Microsoft has released its July 2025 Patch Tuesday security updates, addressing 137 vulnerabilities across Windows, Office, SharePoint, SQL Server, Azure, and other products. This month's release includes fixes for one publicly disclosed zero-day vulnerability and 14 critical-severity flaws.
The single zero-day vulnerability is CVE-2025-49719, an information disclosure flaw in Microsoft SQL Server that was publicly disclosed before patches became available. While rated as Important rather than Critical, this vulnerability allows unauthenticated attackers to access data from uninitialized memory.
Among the 14 critical vulnerabilities, several stand out as particularly concerning. CVE-2025-47981 scores a maximum CVSS rating of 9.8 for a remote code execution flaw in Windows SPNEGO Extended Negotiation that requires no authentication. CVE-2025-49735 affects Windows KDC Proxy Service with another critical RCE vulnerability. Microsoft Office components received multiple critical RCE fixes, including CVE-2025-49695, CVE-2025-49696, CVE-2025-49697, and CVE-2025-49702, which can be exploited simply by opening malicious documents or through preview pane interactions.
Additional critical threats include CVE-2025-49704 in Microsoft SharePoint, CVE-2025-48822 in Windows Hyper-V Discrete Device Assignment, and two AMD processor vulnerabilities (CVE-2025-36357 and CVE-2025-36350) related to transient scheduler attacks requiring Windows-based mitigations.
This release addresses various vulnerability types spanning multiple attack vectors. Elevation of privilege issues dominate with 53 patches, followed by 41 remote code execution vulnerabilities. The remaining fixes target 18 information disclosure, 8 security feature bypass, 6 denial of service, and 4 spoofing vulnerabilities.
Key products receiving security updates include Windows operating systems, Microsoft Office suite, SharePoint Server, SQL Server, Azure services, Hyper-V virtualization platform, and various Windows components like Graphics, Kernel, Input Method Editor, and networking services.
Administrators should prioritize testing and deployment of patches for the publicly disclosed SQL Server zero-day and the numerous critical remote code execution vulnerabilities affecting Office applications and core Windows components. The high severity and broad attack surfaces of these flaws make prompt patching essential for maintaining security posture against emerging threats.
In July's Patch Tuesday, Microsoft addressed 137 flaws, including one publicly disclosed zero-day vulnerability in Microsoft SQL Server and 14 critical-severity vulnerabilities. This update included patches across categories like elevation of privilege, remote code execution, information disclosure, security feature bypass, denial of service, and spoofing vulnerabilities.
The key affected products in this release span Microsoft's extensive ecosystem, including Windows, Office, SharePoint, SQL Server, Azure, Hyper-V, and numerous Windows components. It is crucial for administrators and end users to apply these security updates promptly to protect their systems from these vulnerabilities.
Key highlights are:
Total Flaws and Zero-Day Vulnerabilities: This update resolves 137 total bugs, with one publicly disclosed zero-day in Microsoft SQL Server (CVE-2025-49719) and 14 critical-severity vulnerabilities.
Critical Flaws: The 14 critical vulnerabilities include multiple remote code execution flaws in Microsoft Office applications, a critical RCE in SharePoint Server, a maximum-rated SPNEGO Extended Negotiation RCE, a Windows KDC Proxy Service RCE, and a Hyper-V Discrete Device Assignment RCE.
Vulnerability Types: Elevation of privilege vulnerabilities lead the volume with 53 instances, followed by 41 remote code execution flaws. Information disclosure (18), security feature bypass (8), denial of service (6), and spoofing (4) round out the remaining categories.
Zero-Day Threats: The lone zero-day CVE-2025-49719 affects Microsoft SQL Server, allowing unauthenticated attackers to access uninitialized memory data. While rated Important rather than Critical, it was publicly disclosed before patches became available.
Critical-Rated Bugs: Major critical vulnerabilities include CVE-2025-47981 (SPNEGO RCE with 9.8 CVSS score), CVE-2025-49735 (KDC Proxy Service RCE), CVE-2025-49704 (SharePoint RCE), multiple Office RCE flaws (CVE-2025-49695, CVE-2025-49696, CVE-2025-49697, CVE-2025-49702), and CVE-2025-48822 (Hyper-V RCE).
Non-Critical Notables: Other significant issues include elevation of privilege vulnerabilities across Windows components, information disclosure flaws in various services, and AMD processor vulnerabilities (CVE-2025-36357, CVE-2025-36350) requiring Windows-based mitigations for transient scheduler attacks.
This July Patch Tuesday represents a substantial security update requiring immediate attention. Apply these updates to close critical vulnerabilities before threats exploit them in enterprise environments.
Microsoft addressed one zero-day vulnerability in the July 2025 Patch Tuesday release. This vulnerability is notable because it was publicly disclosed before patches became available, posing an immediate risk to affected SQL Server environments.
Vulnerability type: Information Disclosure
Affected product: Microsoft SQL Server
CVSS v3 base score: 7.5
Severity rating: Important
This vulnerability allows an unauthenticated remote attacker to access data from uninitialized memory in Microsoft SQL Server due to improper input validation. The flaw affects all supported versions of SQL Server dating back to SQL Server 2016, making it a widespread concern for organizations running SQL Server infrastructure.
Microsoft explains that "improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network." While the type of information that could be disclosed is uninitialized memory—which might contain no valuable data—successful exploitation could potentially reveal sensitive information such as cryptographic key material or other confidential data stored in memory.
The vulnerability receives an Important severity rating rather than Critical, likely due to the unpredictable nature of uninitialized memory content and the skill required to craft effective exploits. However, Microsoft's Exploitability Index rates this as "Exploitation Less Likely," suggesting that while possible, successful exploitation would require significant technical expertise.
Interestingly, Microsoft credits Vladimir Aleksic with Microsoft for discovering this vulnerability, yet it was marked as publicly disclosed, indicating that information about this exploit became available through other sources before the official patch release.
Organizations can remediate this vulnerability by installing the latest version of Microsoft SQL Server and updating to Microsoft OLE DB Driver version 18 or 19. Administrators should carefully review the advisory for guidance on navigating SQL Server's complex update structure, including considerations for General Distribution Release (GDR) versus Cumulative Update (CU) versions to ensure proper patch deployment.
This July Patch Tuesday marks a relatively quiet month for zero-day vulnerabilities compared to previous releases, but the SQL Server disclosure underscores the continuing importance of maintaining current patch levels across database infrastructure.
CVE ID
|
Description
|
CVSSv3
|
Severity
|
---|---|---|---|
CVE-2025-49719
|
Microsoft SQL Server Information Disclosure Vulnerability
|
7.5
|
Important
|
Microsoft's July 2025 Patch Tuesday addressed 14 critical vulnerabilities that pose significant security risks across Windows systems, Office applications, and server infrastructure. These vulnerabilities represent the most severe threats requiring immediate attention from security teams.
Vulnerability type: Remote Code Execution
Affected product: Windows SPNEGO Extended Negotiation
CVSS v3 base score: 9.8
Severity rating: Critical
This vulnerability represents one of the most severe flaws in this month's release, earning the maximum CVSS score of 9.8. The flaw exists in the way Windows servers and clients negotiate to discover mutually supported authentication mechanisms through the Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) and Microsoft's NEGOEX extension.
An unauthenticated remote attacker can exploit this heap-based buffer overflow by sending a specially crafted message to a vulnerable server, potentially achieving remote code execution in a privileged context. The vulnerability affects Windows client machines running Windows 10 version 1607 and above, as well as all current versions of Windows Server.
Microsoft considers this vulnerability "Exploitation More Likely" due to its pre-authentication nature and the significant impact of successful exploitation. While some mitigations exist through Group Policy Objects (GPOs), particularly on domain-joined systems, patching remains the primary defense against this critical threat.
Vulnerability type: Remote Code Execution
Affected product: Windows KDC Proxy Service
CVSS v3 base score: 8.1
Severity rating: Critical
This use-after-free vulnerability affects the Windows Kerberos Key Distribution Center (KDC) Proxy Service, which enables clients to authenticate to Active Directory domains without direct network access to domain controllers. The service is commonly used in remote access scenarios such as Azure Virtual Desktop environments.
An unauthenticated attacker can exploit this flaw by sending crafted applications to exploit cryptographic protocol vulnerabilities, potentially executing arbitrary code on affected systems. While the advisory mentions that exploitation requires winning a race condition, Microsoft still rates this as "Exploitation More Likely."
This marks the second consecutive month that Microsoft has patched a critical KDC Proxy Service vulnerability, following CVE-2025-33071 in June, indicating ongoing security concerns with this authentication infrastructure component.
Multiple critical RCE vulnerabilities affect Microsoft Office applications, including:
CVE-2025-49695, CVE-2025-49696, CVE-2025-49697 - Microsoft Office Remote Code Execution Vulnerabilities
CVSS v3 base scores: 8.4
Severity rating: Critical
These vulnerabilities involve use-after-free, out-of-bounds read, and heap-based buffer overflow flaws that allow unauthenticated attackers to achieve remote code execution simply by convincing users to open specially crafted documents. The critical nature of these flaws is amplified by their potential exploitation through Outlook's preview pane, requiring no user interaction beyond viewing an email.
CVE-2025-49698, CVE-2025-49703 - Microsoft Word Remote Code Execution Vulnerabilities
CVSS v3 base scores: 7.8
Severity rating: Critical
Additional use-after-free vulnerabilities specifically affecting Microsoft Word can be exploited when users open malicious documents, potentially leading to full system compromise.
CVE-2025-49702 - Microsoft Office Remote Code Execution Vulnerability
CVSS v3 base score: 7.8
Severity rating: Critical
This type confusion vulnerability in Microsoft Office presents another vector for unauthenticated code execution through document-based attacks.
Microsoft notes that security updates for these Office vulnerabilities are not yet available for Microsoft Office LTSC for Mac 2021 and 2024 and will be released shortly.
Vulnerability type: Remote Code Execution
Affected product: Microsoft SharePoint
CVSS v3 base score: 8.8
Severity rating: Critical
This code injection vulnerability allows authenticated attackers to execute arbitrary code on SharePoint servers over the network. While the advisory states there is no requirement for elevated privileges, it also indicates that the minimum privilege level needed for exploitation is Site Owner, suggesting some level of administrative access is necessary.
The vulnerability represents a significant threat to SharePoint environments, as successful exploitation could lead to complete server compromise and potential lateral movement within corporate networks.
Vulnerability type: Remote Code Execution
Affected product: Windows Hyper-V
CVSS v3 base score: 8.6
Severity rating: Critical
This out-of-bounds read vulnerability affects Hyper-V's Discrete Device Assignment feature, which allows virtual machines direct access to physical PCI Express devices. An unauthenticated attacker could potentially achieve remote code execution from a guest VM, representing a serious hypervisor escape scenario.
Given Hyper-V's widespread use in enterprise virtualization environments, this vulnerability poses significant risks for cloud and on-premises infrastructure.
CVE-2025-36357 - AMD Transient Scheduler Attack in L1 Data Queue
CVE-2025-36350 - AMD Transient Scheduler Attack in Store Queue
CVSS v3 base scores: 5.6
Severity rating: Critical
These vulnerabilities affect certain AMD processor models and represent transient execution attacks that could lead to information disclosure. While the CVSS scores are moderate, Microsoft rates them as Critical, likely due to the fundamental nature of processor-level security flaws. Mitigation requires Windows updates to implement proper protections against these side-channel attacks.
