SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, July 9th, 2025: Microsoft Patches; Opposum Attack;
Microsoft's July 2025 Patch Tuesday Reveals Critical Office Exploits You Can Preview
Microsoft's July 2025 Patch Tuesday fixed 139 vulnerabilities, including 130 in its own software and others related to Microsoft Edge and Chrome.
Notable are two critical remote code execution vulnerabilities in Microsoft Office that can be exploited without any user interaction—notably just via the document preview feature.
Additionally, critical SQL Server vulnerabilities were patched, including one requiring updating the OLE DB driver and another remote code execution flaw, stressing the importance of securing SQL servers.
SharePoint received a rare arbitrary code injection fix, but exploitation requires authenticated access.
The best practice is to carefully test and apply these patches before the next Patch Tuesday to mitigate potential risks.
Microsoft July 2025 Patch Guidance
- Patch the 139 Microsoft vulnerabilities carefully, focusing on critical remote code execution and information disclosure issues.
- Test patches before deployment and prioritize timely application before next Patch Tuesday.
Opposum Attack Analysis
- The Opposum attack exploits a rare TLS server setup allowing HTTP and HTTPS on one port, enabling request injection.
- It causes clients to get incorrect pages without decrypting TLS traffic, with no fix if both HTTP and HTTPS must share a port.