Table of Contents
  • Home
  • /
  • Blog
  • /
  • Breaking Down the Latest July 2025 Patch Tuesday Report
July 9, 2025
|
25m

Breaking Down the Latest July 2025 Patch Tuesday Report


A person examines business graphs with a magnifying glass beside the title "Patch Tuesday July 2025" on a red background.

Microsoft has released its July 2025 Patch Tuesday security updates, addressing 137 vulnerabilities across Windows, Office, SharePoint, SQL Server, Azure, and other products. This month's release includes fixes for one publicly disclosed zero-day vulnerability and 14 critical-severity flaws.

The single zero-day vulnerability is CVE-2025-49719, an information disclosure flaw in Microsoft SQL Server that was publicly disclosed before patches became available. While rated as Important rather than Critical, this vulnerability allows unauthenticated attackers to access data from uninitialized memory.

Among the 14 critical vulnerabilities, several stand out as particularly concerning. CVE-2025-47981 scores a maximum CVSS rating of 9.8 for a remote code execution flaw in Windows SPNEGO Extended Negotiation that requires no authentication. CVE-2025-49735 affects Windows KDC Proxy Service with another critical RCE vulnerability. Microsoft Office components received multiple critical RCE fixes, including CVE-2025-49695, CVE-2025-49696, CVE-2025-49697, and CVE-2025-49702, which can be exploited simply by opening malicious documents or through preview pane interactions.

Additional critical threats include CVE-2025-49704 in Microsoft SharePoint, CVE-2025-48822 in Windows Hyper-V Discrete Device Assignment, and two AMD processor vulnerabilities (CVE-2025-36357 and CVE-2025-36350) related to transient scheduler attacks requiring Windows-based mitigations.

This release addresses various vulnerability types spanning multiple attack vectors. Elevation of privilege issues dominate with 53 patches, followed by 41 remote code execution vulnerabilities. The remaining fixes target 18 information disclosure, 8 security feature bypass, 6 denial of service, and 4 spoofing vulnerabilities.

Key products receiving security updates include Windows operating systems, Microsoft Office suite, SharePoint Server, SQL Server, Azure services, Hyper-V virtualization platform, and various Windows components like Graphics, Kernel, Input Method Editor, and networking services.

Administrators should prioritize testing and deployment of patches for the publicly disclosed SQL Server zero-day and the numerous critical remote code execution vulnerabilities affecting Office applications and core Windows components. The high severity and broad attack surfaces of these flaws make prompt patching essential for maintaining security posture against emerging threats.

Key Highlights - Patch Tuesday July 2025

In July's Patch Tuesday, Microsoft addressed 137 flaws, including one publicly disclosed zero-day vulnerability in Microsoft SQL Server and 14 critical-severity vulnerabilities. This update included patches across categories like elevation of privilege, remote code execution, information disclosure, security feature bypass, denial of service, and spoofing vulnerabilities.

The key affected products in this release span Microsoft's extensive ecosystem, including Windows, Office, SharePoint, SQL Server, Azure, Hyper-V, and numerous Windows components. It is crucial for administrators and end users to apply these security updates promptly to protect their systems from these vulnerabilities.

Key highlights are:

  1. Total Flaws and Zero-Day Vulnerabilities: This update resolves 137 total bugs, with one publicly disclosed zero-day in Microsoft SQL Server (CVE-2025-49719) and 14 critical-severity vulnerabilities.

  2. Critical Flaws: The 14 critical vulnerabilities include multiple remote code execution flaws in Microsoft Office applications, a critical RCE in SharePoint Server, a maximum-rated SPNEGO Extended Negotiation RCE, a Windows KDC Proxy Service RCE, and a Hyper-V Discrete Device Assignment RCE.

  3. Vulnerability Types: Elevation of privilege vulnerabilities lead the volume with 53 instances, followed by 41 remote code execution flaws. Information disclosure (18), security feature bypass (8), denial of service (6), and spoofing (4) round out the remaining categories.

  4. Zero-Day Threats: The lone zero-day CVE-2025-49719 affects Microsoft SQL Server, allowing unauthenticated attackers to access uninitialized memory data. While rated Important rather than Critical, it was publicly disclosed before patches became available.

  5. Critical-Rated Bugs: Major critical vulnerabilities include CVE-2025-47981 (SPNEGO RCE with 9.8 CVSS score), CVE-2025-49735 (KDC Proxy Service RCE), CVE-2025-49704 (SharePoint RCE), multiple Office RCE flaws (CVE-2025-49695, CVE-2025-49696, CVE-2025-49697, CVE-2025-49702), and CVE-2025-48822 (Hyper-V RCE).

  6. Non-Critical Notables: Other significant issues include elevation of privilege vulnerabilities across Windows components, information disclosure flaws in various services, and AMD processor vulnerabilities (CVE-2025-36357, CVE-2025-36350) requiring Windows-based mitigations for transient scheduler attacks.

This July Patch Tuesday represents a substantial security update requiring immediate attention. Apply these updates to close critical vulnerabilities before threats exploit them in enterprise environments.

Zero-day Vulnerabilities Patched in July 2025

Microsoft addressed one zero-day vulnerability in the July 2025 Patch Tuesday release. This vulnerability is notable because it was publicly disclosed before patches became available, posing an immediate risk to affected SQL Server environments.

CVE-2025-49719 - Microsoft SQL Server Information Disclosure Vulnerability

Vulnerability type: Information Disclosure

Affected product: Microsoft SQL Server

CVSS v3 base score: 7.5

Severity rating: Important

This vulnerability allows an unauthenticated remote attacker to access data from uninitialized memory in Microsoft SQL Server due to improper input validation. The flaw affects all supported versions of SQL Server dating back to SQL Server 2016, making it a widespread concern for organizations running SQL Server infrastructure.

Microsoft explains that "improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network." While the type of information that could be disclosed is uninitialized memory—which might contain no valuable data—successful exploitation could potentially reveal sensitive information such as cryptographic key material or other confidential data stored in memory.

The vulnerability receives an Important severity rating rather than Critical, likely due to the unpredictable nature of uninitialized memory content and the skill required to craft effective exploits. However, Microsoft's Exploitability Index rates this as "Exploitation Less Likely," suggesting that while possible, successful exploitation would require significant technical expertise.

Interestingly, Microsoft credits Vladimir Aleksic with Microsoft for discovering this vulnerability, yet it was marked as publicly disclosed, indicating that information about this exploit became available through other sources before the official patch release.

Organizations can remediate this vulnerability by installing the latest version of Microsoft SQL Server and updating to Microsoft OLE DB Driver version 18 or 19. Administrators should carefully review the advisory for guidance on navigating SQL Server's complex update structure, including considerations for General Distribution Release (GDR) versus Cumulative Update (CU) versions to ensure proper patch deployment.

This July Patch Tuesday marks a relatively quiet month for zero-day vulnerabilities compared to previous releases, but the SQL Server disclosure underscores the continuing importance of maintaining current patch levels across database infrastructure.

CVE ID
Description
CVSSv3
Severity
CVE-2025-49719
Microsoft SQL Server Information Disclosure Vulnerability
7.5
Important

Critical Vulnerabilities Patched in July 2025

Microsoft's July 2025 Patch Tuesday addressed 14 critical vulnerabilities that pose significant security risks across Windows systems, Office applications, and server infrastructure. These vulnerabilities represent the most severe threats requiring immediate attention from security teams.

CVE-2025-47981 - SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

Vulnerability type: Remote Code Execution

Affected product: Windows SPNEGO Extended Negotiation

CVSS v3 base score: 9.8

Severity rating: Critical

This vulnerability represents one of the most severe flaws in this month's release, earning the maximum CVSS score of 9.8. The flaw exists in the way Windows servers and clients negotiate to discover mutually supported authentication mechanisms through the Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) and Microsoft's NEGOEX extension.

An unauthenticated remote attacker can exploit this heap-based buffer overflow by sending a specially crafted message to a vulnerable server, potentially achieving remote code execution in a privileged context. The vulnerability affects Windows client machines running Windows 10 version 1607 and above, as well as all current versions of Windows Server.

Microsoft considers this vulnerability "Exploitation More Likely" due to its pre-authentication nature and the significant impact of successful exploitation. While some mitigations exist through Group Policy Objects (GPOs), particularly on domain-joined systems, patching remains the primary defense against this critical threat.

CVE-2025-49735 - Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability

Vulnerability type: Remote Code Execution

Affected product: Windows KDC Proxy Service

CVSS v3 base score: 8.1

Severity rating: Critical

This use-after-free vulnerability affects the Windows Kerberos Key Distribution Center (KDC) Proxy Service, which enables clients to authenticate to Active Directory domains without direct network access to domain controllers. The service is commonly used in remote access scenarios such as Azure Virtual Desktop environments.

An unauthenticated attacker can exploit this flaw by sending crafted applications to exploit cryptographic protocol vulnerabilities, potentially executing arbitrary code on affected systems. While the advisory mentions that exploitation requires winning a race condition, Microsoft still rates this as "Exploitation More Likely."

This marks the second consecutive month that Microsoft has patched a critical KDC Proxy Service vulnerability, following CVE-2025-33071 in June, indicating ongoing security concerns with this authentication infrastructure component.

Microsoft Office Critical Remote Code Execution Vulnerabilities

Multiple critical RCE vulnerabilities affect Microsoft Office applications, including:

CVE-2025-49695, CVE-2025-49696, CVE-2025-49697 - Microsoft Office Remote Code Execution Vulnerabilities

CVSS v3 base scores: 8.4

Severity rating: Critical

These vulnerabilities involve use-after-free, out-of-bounds read, and heap-based buffer overflow flaws that allow unauthenticated attackers to achieve remote code execution simply by convincing users to open specially crafted documents. The critical nature of these flaws is amplified by their potential exploitation through Outlook's preview pane, requiring no user interaction beyond viewing an email.

CVE-2025-49698, CVE-2025-49703 - Microsoft Word Remote Code Execution Vulnerabilities

CVSS v3 base scores: 7.8

Severity rating: Critical

Additional use-after-free vulnerabilities specifically affecting Microsoft Word can be exploited when users open malicious documents, potentially leading to full system compromise.

CVE-2025-49702 - Microsoft Office Remote Code Execution Vulnerability

CVSS v3 base score: 7.8

Severity rating: Critical

This type confusion vulnerability in Microsoft Office presents another vector for unauthenticated code execution through document-based attacks.

Microsoft notes that security updates for these Office vulnerabilities are not yet available for Microsoft Office LTSC for Mac 2021 and 2024 and will be released shortly.

CVE-2025-49704 - Microsoft SharePoint Remote Code Execution Vulnerability

Vulnerability type: Remote Code Execution

Affected product: Microsoft SharePoint

CVSS v3 base score: 8.8

Severity rating: Critical

This code injection vulnerability allows authenticated attackers to execute arbitrary code on SharePoint servers over the network. While the advisory states there is no requirement for elevated privileges, it also indicates that the minimum privilege level needed for exploitation is Site Owner, suggesting some level of administrative access is necessary.

The vulnerability represents a significant threat to SharePoint environments, as successful exploitation could lead to complete server compromise and potential lateral movement within corporate networks.

CVE-2025-48822 - Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability

Vulnerability type: Remote Code Execution

Affected product: Windows Hyper-V

CVSS v3 base score: 8.6

Severity rating: Critical

This out-of-bounds read vulnerability affects Hyper-V's Discrete Device Assignment feature, which allows virtual machines direct access to physical PCI Express devices. An unauthenticated attacker could potentially achieve remote code execution from a guest VM, representing a serious hypervisor escape scenario.

Given Hyper-V's widespread use in enterprise virtualization environments, this vulnerability poses significant risks for cloud and on-premises infrastructure.

AMD Processor Vulnerabilities

CVE-2025-36357 - AMD Transient Scheduler Attack in L1 Data Queue

CVE-2025-36350 - AMD Transient Scheduler Attack in Store Queue

CVSS v3 base scores: 5.6

Severity rating: Critical

These vulnerabilities affect certain AMD processor models and represent transient execution attacks that could lead to information disclosure. While the CVSS scores are moderate, Microsoft rates them as Critical, likely due to the fundamental nature of processor-level security flaws. Mitigation requires Windows updates to implement proper protections against these side-channel attacks.

Additional Critical Vulnerabilities

CVE-2025-49717 - Microsoft SQL Server Remote Code Execution Vulnerability (CVSS 8.5, Critical)

CVE-2025-47980 - Windows Imaging Component Information Disclosure Vulnerability (CVSS 6.2, Critical)

These round out the critical vulnerabilities, affecting database infrastructure and Windows imaging components respectively, requiring immediate attention from administrators managing these services.

CVE ID
Description
CVSSv3
Severity
CVE-2025-47981
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
9.8
Critical
CVE-2025-49704
Microsoft SharePoint Remote Code Execution Vulnerability
8.8
Critical
CVE-2025-48822
Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability
8.6
Critical
CVE-2025-49717
Microsoft SQL Server Remote Code Execution Vulnerability
8.5
Critical
CVE-2025-49695
Microsoft Office Remote Code Execution Vulnerability
8.4
Critical
CVE-2025-49696
Microsoft Office Remote Code Execution Vulnerability
8.4
Critical
CVE-2025-49697
Microsoft Office Remote Code Execution Vulnerability
8.4
Critical
CVE-2025-49735
Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
8.1
Critical
CVE-2025-49698
Microsoft Word Remote Code Execution Vulnerability
7.8
Critical
CVE-2025-49703
Microsoft Word Remote Code Execution Vulnerability
7.8
Critical
CVE-2025-49702
Microsoft Office Remote Code Execution Vulnerability
7.8
Critical
CVE-2025-47980
Windows Imaging Component Information Disclosure Vulnerability
6.2
Critical
CVE-2025-36357
AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue
5.6
Critical
CVE-2025-36350
AMD: CVE-2025-36350 Transient Scheduler Attack in Store Queue
5.6
Critical

Vulnerabilities by Category

In total, 137 vulnerabilities were addressed in July's Patch Tuesday. Elevation of privilege issues top the list with 53 patches, followed by 41 remote code execution and 18 information disclosure vulnerabilities. The rest consist of 8 security feature bypass, 6 denial of service, and 4 spoofing flaws.

Here is the breakdown of the categories patched this month:

  1. Elevation of Privilege – 53

  2. Remote Code Execution – 41

  3. Information Disclosure – 18

  4. Security Feature Bypass – 8

  5. Denial of Service – 6

  6. Spoofing – 4

The prominence of elevation of privilege vulnerabilities reflects ongoing challenges in Windows component security, where attackers seek to escalate their access levels within compromised systems. Remote code execution vulnerabilities represent the second-largest category, highlighting the continued focus on preventing attackers from executing arbitrary code on target systems.

Of particular note, 11 of the 41 remote code execution vulnerabilities received critical severity ratings, emphasizing their potential for immediate exploitation and significant system compromise. The single critical information disclosure vulnerability among the 18 in that category demonstrates that even data exposure flaws can pose severe security risks under certain circumstances.

The relatively smaller numbers of security feature bypass, denial of service, and spoofing vulnerabilities indicate that while these attack vectors remain relevant, they constitute a smaller portion of the overall threat landscape addressed in this release.

The table below shows the CVE IDs mapped to these vulnerability types from Microsoft's July 2025 Patch Tuesday:

Vulnerability Category
CVE IDs
Elevation of Privilege
CVE-2025-49690, CVE-2025-48816, CVE-2025-49675, CVE-2025-49677, CVE-2025-49694, CVE-2025-49693, CVE-2025-49732, CVE-2025-49744, CVE-2025-49687, CVE-2025-47991, CVE-2025-47972, CVE-2025-47994, CVE-2025-47993, CVE-2025-49738, CVE-2025-49731, CVE-2025-49737, CVE-2025-49730, CVE-2025-49685, CVE-2025-47986, CVE-2025-47971, CVE-2025-49689, CVE-2025-47973, CVE-2025-49739, CVE-2025-49661, CVE-2025-48820, CVE-2025-48000, CVE-2025-47987, CVE-2025-47985, CVE-2025-49660, CVE-2025-49721, CVE-2025-47996, CVE-2025-49682, CVE-2025-49726, CVE-2025-49725, CVE-2025-49678, CVE-2025-49354, CVE-2025-49355, CVE-2025-49405, CVE-2025-47976, CVE-2025-47975, CVE-2025-48815, CVE-2025-49679, CVE-2025-48819, CVE-2025-48821, CVE-2025-47982, CVE-2025-49686, CVE-2025-49659, CVE-2025-47159, CVE-2025-48811, CVE-2025-48803, CVE-2025-49727, CVE-2025-49733, CVE-2025-49667, CVE-2025-49665
Remote Code Execution
CVE-2025-47988, CVE-2025-49742, CVE-2025-48806, CVE-2025-48805, CVE-2025-49697, CVE-2025-49695, CVE-2025-49696, CVE-2025-49699, CVE-2025-49702, CVE-2025-49711, CVE-2025-49705, CVE-2025-49701, CVE-2025-49704, CVE-2025-49703, CVE-2025-49698, CVE-2025-49700, CVE-2025-48817, CVE-2025-48822, CVE-2025-49717, CVE-2025-49683, CVE-2025-47178, CVE-2025-49714, CVE-2025-49724, CVE-2025-49691, CVE-2025-49666, CVE-2025-49735, CVE-2025-47981, CVE-2025-49688, CVE-2025-49676, CVE-2025-49672, CVE-2025-49670, CVE-2025-49671, CVE-2025-49753, CVE-2025-49729, CVE-2025-49673, CVE-2025-49674, CVE-2025-49669, CVE-2025-49663, CVE-2025-49668, CVE-2025-49657, CVE-2025-47998, CVE-2025-48824
Information Disclosure
CVE-2025-48812, CVE-2025-49719, CVE-2025-49718, CVE-2025-48002, CVE-2025-49684, CVE-2025-47984, CVE-2025-47980, CVE-2025-48823, CVE-2025-26636, CVE-2025-48809, CVE-2025-48808, CVE-2025-48810, CVE-2025-49664, CVE-2025-49658, CVE-2025-49671, CVE-2025-49681, CVE-2025-36357, CVE-2025-36350
Security Feature Bypass
CVE-2025-49756, CVE-2025-48818, CVE-2025-48001, CVE-2025-48804, CVE-2025-48003, CVE-2025-48800, CVE-2025-49740, CVE-2025-48814
Denial of Service
CVE-2025-47999, CVE-2025-49716, CVE-2025-49680, CVE-2025-49722, CVE-2025-47978, CVE-2025-49760
Spoofing
CVE-2025-33054, CVE-2025-49706, CVE-2025-48802, CVE-2025-49760

List of Products Patched in July 2025 Patch Tuesday Report

Microsoft's July 2025 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the applications and product components that have received patches:

Product Name
No. of Vulnerabilities Patched
Windows Routing and Remote Access Service (RRAS)
16
Microsoft Office
10
Windows BitLocker
5
Virtual Hard Disk (VHDX)
4
Microsoft Input Method Editor (IME)
3
Microsoft Brokering File System
3
Windows Hyper-V
3
Windows SSDP Service
3
Windows Universal Plug and Play (UPnP) Device Host
2
Windows Event Tracing
2
Windows Graphics Component
2
Windows Notification
2
Windows Secure Kernel Mode
2
Microsoft MPEG-2 Video Extension
2
Microsoft PC Manager
2
Microsoft Teams
2
SQL Server
2
Windows Connected Devices Platform Service
2
Windows TDX.sys
2
Windows Virtualization-Based Security (VBS) Enclave
2
Windows Win32K
2
AMD Processor Components
2
Azure Monitor Agent
1
Capability Access Management Service (camsvc)
1
HID Class Driver
1
Kernel Streaming WOW Thunk Service Driver
1
Microsoft Configuration Manager
1
Microsoft Office Excel
1
Microsoft Office PowerPoint
1
Microsoft Office SharePoint
1
Microsoft Office Word
1
Microsoft Windows QoS Scheduler
1
Microsoft Windows Search Component
1
Office Developer Platform
1
Remote Desktop Client
1
Service Fabric
1
Storage Port Driver
1
Universal Print Management Service
1
Visual Studio
1
Visual Studio Code - Python Extension
1
Windows Ancillary Function Driver for WinSock
1
Windows AppX Deployment Service
1
Windows Cred SSProvider Protocol
1
Windows Cryptographic Services
1
Windows Fast FAT Driver
1
Windows GDI
1
Windows Imaging Component
1
Windows KDC Proxy Service (KPSSVC)
1
Windows Kerberos
1
Windows Kernel
1
Windows MBT Transport Driver
1
Windows Media
1
Windows NTFS
1
Windows Netlogon
1
Windows Performance Recorder
1
Windows Print Spooler Components
1
Windows Remote Desktop Licensing Service
1
Windows Shell
1
Windows SmartScreen
1
Windows SMB
1
Windows SPNEGO Extended Negotiation
1
Windows StateRepository API
1
Windows Storage
1
Windows Storage VSP Driver
1
Windows TCP/IP
1
Windows Update Service
1
Windows User-Mode Driver Framework Host
1
Workspace Broker
1

This extensive list demonstrates the broad scope of Microsoft's July 2025 security updates, covering core operating system components, productivity applications, server infrastructure, development tools, and cloud services across the Microsoft ecosystem.

Summary tables

Apps vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft PC Manager Elevation of Privilege Vulnerability
No
No
7.8

Azure vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Azure Monitor Agent Remote Code Execution Vulnerability
No
No
7.5
Azure Service Fabric Runtime Elevation of Privilege Vulnerability
No
No
6

Browser vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
No
No
8.8
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
No
No
7.4
Chromium: CVE-2025-6554 Type Confusion in V8
No
No
N/A

Developer Tools vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Visual Studio Elevation of Privilege Vulnerability
No
No
8.8
Visual Studio Code Python Extension Remote Code Execution Vulnerability
No
No
7.8
MITRE: CVE-2025-48386 Git Credential Helper Vulnerability
No
No
N/A
MITRE: CVE-2025-48385 Git Protocol Injection Vulnerability
No
No
N/A
MITRE: CVE-2025-48384 Git Symlink Vulnerability
No
No
N/A
MITRE: CVE-2025-46835 Git File Overwrite Vulnerability
No
No
N/A
MITRE: CVE-2025-46334 Git Malicious Shell Vulnerability
No
No
N/A
MITRE: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability
No
No
N/A
MITRE: CVE-2025-27613 Gitk Arguments Vulnerability
No
No
N/A

ESU Windows vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
No
No
9.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
No
No
8.8
Universal Print Management Service Elevation of Privilege Vulnerability
No
No
8.8
Remote Desktop Client Remote Code Execution Vulnerability
No
No
8.8
Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
No
No
8.1
Workspace Broker Elevation of Privilege Vulnerability
No
No
7.8
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
No
No
7.8
Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability
No
No
7.8
Windows TCP/IP Driver Elevation of Privilege Vulnerability
No
No
7.8
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
No
No
7.8
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
No
No
7.8
Windows Shell Elevation of Privilege Vulnerability
No
No
7.8
Windows MBT Transport Driver Elevation of Privilege Vulnerability
No
No
7.8
Windows Graphics Component Remote Code Execution Vulnerability
No
No
7.8
Windows Graphics Component Elevation of Privilege Vulnerability
No
No
7.8
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
No
No
7.8
Windows Event Tracing Elevation of Privilege Vulnerability
No
No
7.8
Windows Event Tracing Elevation of Privilege Vulnerability
No
No
7.8
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
No
No
7.8
Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability
No
No
7.8
Microsoft Virtual Hard Disk Remote Code Execution Vulnerability
No
No
7.8
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
No
No
7.8
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
No
No
7.8
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
No
No
7.8
Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
No
No
7.8
Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
No
No
7.8
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
No
No
7.8
HID Class Driver Elevation of Privilege Vulnerability
No
No
7.8
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
No
No
7.8
Windows GDI Information Disclosure Vulnerability
No
No
7.5
Remote Desktop Licensing Service Security Feature Bypass Vulnerability
No
No
7.5
Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
No
No
7.1
Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
No
No
7.1
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
No
No
7
Win32k Elevation of Privilege Vulnerability
No
No
7
NTFS Elevation of Privilege Vulnerability
No
No
7
BitLocker Security Feature Bypass Vulnerability
No
No
6.8
BitLocker Security Feature Bypass Vulnerability
No
No
6.8
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
No
No
6.5
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
No
No
6.5
Windows Imaging Component Information Disclosure Vulnerability
No
No
6.2
Windows Netlogon Denial of Service Vulnerability
No
No
5.9
Windows Print Spooler Denial of Service Vulnerability
No
No
5.7
Windows User-Mode Driver Framework Host Information Disclosure Vulnerability
No
No
5.5
Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability
No
No
5.5
Windows Storage Port Driver Information Disclosure Vulnerability
No
No
5.5
Windows Kernel Information Disclosure Vulnerability
No
No
5.5

