🔴 Critical | Source: The Hacker News
Microsoft’s July 2025 Patch Tuesday is the largest on record, addressing 622 CVEs — more than triple the previous monthly high. Two of those vulnerabilities are zero-days already being actively exploited in the wild, making immediate prioritisation essential. The sheer scale of this release significantly increases the attack surface for any organisation running Microsoft or Azure-dependent workloads.
Security Architect’s Take: Prioritise the two actively exploited zero-days immediately — identify affected systems via Microsoft’s Security Update Guide and expedite patching through your change management process outside the normal cycle if necessary. Given the record volume of fixes, triage the remaining CVEs by CVSS score and exposure, focusing on internet-facing and identity-related components first.
Original advisory: Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack