logo
Home/News/News article/

Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws

Patch Tuesday

Today is Microsoft's July 2025 Patch Tuesday, which includes security updates for 137 flaws, including one publicly disclosed zero-day vulnerability in Microsoft SQL Server.

This Patch Tuesday also fixes fourteen "Critical" vulnerabilities, ten of which are remote code execution vulnerabilities, one is an information disclosure, and two are AMD side channel attack flaws.

The number of bugs in each vulnerability category is listed below:

  • 53 Elevation of Privilege Vulnerabilities
  • 8 Security Feature Bypass Vulnerabilities
  • 41 Remote Code Execution Vulnerabilities
  • 18 Information Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 4 Spoofing Vulnerabilities

These counts do not include four Mariner and three Microsoft Edge issues fixed earlier this month.

To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5062553 & KB5062552 cumulative updates and the Windows 10 KB5062554 cumulative update.

One zero-day and critical Microsoft office flaws

This month's Patch Tuesday fixes one publicly disclosed zero-day in Microsoft SQL Server. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available.

The publicly disclosed zero-day is:

CVE-2025-49719 - Microsoft SQL Server Information Disclosure Vulnerability

Microsoft fixes a flaw in Microsoft SQL Server that could allow a remote, unauthenticated attacker to access data from uninitialized memory.

"Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network," explains Microsoft.

Admins can fix the flaw by installing the latest version of Microsoft SQL Server and by installing the Microsoft OLE DB Driver 18 or 19.

Microsoft attributes the discovery of this flaw to Vladimir Aleksic with Microsoft and does not provide details regarding how it was publicly disclosed.

While there was only one zero-day in this Patch Tuesday, Microsoft fixed numerous, critical remote code execution flaws in Microsoft Office that can be exploited simply by opening a specially crafted document or when viewed through the preview pane.

Microsoft states that the security updates for these flaws are not yet available for Microsoft Office LTSC for Mac 2021 and 2024 and will be released shortly.

The company also fixed another critical RCE in Microsoft SharePoint tracked as CVE-2025-49704 that can be exploited remotely over the Internet as long as they have an account on the platform.

Recent updates from other companies

Other vendors who released updates or advisories in July 2025 include:

The July 2025 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities in the July 2025 Patch Tuesday updates.

To access the full description of each vulnerability and the systems it affects, you can view the full report here.

Tag CVE ID CVE Title Severity
AMD L1 Data Queue CVE-2025-36357 AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue Critical
AMD Store Queue CVE-2025-36350 AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue Critical
Azure Monitor Agent CVE-2025-47988 Azure Monitor Agent Remote Code Execution Vulnerability Important
Capability Access Management Service (camsvc) CVE-2025-49690 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Important
HID class driver CVE-2025-48816 HID Class Driver Elevation of Privilege Vulnerability Important
Kernel Streaming WOW Thunk Service Driver CVE-2025-49675 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Important
Microsoft Brokering File System CVE-2025-49677 Microsoft Brokering File System Elevation of Privilege Vulnerability Important
Microsoft Brokering File System CVE-2025-49694 Microsoft Brokering File System Elevation of Privilege Vulnerability Important
Microsoft Brokering File System CVE-2025-49693 Microsoft Brokering File System Elevation of Privilege Vulnerability Important
Microsoft Configuration Manager CVE-2025-47178 Microsoft Configuration Manager Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2025-49732 Windows Graphics Component Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2025-49742 Windows Graphics Component Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2025-49744 Windows Graphics Component Elevation of Privilege Vulnerability Important
Microsoft Input Method Editor (IME) CVE-2025-49687 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Important
Microsoft Input Method Editor (IME) CVE-2025-47991 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Important
Microsoft Input Method Editor (IME) CVE-2025-47972 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Important
Microsoft MPEG-2 Video Extension CVE-2025-48806 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability Important
Microsoft MPEG-2 Video Extension CVE-2025-48805 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability Important
Microsoft Office CVE-2025-47994 Microsoft Office Elevation of Privilege Vulnerability Important
Microsoft Office CVE-2025-49697 Microsoft Office Remote Code Execution Vulnerability Critical
Microsoft Office CVE-2025-49695 Microsoft Office Remote Code Execution Vulnerability Critical
Microsoft Office CVE-2025-49696 Microsoft Office Remote Code Execution Vulnerability Critical
Microsoft Office CVE-2025-49699 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office CVE-2025-49702 Microsoft Office Remote Code Execution Vulnerability Critical
Microsoft Office Excel CVE-2025-48812 Microsoft Excel Information Disclosure Vulnerability Important
Microsoft Office Excel CVE-2025-49711 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office PowerPoint CVE-2025-49705 Microsoft PowerPoint Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2025-49701 Microsoft SharePoint Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2025-49704 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2025-49706 Microsoft SharePoint Server Spoofing Vulnerability Important
Microsoft Office Word CVE-2025-49703 Microsoft Word Remote Code Execution Vulnerability Critical
Microsoft Office Word CVE-2025-49698 Microsoft Word Remote Code Execution Vulnerability Critical
Microsoft Office Word CVE-2025-49700 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft PC Manager CVE-2025-47993 Microsoft PC Manager Elevation of Privilege Vulnerability Important
Microsoft PC Manager CVE-2025-49738 Microsoft PC Manager Elevation of Privilege Vulnerability Important
Microsoft Teams CVE-2025-49731 Microsoft Teams Elevation of Privilege Vulnerability Important
Microsoft Teams CVE-2025-49737 Microsoft Teams Elevation of Privilege Vulnerability Important
Microsoft Windows QoS scheduler CVE-2025-49730 Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability Important
Microsoft Windows Search Component CVE-2025-49685 Windows Search Service Elevation of Privilege Vulnerability Important
Office Developer Platform CVE-2025-49756 Office Developer Platform Security Feature Bypass Vulnerability Important
Remote Desktop Client CVE-2025-48817 Remote Desktop Client Remote Code Execution Vulnerability Important
Remote Desktop Client CVE-2025-33054 Remote Desktop Spoofing Vulnerability Important
Role: Windows Hyper-V CVE-2025-48822 Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability Critical
Role: Windows Hyper-V CVE-2025-47999 Windows Hyper-V Denial of Service Vulnerability Important
Role: Windows Hyper-V CVE-2025-48002 Windows Hyper-V Information Disclosure Vulnerability Important
Service Fabric CVE-2025-21195 Azure Service Fabric Runtime Elevation of Privilege Vulnerability Important
SQL Server CVE-2025-49719 Microsoft SQL Server Information Disclosure Vulnerability Important
SQL Server CVE-2025-49718 Microsoft SQL Server Information Disclosure Vulnerability Important
SQL Server CVE-2025-49717 Microsoft SQL Server Remote Code Execution Vulnerability Critical
Storage Port Driver CVE-2025-49684 Windows Storage Port Driver Information Disclosure Vulnerability Important
Universal Print Management Service CVE-2025-47986 Universal Print Management Service Elevation of Privilege Vulnerability Important
Virtual Hard Disk (VHDX) CVE-2025-47971 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Important
Virtual Hard Disk (VHDX) CVE-2025-49689 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Important
Virtual Hard Disk (VHDX) CVE-2025-49683 Microsoft Virtual Hard Disk Remote Code Execution Vulnerability Low
Virtual Hard Disk (VHDX) CVE-2025-47973 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Important
Visual Studio CVE-2025-49739 Visual Studio Elevation of Privilege Vulnerability Important
Visual Studio CVE-2025-27614 MITRE: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability Unknown
Visual Studio CVE-2025-27613 MITRE: CVE-2025-27613 Gitk Arguments Vulnerability Unknown
Visual Studio CVE-2025-46334 MITRE: CVE-2025-46334 Git Malicious Shell Vulnerability Unknown
Visual Studio CVE-2025-46835 MITRE: CVE-2025-46835 Git File Overwrite Vulnerability Unknown
Visual Studio CVE-2025-48384 MITRE: CVE-2025-48384 Git Symlink Vulnerability Unknown
Visual Studio CVE-2025-48386 MITRE: CVE-2025-48386 Git Credential Helper Vulnerability Unknown
Visual Studio CVE-2025-48385 MITRE: CVE-2025-48385 Git Protocol Injection Vulnerability Unknown
Visual Studio Code - Python extension CVE-2025-49714 Visual Studio Code Python Extension Remote Code Execution Vulnerability Important
Windows Ancillary Function Driver for WinSock CVE-2025-49661 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important
Windows AppX Deployment Service CVE-2025-48820 Windows AppX Deployment Service Elevation of Privilege Vulnerability Important
Windows BitLocker CVE-2025-48818 BitLocker Security Feature Bypass Vulnerability Important
Windows BitLocker CVE-2025-48001 BitLocker Security Feature Bypass Vulnerability Important
Windows BitLocker CVE-2025-48804 BitLocker Security Feature Bypass Vulnerability Important
Windows BitLocker CVE-2025-48003 BitLocker Security Feature Bypass Vulnerability Important
Windows BitLocker CVE-2025-48800 BitLocker Security Feature Bypass Vulnerability Important
Windows Connected Devices Platform Service CVE-2025-48000 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Important
Windows Connected Devices Platform Service CVE-2025-49724 Windows Connected Devices Platform Service Remote Code Execution Vulnerability Important
Windows Cred SSProvider Protocol CVE-2025-47987 Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability Important
Windows Cryptographic Services CVE-2025-48823 Windows Cryptographic Services Information Disclosure Vulnerability Important
Windows Event Tracing CVE-2025-47985 Windows Event Tracing Elevation of Privilege Vulnerability Important
Windows Event Tracing CVE-2025-49660 Windows Event Tracing Elevation of Privilege Vulnerability Important
Windows Fast FAT Driver CVE-2025-49721 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability Important
Windows GDI CVE-2025-47984 Windows GDI Information Disclosure Vulnerability Important
Windows Imaging Component CVE-2025-47980 Windows Imaging Component Information Disclosure Vulnerability Critical
Windows KDC Proxy Service (KPSSVC) CVE-2025-49735 Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability Critical
Windows Kerberos CVE-2025-47978 Windows Kerberos Denial of Service Vulnerability Important
Windows Kernel CVE-2025-49666 Windows Server Setup and Boot Event Collection Remote Code Execution Vulnerability Important
Windows Kernel CVE-2025-26636 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2025-48809 Windows Secure Kernel Mode Information Disclosure Vulnerability Important
Windows Kernel CVE-2025-48808 Windows Kernel Information Disclosure Vulnerability Important
Windows MBT Transport driver CVE-2025-47996 Windows MBT Transport Driver Elevation of Privilege Vulnerability Important
Windows Media CVE-2025-49682 Windows Media Elevation of Privilege Vulnerability Important
Windows Media CVE-2025-49691 Windows Miracast Wireless Display Remote Code Execution Vulnerability Important
Windows Netlogon CVE-2025-49716 Windows Netlogon Denial of Service Vulnerability Important
Windows Notification CVE-2025-49726 Windows Notification Elevation of Privilege Vulnerability Important
Windows Notification CVE-2025-49725 Windows Notification Elevation of Privilege Vulnerability Important
Windows NTFS CVE-2025-49678 NTFS Elevation of Privilege Vulnerability Important
Windows Performance Recorder CVE-2025-49680 Windows Performance Recorder (WPR) Denial of Service Vulnerability Important
Windows Print Spooler Components CVE-2025-49722 Windows Print Spooler Denial of Service Vulnerability Important
Windows Remote Desktop Licensing Service CVE-2025-48814 Remote Desktop Licensing Service Security Feature Bypass Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49688 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49676 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49672 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49670 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49671 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49753 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49729 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49673 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49674 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49669 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49663 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49668 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49681 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49657 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-47998 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-48824 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Secure Kernel Mode CVE-2025-48810 Windows Secure Kernel Mode Information Disclosure Vulnerability Important
Windows Shell CVE-2025-49679 Windows Shell Elevation of Privilege Vulnerability Important
Windows SmartScreen CVE-2025-49740 Windows SmartScreen Security Feature Bypass Vulnerability Important
Windows SMB CVE-2025-48802 Windows SMB Server Spoofing Vulnerability Important
Windows SPNEGO Extended Negotiation CVE-2025-47981 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability Critical
Windows SSDP Service CVE-2025-47976 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Important
Windows SSDP Service CVE-2025-47975 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Important
Windows SSDP Service CVE-2025-48815 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Important
Windows StateRepository API CVE-2025-49723 Windows StateRepository API Server file Tampering Vulnerability Important
Windows Storage CVE-2025-49760 Windows Storage Spoofing Vulnerability Moderate
Windows Storage VSP Driver CVE-2025-47982 Windows Storage VSP Driver Elevation of Privilege Vulnerability Important
Windows TCP/IP CVE-2025-49686 Windows TCP/IP Driver Elevation of Privilege Vulnerability Important
Windows TDX.sys CVE-2025-49658 Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability Important
Windows TDX.sys CVE-2025-49659 Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability Important
Windows Universal Plug and Play (UPnP) Device Host CVE-2025-48821 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability Important
Windows Universal Plug and Play (UPnP) Device Host CVE-2025-48819 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability Important
Windows Update Service CVE-2025-48799 Windows Update Service Elevation of Privilege Vulnerability Important
Windows User-Mode Driver Framework Host CVE-2025-49664 Windows User-Mode Driver Framework Host Information Disclosure Vulnerability Important
Windows Virtualization-Based Security (VBS) Enclave CVE-2025-47159 Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability Important
Windows Virtualization-Based Security (VBS) Enclave CVE-2025-48811 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Important
Windows Virtualization-Based Security (VBS) Enclave CVE-2025-48803 Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability Important
Windows Win32K - GRFX CVE-2025-49727 Win32k Elevation of Privilege Vulnerability Important
Windows Win32K - ICOMP CVE-2025-49733 Win32k Elevation of Privilege Vulnerability Important
Windows Win32K - ICOMP CVE-2025-49667 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Important
Workspace Broker CVE-2025-49665 Workspace Broker Elevation of Privilege Vulnerability Important

Free online web security scanner

Top News: