Patch Tuesday July 2025: Microsoft Fixes 137 Vulnerabilities
Jonathan Montoya 07/08/2025 Cybersecurity, vulnerability, Patch Management
9 Minutos

Today is Patch Tuesday for July 2025, and as it does every month, Microsoft has released new security updates, this time to fix 137 different bugs, including a zero-day vulnerability that was already public and affected Microsoft SQL Server.

In addition, this update package includes 14 flaws classified as “critical.” Ten of them allow an attacker to remotely execute malicious code, one exposes sensitive information, and two others are related to vulnerabilities in AMD processors that could be used to spy on what is happening on your computer.

In summary, this is what Microsoft has fixed this month:

 

  1. 53 privilege escalation flaws (when someone without permissions can take control of the system)

  2. 8 flaws that allow security features to be bypassed

  3. 41 remote code execution errors (among the most dangerous)

  4. 18 information leakage vulnerabilities

  5. 6 flaws that can cause system crashes or freezes

  6. 4 impersonation vulnerabilities

 

And that's not all: these figures do not include four fixes in Mariner (Microsoft's container system) or three security patches for Microsoft Edge that were already released earlier this month.

 

A zero-day in SQL Server and critical flaws in Microsoft Office

 

This Patch Tuesday came with some important fixes, including a zero-day that was already public and affected Microsoft SQL Server. In this case, the vulnerability in question is:

 

CVE-2025-49719 – Information leak in Microsoft SQL Server

 

This flaw could allow a remote attacker (without needing to log in or have access to the system) to obtain sensitive data from the server's memory. In Microsoft's words, the problem is due to poor input validation in SQL Server, which opens the door to information leaks over the network.

To fix it, administrators must update to the latest version of Microsoft SQL Server and ensure that OLE DB driver 18 or 19 is installed.

The discovery of this flaw was credited to Vladimir Aleksic, a Microsoft researcher, although no details have been shared about how it was made public.

 

Read more: What is Third-Party Patch Management?

 

Security Updates for this Microsoft Patch Tuesday July 2025

 

Here is the complete list of bugs that Microsoft fixed with Tuesday's security updates, corresponding to July 2025.

 

