August is shaping up to be a busy month for Patch Tuesday, with Microsoft’s SharePoint receiving important updates. The recent July 2025 Patch Tuesday saw the disclosure of only one publicly disclosed CVE in Microsoft releases, but two vulnerabilities in SharePoint were exploited soon after, prompting a rush of hotfixes near the end of the month.
Microsoft found that fixing a vulnerability can take multiple iterations, as seen with their recent round of SharePoint updates. Although they initially released a more ‘hardened’ fix for the ToolShell attack chain, it was later reported to have been bypassed by attackers. As a result, Microsoft has included these fixes in their August Patch Tuesday releases.
In addition to SharePoint, other major non-Microsoft updates include:
* Google’s weekly Chromium browser updates to address several vulnerabilities, including a zero-day CVE-2025-6558
* Apple’s major updates for its operating systems and applications, including Ventura 13.7.7 with 41 CVEs and Safari for Ventura with 17 CVEs fixed
The forecast for August Patch Tuesday includes:
* SharePoint receiving important updates, including machine key rotation to mitigate the ToolShell attack chain
* Security fixes in .NET framework or SQL Server
* Adobe continuing its steady stream of updates for the Creative Cloud suite of products
* Apple having a break from major issues, with all recent updates deployed and ready for use
* Google releasing Chrome updates late in the day as usual
* Mozilla’s Firefox and Thunderbird updates, along with their ESR versions
Source: https://www.helpnetsecurity.com/2025/08/08/august-2025-patch-tuesday-forecast