Weekly Security Roundup: Patch Rush, Secrets, and AI Guardrails

This week’s security news spotlights urgent vulnerability fixes, better credential protection, cloud and SaaS baseline upgrades, and practical integrations for identity, compliance, and recovery. Organizations must move quickly to patch risks, especially in Microsoft environments, while juggling the expanding roles—and new risks—of AI in security automation.

Critical Vulnerability Mitigation Across Microsoft Platforms

A SharePoint vulnerability (CVE-2025-53770) allowed unauthenticated code execution through auth bypass. Recent versions received patches, while older systems relied on custom Azure WAF rules. Exchange faced a privilege escalation vulnerability (CVE-2025-53786), remedied by hotfixes and updated trust models. SQL Server saw a denial-of-service risk (CVE-2025-49759) now patched across supported releases. These events reinforce the need for prompt patching, layered defenses, and live monitoring.

• Mitigating SharePoint CVE-2025-53770 Using Azure Web Application Firewall
• Mitigating CVE-2025-53786: Hybrid Exchange Server Privilege Escalation with MDVM
• Security Update Available for SQL Server 2019 RTM GDR
• Security Update Available for SQL Server 2022 RTM GDR
• August 2025 Exchange Server Security Updates Released

AI and Security: Expanding Applications and New Risks

AI is now being used for credential exposure alerts (Entra/AD), automated incident triage in Defender, and open-source supply chain scans (CodeQL, Copilot). However, LLM-generated code can introduce new risks. Microsoft and partners are recommending thorough review and end-to-end AI security, with organizations like Dow sharing how AI has improved threat detection and SecOps workflows.

• How Microsoft Defender Uses AI to Detect Exposed Credentials in Identity Systems
• How Microsoft Defender Experts Uses AI to Cut Through the Noise
• Securing the Open Source Supply Chain: Impact of the GitHub Secure Open Source Fund
• SonarSource Research Highlights Security Risks in LLM-Generated Code
• From Traditional Security to AI-Driven Cyber Resilience: Microsoft’s Approach to Securing AI
• How Dow Uses Microsoft Security Copilot and AI to Transform Cybersecurity Operations

Advancements in Secret and Credential Management

GitHub Secret Scanning now supports 12 more token types for proactive risk detection. Secret validity checks and push protection in GitHub Advanced Security for Azure DevOps make discovery and remediation easier. Azure DevOps has improved OAuth secret management by only displaying secrets at creation. GitHub’s MCP Server now boosts public repo scanning.

• Secret Scanning Expands Support: 12 New Token Validators Added to GitHub
• Secret Validity Checks Launch in GitHub Advanced Security for Azure DevOps
• Azure DevOps Improves OAuth Client Secret Security: Secrets Now Shown Only Once
• GitHub MCP Server Enhances Secret Scanning and Push Protection for Public Repositories

Cloud and SaaS Security Baselines, Forensic Readiness, and Integration

Azure’s updated guides on forensic readiness cover MFA, RBAC, auditing, recovery, and compliance. Third-party SaaS integration guides explain secure setup and consistent permission management for Slack, Trello, and Google. Defender for Cloud now matches compliance for US Government clouds. Queensland, Australia, has improved support for vulnerable groups with a unified MS 365 E5 stack.

• Cloud Forensics: Implementing Security Baselines for Forensic Readiness in Microsoft Azure
• Secure Integration of Microsoft 365 with Slack, Trello, and Google Services
• Microsoft Defender for Cloud Expands Security and Compliance Features for U.S. Government Cloud
• Queensland Government Enhances Cybersecurity for Vulnerable Communities with Microsoft 365 E5

Real-Time Enforcement and Advanced Identity Management

Continuous Access Evaluation (CAE) now provides real-time session revocation on Azure DevOps—closing security gaps faster. Developers should update workflows to react to new CAE signals. A new Entra ID guide for Windows Forms shows secure token-based identity setup for Arc-enabled SQL Server.

• Continuous Access Evaluation (CAE) Brings Real-Time Security to Azure DevOps
• Using Entra ID Authentication with Arc-Enabled SQL Server in a .NET Windows Forms Application

Application Security, Supply Chain, and Developer Workflows

A new survey shows most companies still deploy code with known vulnerabilities, putting them at risk. CodeQL now supports Kotlin and Rust and offers improved static analysis for JavaScript/React. The Minimus hardened images service adds VEX and Microsoft SSO to improve supply chain and container compliance.

• Most Organizations Face Breaches Caused by Vulnerable Code, Survey Finds
• CodeQL Expands Support for Kotlin and Improves Static Analysis Accuracy
• Minimus Adds VEX Support and Microsoft SSO Integration to Hardened Images Service

Windows, Disk Encryption, and System Recovery

Microsoft STORM found attackers could chain four BitLocker vulnerabilities in the Windows Recovery Environment to unlock protected drives. The July 2025 patch addresses these design flaws, serving as a reminder of the importance of layered defense and ongoing validation.

• BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets

Regulatory and Compliance Tools

The Eclipse Foundation has published OCCTET, a free toolkit to help organizations fulfill requirements under Europe’s Cyber Resilience Act. Microsoft Purview eDiscovery adds automated workflows, search upgrades, and audit controls. There are also plain-language guides for small businesses on labeling, DLP, and conditional access.

• Eclipse Foundation Publishes Toolkit to Simplify CRA Compliance
• What’s New in Microsoft Purview eDiscovery
• Practical Data Protection in Microsoft 365: Sensitivity Labels, DLP, and Conditional Access for Small Businesses

Other Security News

Malware scanning is now generally available for Azure Government Secret/Top-Secret workloads in Defender for Storage. Microsoft Teams encryption details are clarified, and S/MIME troubleshooting tackles certificate issues. There are new guides for OAuth2 automation in ADF and issuing directory extension claims in Entra ID, plus registration details for Microsoft Ignite 2025 (focused on AI defense and community forums).

• Malware Scanning Now Available for Azure Government Secret and Top-Secret Clouds
• Encryption in Microsoft Teams: How Microsoft Secures Collaboration and Communication
• Troubleshooting S/MIME Setup in Exchange Online and M365: OWA and Outlook Certificate Issues
• Troubleshooting OAuth2 API Token Retrieval with ADF Web Activity
• Issuing Custom Claims Using Directory Extension Attributes in Microsoft Entra ID
• Connect with the Security Community at Microsoft Ignite 2025