Tag CVE ID CVE Title Severity
AMD L1 Data Queue CVE-2025-36357 AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue Critical
AMD Store Queue CVE-2025-36350 AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue Critical
Azure Monitor Agent CVE-2025-47988 Azure Monitor Agent Remote Code Execution Vulnerability Important
Capability Access Management Service (camsvc) CVE-2025-49690 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Important
HID class driver CVE-2025-48816 HID Class Driver Elevation of Privilege Vulnerability Important
Kernel Streaming WOW Thunk Service Driver CVE-2025-49675 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Important
Microsoft Brokering File System CVE-2025-49677 Microsoft Brokering File System Elevation of Privilege Vulnerability Important
Microsoft Brokering File System CVE-2025-49694 Microsoft Brokering File System Elevation of Privilege Vulnerability Important
Microsoft Brokering File System CVE-2025-49693 Microsoft Brokering File System Elevation of Privilege Vulnerability Important
Microsoft Configuration Manager CVE-2025-47178 Microsoft Configuration Manager Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2025-49732 Windows Graphics Component Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2025-49742 Windows Graphics Component Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2025-49744 Windows Graphics Component Elevation of Privilege Vulnerability Important
Microsoft Input Method Editor (IME) CVE-2025-49687 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Important
Microsoft Input Method Editor (IME) CVE-2025-47991 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Important
Microsoft Input Method Editor (IME) CVE-2025-47972 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Important
Microsoft MPEG-2 Video Extension CVE-2025-48806 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability Important
Microsoft MPEG-2 Video Extension CVE-2025-48805 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability Important
Microsoft Office CVE-2025-47994 Microsoft Office Elevation of Privilege Vulnerability Important
Microsoft Office CVE-2025-49697 Microsoft Office Remote Code Execution Vulnerability Critical
Microsoft Office CVE-2025-49695 Microsoft Office Remote Code Execution Vulnerability Critical
Microsoft Office CVE-2025-49696 Microsoft Office Remote Code Execution Vulnerability Critical
Microsoft Office CVE-2025-49699 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office CVE-2025-49702 Microsoft Office Remote Code Execution Vulnerability Critical
Microsoft Office Excel CVE-2025-48812 Microsoft Excel Information Disclosure Vulnerability Important
Microsoft Office Excel CVE-2025-49711 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office PowerPoint CVE-2025-49705 Microsoft PowerPoint Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2025-49701 Microsoft SharePoint Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2025-49704 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2025-49706 Microsoft SharePoint Server Spoofing Vulnerability Important
Microsoft Office Word CVE-2025-49703 Microsoft Word Remote Code Execution Vulnerability Critical
Microsoft Office Word CVE-2025-49698 Microsoft Word Remote Code Execution Vulnerability Critical
Microsoft Office Word CVE-2025-49700 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft PC Manager CVE-2025-47993 Microsoft PC Manager Elevation of Privilege Vulnerability Important
Microsoft PC Manager CVE-2025-49738 Microsoft PC Manager Elevation of Privilege Vulnerability Important
Microsoft Teams CVE-2025-49731 Microsoft Teams Elevation of Privilege Vulnerability Important
Microsoft Teams CVE-2025-49737 Microsoft Teams Elevation of Privilege Vulnerability Important
Microsoft Windows QoS scheduler CVE-2025-49730 Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability Important
Microsoft Windows Search Component CVE-2025-49685 Windows Search Service Elevation of Privilege Vulnerability Important
Office Developer Platform CVE-2025-49756 Office Developer Platform Security Feature Bypass Vulnerability Important
Remote Desktop Client CVE-2025-48817 Remote Desktop Client Remote Code Execution Vulnerability Important
Remote Desktop Client CVE-2025-33054 Remote Desktop Spoofing Vulnerability Important
Role: Windows Hyper-V CVE-2025-48822 Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability Critical
Role: Windows Hyper-V CVE-2025-47999 Windows Hyper-V Denial of Service Vulnerability Important
Role: Windows Hyper-V CVE-2025-48002 Windows Hyper-V Information Disclosure Vulnerability Important
Service Fabric CVE-2025-21195 Azure Service Fabric Runtime Elevation of Privilege Vulnerability Important
SQL Server CVE-2025-49719 Microsoft SQL Server Information Disclosure Vulnerability Important
SQL Server CVE-2025-49718 Microsoft SQL Server Information Disclosure Vulnerability Important
SQL Server CVE-2025-49717 Microsoft SQL Server Remote Code Execution Vulnerability Critical
Storage Port Driver CVE-2025-49684 Windows Storage Port Driver Information Disclosure Vulnerability Important
Universal Print Management Service CVE-2025-47986 Universal Print Management Service Elevation of Privilege Vulnerability Important
Virtual Hard Disk (VHDX) CVE-2025-47971 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Important
Virtual Hard Disk (VHDX) CVE-2025-49689 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Important
Virtual Hard Disk (VHDX) CVE-2025-49683 Microsoft Virtual Hard Disk Remote Code Execution Vulnerability Low
Virtual Hard Disk (VHDX) CVE-2025-47973 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Important
Visual Studio CVE-2025-49739 Visual Studio Elevation of Privilege Vulnerability Important
Visual Studio CVE-2025-27614 MITRE: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability Unknown
Visual Studio CVE-2025-27613 MITRE: CVE-2025-27613 Gitk Arguments Vulnerability Unknown
Visual Studio CVE-2025-46334 MITRE: CVE-2025-46334 Git Malicious Shell Vulnerability Unknown
Visual Studio CVE-2025-46835 MITRE: CVE-2025-46835 Git File Overwrite Vulnerability Unknown
Visual Studio CVE-2025-48384 MITRE: CVE-2025-48384 Git Symlink Vulnerability Unknown
Visual Studio CVE-2025-48386 MITRE: CVE-2025-48386 Git Credential Helper Vulnerability Unknown
Visual Studio CVE-2025-48385 MITRE: CVE-2025-48385 Git Protocol Injection Vulnerability Unknown
Visual Studio Code - Python extension CVE-2025-49714 Visual Studio Code Python Extension Remote Code Execution Vulnerability Important
Windows Ancillary Function Driver for WinSock CVE-2025-49661 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important
Windows AppX Deployment Service CVE-2025-48820 Windows AppX Deployment Service Elevation of Privilege Vulnerability Important
Windows BitLocker CVE-2025-48818 BitLocker Security Feature Bypass Vulnerability Important
Windows BitLocker CVE-2025-48001 BitLocker Security Feature Bypass Vulnerability Important
Windows BitLocker CVE-2025-48804 BitLocker Security Feature Bypass Vulnerability Important
Windows BitLocker CVE-2025-48003 BitLocker Security Feature Bypass Vulnerability Important
Windows BitLocker CVE-2025-48800 BitLocker Security Feature Bypass Vulnerability Important
Windows Connected Devices Platform Service CVE-2025-48000 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Important
Windows Connected Devices Platform Service CVE-2025-49724 Windows Connected Devices Platform Service Remote Code Execution Vulnerability Important
Windows Cred SSProvider Protocol CVE-2025-47987 Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability Important
Windows Cryptographic Services CVE-2025-48823 Windows Cryptographic Services Information Disclosure Vulnerability Important
Windows Event Tracing CVE-2025-47985 Windows Event Tracing Elevation of Privilege Vulnerability Important
Windows Event Tracing CVE-2025-49660 Windows Event Tracing Elevation of Privilege Vulnerability Important
Windows Fast FAT Driver CVE-2025-49721 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability Important
Windows GDI CVE-2025-47984 Windows GDI Information Disclosure Vulnerability Important
Windows Imaging Component CVE-2025-47980 Windows Imaging Component Information Disclosure Vulnerability Critical
Windows KDC Proxy Service (KPSSVC) CVE-2025-49735 Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability Critical
Windows Kerberos CVE-2025-47978 Windows Kerberos Denial of Service Vulnerability Important
Windows Kernel CVE-2025-49666 Windows Server Setup and Boot Event Collection Remote Code Execution Vulnerability Important
Windows Kernel CVE-2025-26636 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2025-48809 Windows Secure Kernel Mode Information Disclosure Vulnerability Important
Windows Kernel CVE-2025-48808 Windows Kernel Information Disclosure Vulnerability Important
Windows MBT Transport driver CVE-2025-47996 Windows MBT Transport Driver Elevation of Privilege Vulnerability Important
Windows Media CVE-2025-49682 Windows Media Elevation of Privilege Vulnerability Important
Windows Media CVE-2025-49691 Windows Miracast Wireless Display Remote Code Execution Vulnerability Important
Windows Netlogon CVE-2025-49716 Windows Netlogon Denial of Service Vulnerability Important
Windows Notification CVE-2025-49726 Windows Notification Elevation of Privilege Vulnerability Important
Windows Notification CVE-2025-49725 Windows Notification Elevation of Privilege Vulnerability Important
Windows NTFS CVE-2025-49678 NTFS Elevation of Privilege Vulnerability Important
Windows Performance Recorder CVE-2025-49680 Windows Performance Recorder (WPR) Denial of Service Vulnerability Important
Windows Print Spooler Components CVE-2025-49722 Windows Print Spooler Denial of Service Vulnerability Important
Windows Remote Desktop Licensing Service CVE-2025-48814 Remote Desktop Licensing Service Security Feature Bypass Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49688 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49676 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49672 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49670 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49671 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49753 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49729 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49673 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49674 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49669 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49663 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49668 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49681 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-49657 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-47998 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2025-48824 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Secure Kernel Mode CVE-2025-48810 Windows Secure Kernel Mode Information Disclosure Vulnerability Important
Windows Shell CVE-2025-49679 Windows Shell Elevation of Privilege Vulnerability Important
Windows SmartScreen CVE-2025-49740 Windows SmartScreen Security Feature Bypass Vulnerability Important
Windows SMB CVE-2025-48802 Windows SMB Server Spoofing Vulnerability Important
Windows SPNEGO Extended Negotiation CVE-2025-47981 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability Critical
Windows SSDP Service CVE-2025-47976 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Important
Windows SSDP Service CVE-2025-47975 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Important
Windows SSDP Service CVE-2025-48815 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Important
Windows StateRepository API CVE-2025-49723 Windows StateRepository API Server file Tampering Vulnerability Important
Windows Storage CVE-2025-49760 Windows Storage Spoofing Vulnerability Moderate
Windows Storage VSP Driver CVE-2025-47982 Windows Storage VSP Driver Elevation of Privilege Vulnerability Important
Windows TCP/IP CVE-2025-49686 Windows TCP/IP Driver Elevation of Privilege Vulnerability Important
Windows TDX.sys CVE-2025-49658 Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability Important
Windows TDX.sys CVE-2025-49659 Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability Important
Windows Universal Plug and Play (UPnP) Device Host CVE-2025-48821 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability Important
Windows Universal Plug and Play (UPnP) Device Host CVE-2025-48819 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability Important
Windows Update Service CVE-2025-48799 Windows Update Service Elevation of Privilege Vulnerability Important
Windows User-Mode Driver Framework Host CVE-2025-49664 Windows User-Mode Driver Framework Host Information Disclosure Vulnerability Important
Windows Virtualization-Based Security (VBS) Enclave CVE-2025-47159 Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability Important
Windows Virtualization-Based Security (VBS) Enclave CVE-2025-48811 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Important
Windows Virtualization-Based Security (VBS) Enclave CVE-2025-48803 Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability Important
Windows Win32K - GRFX CVE-2025-49727 Win32k Elevation of Privilege Vulnerability Important
Windows Win32K - ICOMP CVE-2025-49733 Win32k Elevation of Privilege Vulnerability Important
Windows Win32K - ICOMP CVE-2025-49667 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Important
Workspace Broker CVE-2025-49665 Workspace Broker Elevation of Privilege Vulnerability Important

