart on this one, which is why you may want to be concerned about this, even though it's only got a 7.2 CVSS score. We've seen many vulnerabilities with a 7x CVSS score being actively exploited, even some lower. So the CVSS score and the severity are not the things you want to go off of based on this. The fact that it's been disclosed and that it's, that there's a proof of concept level samples that could be out available publicly are the two risk indicators that you want to go off of here. The good news on this one is it only affects Windows Server 2025. So a limited number of systems are affected by this one. For those of you who have started running or started rolling out Windows Server 2025, this is just part of the Windows OS update this month. So once you get that in place, you're good to go. No need to rush out and do this more urgently than, you know, anything else. Just a matter of making sure that you've, you've got your Windows OS updates applying to your Server 2025 servers this month. Ivanti had a few updates that we pushed out as well. So there were three products that were updated this month. Ivanti Avalanche resolved two CVEs, Ivanti VADC resolved one, and Ivanti ICS, IPS, and ZTA gateways resolved several vulnerabilities there as well. So if you are running any of those Ivanti products, go ahead and go out to each of those advisory pages as necessary. And that will guide you to any relevant download links and getting access to all the information you'll need to be able to get those updated. On the Linux side, we've got a couple of new CVEs from our friends over at TuxCare. For those of you not familiar, TuxCare is a partner of ours who focuses on Linux specific updating. And more importantly, they do a approach to Linux called live patching, which makes it so that you can, basically you're patching the RPM in memory. It doesn't change the RPM on disk, it changes out the RPM running on that Linux distro so you've effectively patched it without having to do a reboot. So their coverage is very focused on the kernel and certain very commonly targeted pieces of a platform like OpenSSL, things like that that they're focused on, but they tend to give us kind of a heads up on what are the CVEs that are most recently kind of making a stir in the Linux world. The good news is this month, it's fairly, fairly light. This is probably the worst of the three here, a CVSS score of a 9.8. It's affecting Debian specifically. This one is, there's a utility called uscan. It's widely used for managing upstream code updates within your Linux distributions. So if you're using uscan, this may be a concern for you that you want to take a look at. What's basically happening here is this vulnerability could cause uscan to skip OpenPGP verification if the upstream source is already downloaded from a previous run, even if the verification failed back then. So it's able to bypass certain checks there and potentially create a risk within that environment. So their recommendation here is that you're advised to apply the vendor provided patch as soon as possible, and that will resolve the issue and make it so that that OpenPGP verification is not skipped or bypassed. The next one is a vulnerability in Oracle VM VirtualBox. So those of you running on Oracle VirtualBox, Oracle released a patch to address this vulnerability and recommends that their users all update as soon as possible. Exploitation in this case could result in a compromise of that VM VirtualBox. So they have the potential to do a system takeover. So it's a, if they get to that, it's a pretty nasty vulnerability that they could get access to a system-wide control there, so that's why Oracle is advising to get this one updated as soon as possible. And the third one here is Ansible Automation Platform, a CVSS score of 8.8. This one's a flaw in their event-driven Ansible component, EDA, on the Ansible Automation Platform. And the vulnerability could cause user-supplied git branch or ref spec values to be evaluated as Jinja2 templates. The vulnerability could allow an authenticated user to inject expressions that could execute commands or access sensitive files in that EDA worker. So definitely something where giving them an ability to inject code execution and get access to files they should not have access to, pretty, pretty severe Updating your Ansible Automation Platform installations to the latest version will resolve this. So anybody running Ansible Automation Platform, you should check out the latest vendor security fixes there and get that one updated. No disclosures or detection of any exploits of these three. They're just the three kind of highest risk recent CVEs on the Linux, in the Linux world that you want to take a look at. All right. On the development tool side. So, you know, again, this is one of those things where in patch management world, there's things that are easily updatable, things that the patching solutions can do. And then there's the things that are not easily updatable. Your development tools are oftentimes those. So two of the critical CVEs this month for Microsoft were in Azure. There, so you see a couple of Azure tools that need to be updated there. So that may be your operations team who needs to go and update those. Each of those Azure updates may vary in what needs to be done. Many of them, if you're doing the automatic updating of those components will just automatically be done. Some of them may require you to take an action and push an update because it may be something that could be more disruptive. So Microsoft puts it on you to do those updates. So each Azure vulnerability that gets resolved does take a little bit of investigation to make sure that you've taken all actions that are necessary. There's a couple of other things that came out, Visual Studio, Web, Web Deploy 4.0, Windows subsystem for Linux, and multiple V5 series Azure VMs. Vulnerabilities, there were vulnerabilities in all those components. So your development teams and your operations teams may have some actions they need to take to get those resolved. We've been talking about this for quite a while, but we're getting ever closer to the Windows 10 end of life. So as we've talked about before, you want to make sure that you've got your Windows 10 systems migrating over to Windows 11, or that you've upgraded to the latest branch of Windows 10, and you've got extended support, the extended security update subscription with Microsoft in place to prepare for continuing to maintain those boxes going forward. Microsoft is providing three years of ESU support. And those of you who are running on Ivanti solutions that want to do that, we are offering that ESU coverage as well. So if you're subscribing to Microsoft's ESU coverage and would like to continue patching those devices with our solutions, there's just a subscription that really just covers the operational costs of us maintaining Windows 10 support for the next three years. So there's two steps there to do that. We've tried to make it as inexpensive as possible. Microsoft has kind of a doubling structure each year. So year one, MSRP is like $61. Year two, it's $122. Year three, it's $224. Ours is just a flat fee. It doesn't matter how many Windows 10 systems you have. We're just charging ours as more of the operational cost to continue running environments and testing against that. So it'll be a small amount compared to what you're going to pay for the Windows 10 support. So if you need that, do reach out and we can definitely get that in place for you as quickly as possible in preparation for October. And I think, Todd, that wraps up all of the news. So over to you for the bulletins and releases. All righty. Thanks, Chris. Hello, everybody. And welcome. Let's go into the releases that we saw yesterday. Chris did mention that Chrome did drop later in the afternoon. Yesterday, they addressed five vulnerabilities as listed here. No report of anything being publicly exploited, zero day wise. So this was just kind of a normal weekly Chrome update. Make sure you're rolling those out, you know, as part of your schedule. Chris also mentioned that we saw a number of Creative Cloud updates. I have included those on the list here. We'll go through them pretty quickly. There was an update for the latest version of Adobe Animate. Two vulnerabilities, a lot of these were rated critical. In this case, there's one critical and one important, but you'll see in the upcoming articles, bulletins, that there are a lot of critical vulnerabilities reported. In addition, an Adobe Illustrator was updated, both versions here. These are typically 2024 and 2025. I've included the actual release numbers so you know what the updates are when you look at them in the application itself. In this case, arbitrary code execution and some denial of service vulnerabilities. Four of them, two rated critical, two rated important in the Illustrator update. We did see a Photoshop update, just one critical vulnerability associated with arbitrary code execution. Again, versions 2024, 2025 here on that. In copy, a few more vulnerabilities, 14 this time. 11 of these were rated critical, so definitely something you want to make sure you include in your updates fairly soon. And finally, the last one is Adobe InDesign with eight vulnerabilities as I've listed here. Both versions also available for all of these, I should say, are available for Windows and Mac as well. So make sure you include those in your updates. Moving into the actual Microsoft updates from yesterday's Patch Tuesday, we did have a Windows 11 update as we expected, of course, 66 vulnerabilities, so still a large number addressed. Chris did talk about that Kerberos elevation of privilege vulnerability. I highlighted it here in red, 53779, which was publicly disclosed. Nice this month that we didn't see any new reported known issues for this set of updates for Windows 11. So that's nice. On the Windows 10 side, same thing. No reported issues around these. Four fewer vulnerabilities addressed, 62. As Chris mentioned, this is a rapidly approaching the end of life here in October. So we're continuing to see obviously the security updates coming out for each one of these. But again, the one that they're going to cover under the ESU program will be 22H2 version of Windows 10. So be aware of that. Pretty large update for Office this month. 16 vulnerabilities addressed across a lot of products, not only just the Office suite itself, but you'll see things like Office for Android. You'll see a lot of the Teams updates, Office online server, et cetera. Make sure you're rolling these out. It was rated critical this month. There were a few critical CVEs in there, which elevated this to a critical status for the update this month. Of course, the click to run versions as well. We did see all the usual updates addressing 14 vulnerabilities in this case, a lot of overlap from the previous ones, obviously, but again, there's the 365 apps, Office 2019, and the two long-term service channel versions, 2021 and 2024. Exchange server. Chris talked quite a bit about Exchange server earlier. Number of updates coming out here as well. You know, five vulnerabilities were addressed in this particular release. There is one known issue when you apply these updates. It talks about the failure of the Edge transport service. Sorry. There are some detailed directions in the KB article that I have linked down below there, and although it says that it's kind of an obscure title, there actually is Exchange server 2016 directions in that article as well. It's kind of interesting what they've found is that essentially what you have to do is you have to go in, put some temporary settings in place, apply the hot fixes, and then after you've applied the hot fixes, disable some of the additional privileges that you've put on the Exchange server and then everything will be working properly. So dig into that KB article. If you've run into this particular issue, again, updates for Exchange server, all the versions that are supported, 2016, CU23, the two versions of server 2019, CU14 and 15, and the subscription edition as well. So kind of walk through it and make sure you get updated properly this month. And finally, SQL server. We did see the updates this month, again, rated important, five vulnerabilities, basically all the supported versions. Make sure you apply the proper one for the way you've been doing your updating, whether it be the GDR versions or the CU32, the CU versions as well. So did see the update for SharePoint server, also rated important this month. Chris talked earlier about the CVEs that had been bypassed and making sure that you do update your machine keys after you've done the update. So follow the article, make sure you go through and update everything properly. There's a little additional information, or I should say additional steps required this month as you go through the update for SharePoint server. We do have a lot of patches that have come out since last patch Tuesday. I'll walk through these with you. We break them up into a number of categories. We have security updates with CVEs. We have the security updates that the manufacturer tells us, or the vendor tells us that they have included security fixes, but don't necessarily have CVEs associated with them. And then of course we have the non-security updates, typically performance enhancements, bug fixes, things like that, that don't necessarily have security implications. You can see large number of updates. The number in parentheses are the number of updates that have come out since last patch Tuesday. We did have a lot of the Java releases that came out. You'll notice in here that a lot of them that are listed in the middle here with security updates without CVEs, the articles that they had, or the bulletins that they released, for example, Eclipse, AdoptDM, Azul, Zulu, et cetera, a lot of times when these come out and we generate the content for these, we don't immediately have all the CVEs that they've addressed in there. So they fell into this category this month, but there are some, you'll see the Java 8 from, the Java updates from Oracle in particular actually are covered here and we'll see them in just a second. So here are all the Chrome updates. Again, we're getting weekly Chrome updates these days. A number of vulnerabilities, you can see four, two, one, eight of them here, the last version. Obviously you want to keep your Chrome up to date. As we saw, there was an update that dropped yesterday as well. Here are the Firefox updates and the Firefox long-term support ones, the ESR versions, nine vulnerabilities and 14 vulnerabilities addressed respectively. And the last two there, the 128 and the 140 versions. So you want to keep those up to date. Adobe Apache Tomcat, a number of fixes in the two different versions that came out this month. Make sure you're addressing those on your, obviously your web servers. Internally, some Git for Windows had seven vulnerabilities that were updated. Node.js had a couple of updates. So if you're using those products, make sure there's a current version. And there were two updates for the upper version, the LTS upper. We saw an Opera update that addressed one vulnerability. A VirtualBox, seven vulnerabilities this month with a single update in between the Patch Tuesdays. Here we are. Here's the Java updates for the month that came out from Oracle with the specific vulnerabilities. You can see that the, this is from the newest version to the oldest. The current version of the Java development kit is version 21. That's in the long-term service channel. Five vulnerabilities that were addressed there. We see 17 had five vulnerabilities and 11 had five vulnerabilities as well. They're not exactly the same for each one of these. I think the Java 11 was slightly different. And finally, there at the bottom, the oldest version that they're still supporting under long-term service is Java 8. We're now up to update 461. This is available in both a JRE and a JDK. Whereas the upper ones are really only for development where you're compiling the Java into your applications. There's still a runtime element in Java 8. So they are updating those separately as well. So there's eight vulnerabilities that were addressed this month under Java. Finally, a third party as for Thunderbird, we saw the version 141 updated with 16 vulnerabilities. The ESR version 128, obviously similar to the other version, which was nine vulnerabilities addressed this month. And then we have VMware tools. And finally, we have a VMware Workstation Pro was also updated this month with four vulnerabilities addressed. Moving over to the Apple side, we did see a major set of Apple releases this month from the, from Apple itself on the operating systems, as well as Safari. I'll have those here in a second. And we had a lot of other updates as well on applications between the Patch Tuesdays. Here are the updates for the various versions. Ventura 13.7.7 came out with 40 vulnerabilities. Sonoma also 14.7.7 with 49 vulnerabilities and Sequoia 15.6. 87 vulnerabilities, quite a few there. The Safari updates, those are for actually Ventura and Sonoma typically, and Sequoia has it built into their updates. There were 17 vulnerabilities there. I should make a note at this point that macOS Tahoe is now in beta. They're anticipating a release sometime September, October this year. So if you're going to be updating there, you might want to take a look at that. Apple is changing their designation. They're going to the yearly designation. So they're going to get away from this 13, 14, and 15 version. You'll see that the new version will be called macOS 26, because it's going to be the active version in 2026. And they're calling it macOS 26 Tahoe at this point, sorry. Updates for Chrome, of course, both across the Windows as well as the Mac side. Typically the same number of vulnerabilities addressed in each. There's overlap there. You see the Firefox and Firefox ESR updates as well. Same typical vulnerabilities here across both operating systems. Other updates that occurred this month, Adobe After Effects, two vulnerabilities fixed there. We saw an update for Docker Desktop running on Mac for 4.44 version addressing one vulnerability. Then we had a series of Office updates that came out between the patch Tuesdays. There was an Excel, you can see it's all 16.99. So you'll see that across all of these, except for Edge when we get to that. Excel, OneNote, Outlook, PowerPoint, and Word all got an update addressing various numbers of vulnerabilities as I've listed here in the release information. And then finally we get the Edge updates. Obviously Edge for Mac is a highly used application as well. Based on the Chromium updates as we've talked about earlier, you can see the different versions here. Three vulnerabilities addressed there, two vulnerabilities, one vulnerability. These are coming out obviously on the weekly release schedule that we get with Chrome as well. So we see all those updates. The last one here was on August 7th. Eight vulnerabilities addressed for Edge on Mac. Thunderbird updates, I think is my last slide. 16 vulnerabilities, the ESR version down there, 14 vulnerabilities. Again, a large number of CVEs addressed in each one of these. You want to make sure that you keep up both the browser side as well as the email side for support.

TL;DR

  • SharePoint Server has four actively exploited or bypass-capable CVEs requiring immediate patching plus ASP.NET machine key rotation to fully remediate the Toolshell attack chain.
  • Exchange Hybrid users must migrate to dedicated Exchange Hybrid application and REST-based Microsoft Graph APIs before October 2026 or face service disruptions.
  • 32% of exploited vulnerabilities in 2025 are zero-day or one-day exploits, requiring organizations to shift toward faster detection and response capabilities.
  • NetScaler devices remain under active nation-state targeting with over 7,400 vulnerable instances still exposed; WinRAR and 7-Zip also have high-risk vulnerabilities.
  • Windows 10 end of life is imminent—organizations must migrate to Windows 11 or implement ESU coverage on Windows 10 22H2 to maintain security updates.

Critical SharePoint Vulnerabilities and Attack Chain

The August 2025 Patch Tuesday session opens with urgent guidance on SharePoint Server vulnerabilities that have been actively exploited through an attack chain called Toolshell. Microsoft and CISA have issued multiple advisories about two original CVEs that were exploited, followed by two additional bypass vulnerabilities discovered during remediation. Organizations running on-premises SharePoint, particularly public-facing instances, face elevated risk as threat actors can reverse-engineer patches to exploit new vulnerabilities quickly. The presenters emphasize that after applying updates, administrators must rotate SharePoint server ASP.NET machine keys to prevent continued exploitation through tampered components.

Exchange Hybrid Changes and Zero-Day Exploitation Trends

Exchange Server received security updates addressing five vulnerabilities, but more significantly, Microsoft announced major architectural changes for hybrid deployments. Organizations must transition to a dedicated Exchange Hybrid application and migrate from EWS calls to REST-based Microsoft Graph APIs before October 2026 to avoid service disruptions. The webinar also highlights alarming industry trends: 32% of exploited vulnerabilities in 2025 are zero-day or one-day exploits, meaning security teams must detect, prioritize, and respond to threats faster than ever before. VulnCheck tracked 432 new CVEs added to their known exploited vulnerability database in the first half of 2025 alone.

Third-Party and Linux Vulnerabilities Requiring Attention

Beyond Microsoft updates, the session covers critical vulnerabilities across the software ecosystem. NetScaler devices remain under active nation-state targeting, with over 7,400 internet-connected instances still vulnerable to two tracked CVEs. WinRAR and 7-Zip both have vulnerabilities being actively exploited or at high risk of exploitation, requiring immediate attention given their ubiquity in enterprise environments. On the Linux side, a 9.8 CVSS vulnerability in Debian's uscan utility could bypass OpenPGP verification, while Oracle VirtualBox and Ansible Automation Platform both have high-severity flaws enabling system compromise or code injection.

Windows 10 End of Life and Comprehensive Update Guidance

With Windows 10 end of life approaching, organizations must either migrate to Windows 11 or ensure they have upgraded to Windows 10 22H2 with Microsoft's Extended Security Update subscription in place. Ivanti is offering ESU coverage for customers who want to continue patching Windows 10 devices through their solutions. The webinar concludes with detailed coverage of updates across Office (16 vulnerabilities including critical CVEs), SQL Server, development tools including Azure components, and extensive third-party applications. Notable updates include Java releases across all supported versions, multiple browser updates for Chrome, Firefox, and Edge, and significant macOS updates with Ventura, Sonoma, and Sequoia receiving patches for 40, 49, and 87 vulnerabilities respectively.

Chapters

0:00 - Introduction and Agenda
1:54 - SharePoint Vulnerabilities and Toolshell Attack Chain
6:21 - Exchange Server Hybrid Changes
8:06 - Zero-Day Exploitation Trends
15:23 - NetScaler and WinRAR Vulnerabilities
17:49 - Microsoft Public Disclosure
19:12 - Ivanti Product Updates
19:49 - Linux Vulnerabilities from TuxCare
23:16 - Development Tool Updates
24:42 - Windows 10 End of Life
28:45 - Office and Exchange Updates
31:25 - Between Patch Tuesdays Recap
34:47 - Apple and macOS Updates

Key Quotes

3:18 "On-prem software has a lot of security risks nowadays between AI tools and just decryption tools in general. A threat actor can get their hands on code for a piece of software and decrypt it pretty much with a 90, 91% or better accuracy."
9:55 "... 32% of exploited vulnerabilities in 2025 are zero day or one day exploits. So that means that we are having to detect, prioritize, and respond to many of these threats much faster than we've had to in the past, and that number is growing."
4:00 "There is a high risk that this new pair will be exploited and definitely something that if you're running the SharePoint and you've only taken action on the first pair, you would definitely want to apply the update and get the second pair resolved as well."
8:42 "You've already made the majority of decisions that need to be made when Patch Tuesday comes around or when there's a zero day or when there's a new browser release. You already know the answer to when and how those things are going to be deployed."
16:15 "These are being targeted by nation state threat actors as well as potentially others. So urgent kind of make sure that if you are running these types of devices, that you are responding to and getting these resolved because there is escalating amounts of traffic trying to exploit these."

FAQ

What additional steps are required after patching SharePoint Server this month?

After applying the SharePoint updates that address all four CVEs (the original exploited pair and the two bypass vulnerabilities), Microsoft strongly recommends rotating your SharePoint server ASP.NET machine keys. This ensures that if your system was compromised, attackers cannot maintain persistence through tampered components. You should also verify that anti-malware scanning is properly configured on SharePoint.

What is the timeline for Exchange Hybrid changes and what actions are required?

Organizations using Exchange Hybrid deployments must complete two major transitions before October 2026: migrating to a dedicated Exchange Hybrid application and switching from EWS calls to REST-based Microsoft Graph APIs. The October 2026 deadline marks the retirement of EWS in Exchange Online, after which organizations that haven't completed these changes may experience disruptions to hybrid capabilities.

How should organizations handle the known issue with Exchange Server updates this month?

The August Exchange Server updates have a known issue that can cause the Edge transport service to fail. Microsoft provides detailed directions in the KB article for both Exchange Server 2016 and 2019. The workaround involves applying temporary elevated privilege settings before installing the hotfixes, then disabling those additional privileges after the update completes to restore normal operation.


Categories:
  • » Webinar Library » Ivanti
  • » Cybersecurity » Endpoint Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Vulnerability Management
  • Security Operations
  • Endpoint Management
  • Technical Deep Dive
  • Webinar
  • Patch Tuesday
  • SharePoint Server security
  • Exchange Server hybrid
  • Zero-day vulnerabilities
  • NetScaler exploitation
  • Windows 10 end of life
  • Linux security updates
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: August 2025 Patch Tuesday: SharePoint, Exchange & Zero-Day Trends

              XStreaminars (watch here)

              • Jul
                28

                Illumio + Netskope: Zero Trust in the Age of AI Autonomy

                07/28/202601:00 PM ET
                • Jul
                  29

                  Ask Your Cloud Anything: Unlocking Governance Silos in your Environments

                  07/29/202601:00 PM ET
                  More events

                  Industry Events (watch there)

                  • Jul
                    14

                    Crafting a Championship-Caliber Security Team for Lasting Defense

                    07/14/202601:00 PM ET
                    • Jul
                      14

                      Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data

                      07/14/202602:00 PM ET
                      • Jul
                        22

                        Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue

                        07/22/202601:00 PM ET
                        More events

                        Upcoming Webinar Calendar

                        • 07/14/2026
                          01:00 PM
                          07/14/2026
                          Crafting a Championship-Caliber Security Team for Lasting Defense
                          https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-caliber-security-team-for-lasting-defense/
                        • 07/14/2026
                          02:00 PM
                          07/14/2026
                          Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data
                          https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-safeguarding-ai-accessible-data/
                        • 07/21/2026
                          04:00 AM
                          07/21/2026
                          Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                          https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
                        • 07/22/2026
                          06:30 AM
                          07/22/2026
                          Insights and Strategies in Data Protection and Privacy Management
                          https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-in-data-protection-and-privacy-management/
                        • 07/22/2026
                          01:00 PM
                          07/22/2026
                          Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                          https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
                        • 07/28/2026
                          01:00 PM
                          07/28/2026
                          Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                          https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
                        • 07/29/2026
                          04:00 AM
                          07/29/2026
                          Real-Time Strategies for Safeguarding Against Prompt Injections
                          https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
                        • 07/29/2026
                          01:00 PM
                          07/29/2026
                          Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                          https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
                        • 08/19/2026
                          12:00 PM
                          08/19/2026
                          Becoming Agent Ready: Insights from Cyera's Expertise
                          https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
                        • 09/02/2026
                          12:00 PM
                          09/02/2026
                          Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                          https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
                        • 09/30/2026
                          04:00 AM
                          09/30/2026
                          AI Command Center: Optimizing Visibility and Control in Your Operations
                          https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version