Microsoft Office vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft SharePoint Remote Code Execution Vulnerability
No
No
8.8
Microsoft SharePoint Remote Code Execution Vulnerability
No
No
8.8
Microsoft Office Remote Code Execution Vulnerability
No
No
8.4
Microsoft Office Remote Code Execution Vulnerability
No
No
8.4
Microsoft Office Remote Code Execution Vulnerability
No
No
8.4
Microsoft Word Remote Code Execution Vulnerability
No
No
7.8
Microsoft Word Remote Code Execution Vulnerability
No
No
7.8
Microsoft Word Remote Code Execution Vulnerability
No
No
7.8
Microsoft PowerPoint Remote Code Execution Vulnerability
No
No
7.8
Microsoft Office Remote Code Execution Vulnerability
No
No
7.8
Microsoft Office Elevation of Privilege Vulnerability
No
No
7.8
Microsoft Excel Remote Code Execution Vulnerability
No
No
7.8
Microsoft Teams Elevation of Privilege Vulnerability
No
No
7
Microsoft Office Remote Code Execution Vulnerability
No
No
7
Microsoft SharePoint Server Spoofing Vulnerability
No
No
6.3
Microsoft Excel Information Disclosure Vulnerability
No
No
5.5
Office Developer Platform Security Feature Bypass Vulnerability
No
No
3.3
Microsoft Teams Elevation of Privilege Vulnerability
No
No
3.1

SQL Server vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft SQL Server Remote Code Execution Vulnerability
No
No
8.5
Microsoft SQL Server Information Disclosure Vulnerability
No
Yes
7.5
Microsoft SQL Server Information Disclosure Vulnerability
No
No
7.5

System Center vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft Configuration Manager Remote Code Execution Vulnerability
No
No
8

Windows vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Windows StateRepository API Server file Tampering Vulnerability
No
No
8.8
Windows SmartScreen Security Feature Bypass Vulnerability
No
No
8.8
Windows Connected Devices Platform Service Remote Code Execution Vulnerability
No
No
8.8
Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability
No
No
8.6
Remote Desktop Spoofing Vulnerability
No
No
8.1
Windows Miracast Wireless Display Remote Code Execution Vulnerability
No
No
8
Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
No
No
8
Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability
No
No
7.8
Windows Update Service Elevation of Privilege Vulnerability
No
No
7.8
Windows Storage VSP Driver Elevation of Privilege Vulnerability
No
No
7.8
Windows Notification Elevation of Privilege Vulnerability
No
No
7.8
Windows Notification Elevation of Privilege Vulnerability
No
No
7.8
Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
No
No
7.8
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
No
No
7.8
Windows AppX Deployment Service Elevation of Privilege Vulnerability
No
No
7.8
Win32k Elevation of Privilege Vulnerability
No
No
7.8
Microsoft PC Manager Elevation of Privilege Vulnerability
No
No
7.8
Microsoft Brokering File System Elevation of Privilege Vulnerability
No
No
7.8
Microsoft Brokering File System Elevation of Privilege Vulnerability
No
No
7.8
Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
No
No
7.4
Windows Performance Recorder (WPR) Denial of Service Vulnerability
No
No
7.3
Windows Media Elevation of Privilege Vulnerability
No
No
7.3
Windows Server Setup and Boot Event Collection Remote Code Execution Vulnerability
No
No
7.2
Windows Search Service Elevation of Privilege Vulnerability
No
No
7
Windows Graphics Component Elevation of Privilege Vulnerability
No
No
7
Microsoft Brokering File System Elevation of Privilege Vulnerability
No
No
7
Windows Hyper-V Denial of Service Vulnerability
No
No
6.8
BitLocker Security Feature Bypass Vulnerability
No
No
6.8
BitLocker Security Feature Bypass Vulnerability
No
No
6.8
BitLocker Security Feature Bypass Vulnerability
No
No
6.8
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
No
No
6.7
Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability
No
No
6.7
Windows SMB Server Spoofing Vulnerability
No
No
6.5
Windows Kerberos Denial of Service Vulnerability
No
No
6.5
Windows Cryptographic Services Information Disclosure Vulnerability
No
No
5.9
Windows Hyper-V Information Disclosure Vulnerability
No
No
5.7
AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue
No
No
5.6
AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue
No
No
5.6
Windows Secure Kernel Mode Information Disclosure Vulnerability
No
No
5.5
Windows Secure Kernel Mode Information Disclosure Vulnerability
No
No
5.5
Windows Kernel Information Disclosure Vulnerability
No
No
5.5
Windows Storage Spoofing Vulnerability
No
No
3.5

Bottom Line

Microsoft's July 2025 Patch Tuesday addressed 137 vulnerabilities, including one publicly disclosed zero-day in Microsoft SQL Server and 14 critical-severity flaws affecting Windows, Office, SharePoint, and other key products.

This release fixed a variety of vulnerability types, with elevation of privilege issues being most prevalent at 53 instances. Remote code execution ranked second with 41 patches issued. Among the critical bugs are a maximum-rated SPNEGO Extended Negotiation RCE, multiple Office application RCEs, a SharePoint Server RCE, and a Hyper-V Discrete Device Assignment RCE.

The publicly disclosed zero-day CVE-2025-49719 affects Microsoft SQL Server, allowing unauthenticated attackers to access uninitialized memory data. While rated Important, this information disclosure vulnerability requires immediate attention due to its public disclosure status and broad impact across SQL Server environments.

Critical vulnerabilities addressed this month include CVE-2025-47981 with a maximum 9.8 CVSS score for SPNEGO Extended Negotiation RCE, CVE-2025-49735 affecting Windows KDC Proxy Service, and multiple Office application RCEs that can be exploited through document-based attacks or preview pane interactions. The SharePoint RCE (CVE-2025-49704) and Hyper-V vulnerability (CVE-2025-48822) also pose significant risks to server infrastructure.

Alongside the critical problems, numerous important-rated issues were remediated, including elevation of privilege vulnerabilities across Windows components, information disclosure flaws in various services, and security feature bypass issues in BitLocker. AMD processor vulnerabilities also received Windows-based mitigations for transient scheduler attacks.

Overall, July's patches close 137 security gaps across Microsoft's portfolio, with particular emphasis on preventing code execution and privilege escalation attacks. Immediate patching is essential for the SQL Server zero-day and critical Office vulnerabilities that require minimal user interaction for exploitation.

CVE ID
Description
CVSSv3
Severity
CVE-2025-47981
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
9.8
Critical
CVE-2025-49704
Microsoft SharePoint Remote Code Execution Vulnerability
8.8
Critical
CVE-2025-48822
Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability
8.6
Critical
CVE-2025-49717
Microsoft SQL Server Remote Code Execution Vulnerability
8.5
Critical
CVE-2025-49695
Microsoft Office Remote Code Execution Vulnerability
8.4
Critical
CVE-2025-49696
Microsoft Office Remote Code Execution Vulnerability
8.4
Critical
CVE-2025-49697
Microsoft Office Remote Code Execution Vulnerability
8.4
Critical

We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Report

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe