Essential Patch Management for Azure Tools #shorts

Essential Patch Management for Azure Tools

➡️ Watch full clip here: https://youtu.be/cLNedMpRCyk
➡️ Register for Patch Tuesday Webinar Series: https://www.ivanti.com/lp/webinar-series/patch-tuesday
➡️ Download slides here: https://www.ivanti.com/resources/patch-tuesday

Development tools are vital for effective patch management. Some components can be updated automatically, while others require manual updates due to possible disruptions. The operations team is responsible for addressing critical vulnerabilities in Azure tools, which necessitate thorough investigation. Additionally, vulnerabilities in Visual Studio and Azure VMs must also be managed by both development and operations teams to ensure system security.

Key Takeaways
Microsoft resolved 107 new CVEs, including one public disclosure. Thirteen CVEs are rated Critical (nine RCE, three Information Disclosure, one Elevation of Privilege) by Microsoft and affect the Windows OS, Office, Azure Stack Hub and Azure Virtual Machines.
The highest priority for Microsoft updates is SharePoint. The recent exploits of SharePoint vulnerabilities identified in July is a continued risk and should be resolved ASAP. CISA has made multiple updates as has Microsoft in the MSRC blog.
Microsoft resolved one publicly disclosed vulnerability in Windows Kerberos (CVE-2025-53779). The CVE is an Elevation of Privilege vulnerability that could allow an attacker to gain domain admin privileges. The CVE is rated Medium and has a CVSS score of 7.2. The vulnerability only affects Windows Server 2025.
Microsoft SQL Server and Exchange Server each resolved five CVEs. The highest CVE rating for both updates is rated Important.
The urgent Adobe update released on August 5 and resolved two publicly disclosed CVEs (CVE-2025-54253 and CVE-2025-54254). APSB25-82 affects Adobe Experience Manager Forms and resolves two Critical CVEs which have proof-of-concept code released publicly.
Adobe resolved 68 CVEs across 13 updates that include Adobe Commerce, Substance 3D Viewer, Animate, Illustrator, Photoshop, Substance 3D modeler, Substance 3D Painter, Substance 3D Sampler, InDesign, InCopy, Substance 3D Stager, FrameMaker and Dimension.
Zero-day and 1-day exploits are increasing. Security vendor VulnCheck is tracking 432 KEVs for the first half of 2025 and 32% of those were zero-day or 1-day exploits leaving defenders with very limited time to respond to emerging threats. (Source CSOonline).
Let me start this month off with a question. Have you already decided what you are going to do for your remediation plan this month? Think about it for a second. OS updates, productivity apps, browsers, and other apps are already likely under consideration for your August patch maintenance. The real decisions you need to consider are around timing. Do you proceed with your typical Patch Tuesday plan or do you need to accelerate any zero-days, etc?

#PatchTuesday #Patchmanagement #Cybersecurity #SharePoint #vulnerabilities #securityupdates #MicrosoftGraph #CISA #zero-dayexploits

Chapters:

0:00 - Patch Management Overview

0:37 - Update Strategies

1:23 - outro