July 2025 Patch Tuesday forecast: Take a break from the grind

July 2025 Patch Tuesday forecast: Take a break from the grind

There was a barrage of updates released the week of June 2025 Patch Tuesday. This included security updates from Adobe, Google, Microsoft, Mozilla, and others. But it has been ‘calm’ the past couple of weeks. The news and message boards were covering the continuing update issues from the past couple of months but there wasn’t a lot of new or exciting information. If this lull in activity continues, maybe we’ll be able to get a break from the grind next week and have an ‘easy’ Patch Tuesday. Already halfway through the year, it would be nice to take a little time and enjoy the summer.

Game crashes, delayed updates, and DHCP disruptions

My article last month covered some of the issues encountered with recent OS updates and the out-of-band (OOB) patch releases. The trend continued this month for some users. The day after Patch Tuesday, Microsoft immediately released another update KB5063060 for Windows 11 24H2. This was done to address a BSOD issue due to incompatibility with the Easy Anti-Cheat service used by many games. Microsoft soon followed that up with an update to the June 10 release of KB5060842.

Per Microsoft in that KB – “Some devices in environments where IT admis use quality update (QU) deferral policies might experience delays in receiving the June 2025 Windows security update. Although the update was released on June 10, 2025, its update metadata timestamp reflects a date of June 20, 2025. This discrepancy might cause devices with configured deferral periods to receive the update later than expected.” The workaround is to create an expedite policy to deliver the update immediately, or to adjust the dates in your deployment rings to expedite the patch.

Microsoft also reported soon after Patch Tuesday that DHCP server service might stop responding or refuse to connect after the June 2025 update is applied to Windows Server 2016 through version 2025. The workaround is to roll back the latest updates. I’ve not seen any newer announcements regarding this, so be on the lookout for a fix in the upcoming July release.

Chrome zero-day patched, printer flaws revealed

Google reported a fix for their fourth zero-day vulnerability of the year. They just announced on June 30th, the Stable channel had been updated to 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Mac and 138.0.7204.92 for Linux. This was in response to CVE-2025-6554 which was listed as ‘type confusion in V8’, the JavaScript engine. No details were given about the known exploitation.

In a different type of print nightmare, Rapid7 reported 8 vulnerabilities it found in 5 different printer manufacturers. As reported, the most serious is CVE-2024-51978 with a CVSS 9.8, where an unauthenticated attacker who knows the target device’s serial number, can generate the default administrator password for the device. This vulnerability cannot be fixed in firmware but can only be addressed in a new manufacturing process.

The good news is that this CVE is only an issue if you haven’t reset the default password. This project has been several months in the making, so please read the article and take steps to protect your printing devices from exploitation.

July 2025 Patch Tuesday forecast

  • Microsoft has been working hard on Office the last several months, so look for continued security fixes in all the Office products. We haven’t seen a security fix in the .NET framework or any of the dedicated server software in several months.
  • Adobe Acrobat and Reader received an update last month, but look for updates in the popular programs of Creative Cloud this month like Photoshop and Illustrator.
  • Security updates could be on the way for Sequoia, Sonoma, and Ventura since they were last updated on May 12th. They will include the standalone and embedded updates for Safari as well.
  • If you haven’t picked up the zero-day release yet, be sure to include Chrome update in your deployment. Google releases almost every Patch Tuesday.
  • Mozilla released security updates for Firefox back on June 24 and followed up with related Thunderbird updates. I’m not sure how to call this one, but be on the lookout for a Firefox release soon.

June 2025 has been a quiet month with regards to big announcements and patch updates. Let’s hope that continues into this Patch Tuesday.



Source link