Particle.news

Download on the App Store

Microsoft’s July Patch Tuesday Delivers 130 Windows Fixes With No Active Exploits

Coordinated Adobe and SAP security bundles broaden enterprise defenses, with Google skipping its monthly Android update

Image
Image

Overview

  • July’s Patch Tuesday delivers 130 Windows fixes with no actively exploited vulnerabilities, marking the first exploit-free update of the year.
  • The release addresses a critical SPNEGO heap-overflow (CVE-2025-47981) rated 9.8 that allows remote code execution.
  • Four new Office vulnerabilities, including a Preview Pane bypass (CVE-2025-49696), require no user interaction to execute code and are among 16 Office patches.
  • Microsoft also patched a SQL Server zero-day and a previously exploited Chromium engine flaw (CVE-2025-6554) included earlier this month.
  • Adobe released urgent fixes for ColdFusion and Experience Manager Forms and SAP issued 27 updates including a CVSS 10 flaw, while Google skipped its Android patch cycle.