 

Conclusion: Update today and protect yourself

 

Patch Tuesday in July 2025 stands out for the significant number of bugs fixed (137 in total) and, above all, for the presence of a zero-day vulnerability that was already being exploited by attackers.

Updating your operating system and applications is the most effective and easiest way to prevent cyberattacks. Whether you are an individual user or a business network administrator, don't miss out on these updates.

Cybersecurity is not just for experts: we all have a responsibility to keep our devices protected. And applying the July 2025 Patch Tuesday patches is the first step.

Tag:

Cybersecurity vulnerability Patch Management

How to Keep Your Phone Safe Even Without Updates

Artículo Anterior

Phases of Pentesting: How to secure your systems step by step?

Siguiente Artículo
  • There are no suggestions because the search field is empty.

Categories

Most read articles

Adrian León 05/30/2025 Cybersecurity, cyberattack
Top 10 Dark Web Markets
Alexander Chapellin 04/30/2025 Cybersecurity, cyberattack
Top 10 Telegram Groups and Channels on the Dark Web
Alexander Chapellin 04/30/2025 Cybersecurity, cyberattack
Top 10 Browsers for Accessing the Dark Web with Anonymity
Jonathan Montoya 05/22/2025 Cybersecurity, cyberattack
Top 10 Deep Web and Dark Web Forums

Artículos Relacionados

Cybersecurity, malware, Patch Management
Gustavo Sánchez 07/08/2025

How to Keep Your Phone Safe Even Without Updates

Is your cell phone no longer receiving security updates? Don't worry, you're not alone. It happens

Leer más
vulnerability, Patch Management, TecnetProtect Backup
Gustavo Sánchez 06/12/2025

Relationship between Vulnerability Management and Patch Management

Did You Know That Many Security Breaches Start with a Simple Oversight? An unpatched system, a

Leer más
Cybersecurity, cyberattack, Microsoft, Patch Management
Eduardo Morales 06/10/2025

June 2025 Patch Tuesday: Microsoft Fixes 66 Vulnerabilities

Today is Patch Tuesday, and like every second tuesday of the month, Microsoft rolls out a new round

Leer más