CVE-2025-49717 - Microsoft SQL Server Remote Code Execution Vulnerability (CVSS 8.5, Critical)
CVE-2025-47980 - Windows Imaging Component Information Disclosure Vulnerability (CVSS 6.2, Critical)
These round out the critical vulnerabilities, affecting database infrastructure and Windows imaging components respectively, requiring immediate attention from administrators managing these services.
CVE ID
|
Description
|
CVSSv3
|
Severity
|
---|---|---|---|
CVE-2025-47981
|
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
|
9.8
|
Critical
|
CVE-2025-49704
|
Microsoft SharePoint Remote Code Execution Vulnerability
|
8.8
|
Critical
|
CVE-2025-48822
|
Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability
|
8.6
|
Critical
|
CVE-2025-49717
|
Microsoft SQL Server Remote Code Execution Vulnerability
|
8.5
|
Critical
|
CVE-2025-49695
|
Microsoft Office Remote Code Execution Vulnerability
|
8.4
|
Critical
|
CVE-2025-49696
|
Microsoft Office Remote Code Execution Vulnerability
|
8.4
|
Critical
|
CVE-2025-49697
|
Microsoft Office Remote Code Execution Vulnerability
|
8.4
|
Critical
|
CVE-2025-49735
|
Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
|
8.1
|
Critical
|
CVE-2025-49698
|
Microsoft Word Remote Code Execution Vulnerability
|
7.8
|
Critical
|
CVE-2025-49703
|
Microsoft Word Remote Code Execution Vulnerability
|
7.8
|
Critical
|
CVE-2025-49702
|
Microsoft Office Remote Code Execution Vulnerability
|
7.8
|
Critical
|
CVE-2025-47980
|
Windows Imaging Component Information Disclosure Vulnerability
|
6.2
|
Critical
|
CVE-2025-36357
|
AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue
|
5.6
|
Critical
|
CVE-2025-36350
|
AMD: CVE-2025-36350 Transient Scheduler Attack in Store Queue
|
5.6
|
Critical
|
In total, 137 vulnerabilities were addressed in July's Patch Tuesday. Elevation of privilege issues top the list with 53 patches, followed by 41 remote code execution and 18 information disclosure vulnerabilities. The rest consist of 8 security feature bypass, 6 denial of service, and 4 spoofing flaws.
Here is the breakdown of the categories patched this month:
Elevation of Privilege – 53
Remote Code Execution – 41
Information Disclosure – 18
Security Feature Bypass – 8
Denial of Service – 6
Spoofing – 4
The prominence of elevation of privilege vulnerabilities reflects ongoing challenges in Windows component security, where attackers seek to escalate their access levels within compromised systems. Remote code execution vulnerabilities represent the second-largest category, highlighting the continued focus on preventing attackers from executing arbitrary code on target systems.
Of particular note, 11 of the 41 remote code execution vulnerabilities received critical severity ratings, emphasizing their potential for immediate exploitation and significant system compromise. The single critical information disclosure vulnerability among the 18 in that category demonstrates that even data exposure flaws can pose severe security risks under certain circumstances.
The relatively smaller numbers of security feature bypass, denial of service, and spoofing vulnerabilities indicate that while these attack vectors remain relevant, they constitute a smaller portion of the overall threat landscape addressed in this release.
The table below shows the CVE IDs mapped to these vulnerability types from Microsoft's July 2025 Patch Tuesday:
Vulnerability Category
|
CVE IDs
|
---|---|
Elevation of Privilege
|
CVE-2025-49690, CVE-2025-48816, CVE-2025-49675, CVE-2025-49677, CVE-2025-49694, CVE-2025-49693, CVE-2025-49732, CVE-2025-49744, CVE-2025-49687, CVE-2025-47991, CVE-2025-47972, CVE-2025-47994, CVE-2025-47993, CVE-2025-49738, CVE-2025-49731, CVE-2025-49737, CVE-2025-49730, CVE-2025-49685, CVE-2025-47986, CVE-2025-47971, CVE-2025-49689, CVE-2025-47973, CVE-2025-49739, CVE-2025-49661, CVE-2025-48820, CVE-2025-48000, CVE-2025-47987, CVE-2025-47985, CVE-2025-49660, CVE-2025-49721, CVE-2025-47996, CVE-2025-49682, CVE-2025-49726, CVE-2025-49725, CVE-2025-49678, CVE-2025-49354, CVE-2025-49355, CVE-2025-49405, CVE-2025-47976, CVE-2025-47975, CVE-2025-48815, CVE-2025-49679, CVE-2025-48819, CVE-2025-48821, CVE-2025-47982, CVE-2025-49686, CVE-2025-49659, CVE-2025-47159, CVE-2025-48811, CVE-2025-48803, CVE-2025-49727, CVE-2025-49733, CVE-2025-49667, CVE-2025-49665
|
Remote Code Execution
|
CVE-2025-47988, CVE-2025-49742, CVE-2025-48806, CVE-2025-48805, CVE-2025-49697, CVE-2025-49695, CVE-2025-49696, CVE-2025-49699, CVE-2025-49702, CVE-2025-49711, CVE-2025-49705, CVE-2025-49701, CVE-2025-49704, CVE-2025-49703, CVE-2025-49698, CVE-2025-49700, CVE-2025-48817, CVE-2025-48822, CVE-2025-49717, CVE-2025-49683, CVE-2025-47178, CVE-2025-49714, CVE-2025-49724, CVE-2025-49691, CVE-2025-49666, CVE-2025-49735, CVE-2025-47981, CVE-2025-49688, CVE-2025-49676, CVE-2025-49672, CVE-2025-49670, CVE-2025-49671, CVE-2025-49753, CVE-2025-49729, CVE-2025-49673, CVE-2025-49674, CVE-2025-49669, CVE-2025-49663, CVE-2025-49668, CVE-2025-49657, CVE-2025-47998, CVE-2025-48824
|
Information Disclosure
|
CVE-2025-48812, CVE-2025-49719, CVE-2025-49718, CVE-2025-48002, CVE-2025-49684, CVE-2025-47984, CVE-2025-47980, CVE-2025-48823, CVE-2025-26636, CVE-2025-48809, CVE-2025-48808, CVE-2025-48810, CVE-2025-49664, CVE-2025-49658, CVE-2025-49671, CVE-2025-49681, CVE-2025-36357, CVE-2025-36350
|
Security Feature Bypass
|
CVE-2025-49756, CVE-2025-48818, CVE-2025-48001, CVE-2025-48804, CVE-2025-48003, CVE-2025-48800, CVE-2025-49740, CVE-2025-48814
|
Denial of Service
|
CVE-2025-47999, CVE-2025-49716, CVE-2025-49680, CVE-2025-49722, CVE-2025-47978, CVE-2025-49760
|
Spoofing
|
CVE-2025-33054, CVE-2025-49706, CVE-2025-48802, CVE-2025-49760
|
Microsoft's July 2025 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the applications and product components that have received patches:
Product Name
|
No. of Vulnerabilities Patched
|
---|---|
Windows Routing and Remote Access Service (RRAS)
|
16
|
Microsoft Office
|
10
|
Windows BitLocker
|
5
|
Virtual Hard Disk (VHDX)
|
4
|
Microsoft Input Method Editor (IME)
|
3
|
Microsoft Brokering File System
|
3
|
Windows Hyper-V
|
3
|
Windows SSDP Service
|
3
|
Windows Universal Plug and Play (UPnP) Device Host
|
2
|
Windows Event Tracing
|
2
|
Windows Graphics Component
|
2
|
Windows Notification
|
2
|
Windows Secure Kernel Mode
|
2
|
Microsoft MPEG-2 Video Extension
|
2
|
Microsoft PC Manager
|
2
|
Microsoft Teams
|
2
|
SQL Server
|
2
|
Windows Connected Devices Platform Service
|
2
|
Windows TDX.sys
|
2
|
Windows Virtualization-Based Security (VBS) Enclave
|
2
|
Windows Win32K
|
2
|
AMD Processor Components
|
2
|
Azure Monitor Agent
|
1
|
Capability Access Management Service (camsvc)
|
1
|
HID Class Driver
|
1
|
Kernel Streaming WOW Thunk Service Driver
|
1
|
Microsoft Configuration Manager
|
1
|
Microsoft Office Excel
|
1
|
Microsoft Office PowerPoint
|
1
|
Microsoft Office SharePoint
|
1
|
Microsoft Office Word
|
1
|
Microsoft Windows QoS Scheduler
|
1
|
Microsoft Windows Search Component
|
1
|
Office Developer Platform
|
1
|
Remote Desktop Client
|
1
|
Service Fabric
|
1
|
Storage Port Driver
|
1
|
Universal Print Management Service
|
1
|
Visual Studio
|
1
|
Visual Studio Code - Python Extension
|
1
|
Windows Ancillary Function Driver for WinSock
|
1
|
Windows AppX Deployment Service
|
1
|
Windows Cred SSProvider Protocol
|
1
|
Windows Cryptographic Services
|
1
|
Windows Fast FAT Driver
|
1
|
Windows GDI
|
1
|
Windows Imaging Component
|
1
|
Windows KDC Proxy Service (KPSSVC)
|
1
|
Windows Kerberos
|
1
|
Windows Kernel
|
1
|
Windows MBT Transport Driver
|
1
|
Windows Media
|
1
|
Windows NTFS
|
1
|
Windows Netlogon
|
1
|
Windows Performance Recorder
|
1
|
Windows Print Spooler Components
|
1
|
Windows Remote Desktop Licensing Service
|
1
|
Windows Shell
|
1
|
Windows SmartScreen
|
1
|
Windows SMB
|
1
|
Windows SPNEGO Extended Negotiation
|
1
|
Windows StateRepository API
|
1
|
Windows Storage
|
1
|
Windows Storage VSP Driver
|
1
|
Windows TCP/IP
|
1
|
Windows Update Service
|
1
|
Windows User-Mode Driver Framework Host
|
1
|
Workspace Broker
|
1
|
This extensive list demonstrates the broad scope of Microsoft's July 2025 security updates, covering core operating system components, productivity applications, server infrastructure, development tools, and cloud services across the Microsoft ecosystem.
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Microsoft PC Manager Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Azure Monitor Agent Remote Code Execution Vulnerability
|
No
|
No
|
7.5
|
|
Azure Service Fabric Runtime Elevation of Privilege Vulnerability
|
No
|
No
|
6
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
|
No
|
No
|
7.4
|
|
Chromium: CVE-2025-6554 Type Confusion in V8
|
No
|
No
|
N/A
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Visual Studio Elevation of Privilege Vulnerability
|
No
|
No
|
8.8
|
|
Visual Studio Code Python Extension Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
MITRE: CVE-2025-48386 Git Credential Helper Vulnerability
|
No
|
No
|
N/A
|
|
MITRE: CVE-2025-48385 Git Protocol Injection Vulnerability
|
No
|
No
|
N/A
|
|
MITRE: CVE-2025-48384 Git Symlink Vulnerability
|
No
|
No
|
N/A
|
|
MITRE: CVE-2025-46835 Git File Overwrite Vulnerability
|
No
|
No
|
N/A
|
|
MITRE: CVE-2025-46334 Git Malicious Shell Vulnerability
|
No
|
No
|
N/A
|
|
MITRE: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability
|
No
|
No
|
N/A
|
|
MITRE: CVE-2025-27613 Gitk Arguments Vulnerability
|
No
|
No
|
N/A
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
|
No
|
No
|
9.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
|
No
|
No
|
8.8
|
|
Universal Print Management Service Elevation of Privilege Vulnerability
|
No
|
No
|
8.8
|
|
Remote Desktop Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
|
No
|
No
|
8.1
|
|
Workspace Broker Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows TCP/IP Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Shell Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows MBT Transport Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Graphics Component Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Windows Graphics Component Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Event Tracing Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Event Tracing Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Virtual Hard Disk Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
HID Class Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows GDI Information Disclosure Vulnerability
|
No
|
No
|
7.5
|
|
Remote Desktop Licensing Service Security Feature Bypass Vulnerability
|
No
|
No
|
7.5
|
|
Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
|
No
|
No
|
7.1
|
|
Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
|
No
|
No
|
7.1
|
|
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
|
No
|
No
|
7
|
|
Win32k Elevation of Privilege Vulnerability
|
No
|
No
|
7
|
|
NTFS Elevation of Privilege Vulnerability
|
No
|
No
|
7
|
|
BitLocker Security Feature Bypass Vulnerability
|
No
|
No
|
6.8
|
|
BitLocker Security Feature Bypass Vulnerability
|
No
|
No
|
6.8
|
|
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|
No
|
No
|
6.5
|
|
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|
No
|
No
|
6.5
|
|
Windows Imaging Component Information Disclosure Vulnerability
|
No
|
No
|
6.2
|
|
Windows Netlogon Denial of Service Vulnerability
|
No
|
No
|
5.9
|
|
Windows Print Spooler Denial of Service Vulnerability
|
No
|
No
|
5.7
|
|
Windows User-Mode Driver Framework Host Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Storage Port Driver Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Kernel Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Microsoft SharePoint Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Microsoft SharePoint Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Microsoft Office Remote Code Execution Vulnerability
|
No
|
No
|
8.4
|
|
Microsoft Office Remote Code Execution Vulnerability
|
No
|
No
|
8.4
|
|
Microsoft Office Remote Code Execution Vulnerability
|
No
|
No
|
8.4
|
|
Microsoft Word Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Word Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Word Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft PowerPoint Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Office Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Office Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Excel Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Teams Elevation of Privilege Vulnerability
|
No
|
No
|
7
|
|
Microsoft Office Remote Code Execution Vulnerability
|
No
|
No
|
7
|
|
Microsoft SharePoint Server Spoofing Vulnerability
|
No
|
No
|
6.3
|
|
Microsoft Excel Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Office Developer Platform Security Feature Bypass Vulnerability
|
No
|
No
|
3.3
|
|
Microsoft Teams Elevation of Privilege Vulnerability
|
No
|
No
|
3.1
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Microsoft SQL Server Remote Code Execution Vulnerability
|
No
|
No
|
8.5
|
|
Microsoft SQL Server Information Disclosure Vulnerability
|
No
|
Yes
|
7.5
|
|
Microsoft SQL Server Information Disclosure Vulnerability
|
No
|
No
|
7.5
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Microsoft Configuration Manager Remote Code Execution Vulnerability
|
No
|
No
|
8
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Windows StateRepository API Server file Tampering Vulnerability
|
No
|
No
|
8.8
|
|
Windows SmartScreen Security Feature Bypass Vulnerability
|
No
|
No
|
8.8
|
|
Windows Connected Devices Platform Service Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability
|
No
|
No
|
8.6
|
|
Remote Desktop Spoofing Vulnerability
|
No
|
No
|
8.1
|
|
Windows Miracast Wireless Display Remote Code Execution Vulnerability
|
No
|
No
|
8
|
|
Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
|
No
|
No
|
8
|
|
Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Update Service Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Storage VSP Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Notification Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Notification Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows AppX Deployment Service Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Win32k Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft PC Manager Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Brokering File System Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Brokering File System Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
|
No
|
No
|
7.4
|
|
Windows Performance Recorder (WPR) Denial of Service Vulnerability
|
No
|
No
|
7.3
|
|
Windows Media Elevation of Privilege Vulnerability
|
No
|
No
|
7.3
|
|
Windows Server Setup and Boot Event Collection Remote Code Execution Vulnerability
|
No
|
No
|
7.2
|
|
Windows Search Service Elevation of Privilege Vulnerability
|
No
|
No
|
7
|
|
Windows Graphics Component Elevation of Privilege Vulnerability
|
No
|
No
|
7
|
|
Microsoft Brokering File System Elevation of Privilege Vulnerability
|
No
|
No
|
7
|
|
Windows Hyper-V Denial of Service Vulnerability
|
No
|
No
|
6.8
|
|
BitLocker Security Feature Bypass Vulnerability
|
No
|
No
|
6.8
|
|
BitLocker Security Feature Bypass Vulnerability
|
No
|
No
|
6.8
|
|
BitLocker Security Feature Bypass Vulnerability
|
No
|
No
|
6.8
|
|
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
|
No
|
No
|
6.7
|
|
Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability
|
No
|
No
|
6.7
|
|
Windows SMB Server Spoofing Vulnerability
|
No
|
No
|
6.5
|
|
Windows Kerberos Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
Windows Cryptographic Services Information Disclosure Vulnerability
|
No
|
No
|
5.9
|
|
Windows Hyper-V Information Disclosure Vulnerability
|
No
|
No
|
5.7
|
|
AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue
|
No
|
No
|
5.6
|
|
AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue
|
No
|
No
|
5.6
|
|
Windows Secure Kernel Mode Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Secure Kernel Mode Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Kernel Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Storage Spoofing Vulnerability
|
No
|
No
|
3.5
|
Microsoft's July 2025 Patch Tuesday addressed 137 vulnerabilities, including one publicly disclosed zero-day in Microsoft SQL Server and 14 critical-severity flaws affecting Windows, Office, SharePoint, and other key products.
This release fixed a variety of vulnerability types, with elevation of privilege issues being most prevalent at 53 instances. Remote code execution ranked second with 41 patches issued. Among the critical bugs are a maximum-rated SPNEGO Extended Negotiation RCE, multiple Office application RCEs, a SharePoint Server RCE, and a Hyper-V Discrete Device Assignment RCE.
The publicly disclosed zero-day CVE-2025-49719 affects Microsoft SQL Server, allowing unauthenticated attackers to access uninitialized memory data. While rated Important, this information disclosure vulnerability requires immediate attention due to its public disclosure status and broad impact across SQL Server environments.
Critical vulnerabilities addressed this month include CVE-2025-47981 with a maximum 9.8 CVSS score for SPNEGO Extended Negotiation RCE, CVE-2025-49735 affecting Windows KDC Proxy Service, and multiple Office application RCEs that can be exploited through document-based attacks or preview pane interactions. The SharePoint RCE (CVE-2025-49704) and Hyper-V vulnerability (CVE-2025-48822) also pose significant risks to server infrastructure.
Alongside the critical problems, numerous important-rated issues were remediated, including elevation of privilege vulnerabilities across Windows components, information disclosure flaws in various services, and security feature bypass issues in BitLocker. AMD processor vulnerabilities also received Windows-based mitigations for transient scheduler attacks.
Overall, July's patches close 137 security gaps across Microsoft's portfolio, with particular emphasis on preventing code execution and privilege escalation attacks. Immediate patching is essential for the SQL Server zero-day and critical Office vulnerabilities that require minimal user interaction for exploitation.
CVE ID
|
Description
|
CVSSv3
|
Severity
|
---|---|---|---|
CVE-2025-47981
|
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
|
9.8
|
Critical
|
CVE-2025-49704
|
Microsoft SharePoint Remote Code Execution Vulnerability
|
8.8
|
Critical
|
CVE-2025-48822
|
Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability
|
8.6
|
Critical
|
CVE-2025-49717
|
Microsoft SQL Server Remote Code Execution Vulnerability
|
8.5
|
Critical
|
CVE-2025-49695
|
Microsoft Office Remote Code Execution Vulnerability
|
8.4
|
Critical
|
CVE-2025-49696
|
Microsoft Office Remote Code Execution Vulnerability
|
8.4
|
Critical
|
CVE-2025-49697
|
Microsoft Office Remote Code Execution Vulnerability
|
8.4
|
Critical
|
We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.
You may also like these articles:
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.