Today is Patch Tuesday for July 2025, and as it does every month, Microsoft has released new security updates, this time to fix 137 different bugs, including a zero-day vulnerability that was already public and affected Microsoft SQL Server.
In addition, this update package includes 14 flaws classified as “critical.” Ten of them allow an attacker to remotely execute malicious code, one exposes sensitive information, and two others are related to vulnerabilities in AMD processors that could be used to spy on what is happening on your computer.
In summary, this is what Microsoft has fixed this month:
53 privilege escalation flaws (when someone without permissions can take control of the system)
8 flaws that allow security features to be bypassed
41 remote code execution errors (among the most dangerous)
18 information leakage vulnerabilities
6 flaws that can cause system crashes or freezes
4 impersonation vulnerabilities
And that's not all: these figures do not include four fixes in Mariner (Microsoft's container system) or three security patches for Microsoft Edge that were already released earlier this month.
This Patch Tuesday came with some important fixes, including a zero-day that was already public and affected Microsoft SQL Server. In this case, the vulnerability in question is:
This flaw could allow a remote attacker (without needing to log in or have access to the system) to obtain sensitive data from the server's memory. In Microsoft's words, the problem is due to poor input validation in SQL Server, which opens the door to information leaks over the network.
To fix it, administrators must update to the latest version of Microsoft SQL Server and ensure that OLE DB driver 18 or 19 is installed.
The discovery of this flaw was credited to Vladimir Aleksic, a Microsoft researcher, although no details have been shared about how it was made public.
Read more: What is Third-Party Patch Management?
Here is the complete list of bugs that Microsoft fixed with Tuesday's security updates, corresponding to July 2025.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| AMD L1 Data Queue | CVE-2025-36357 | AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue | Critical |
| AMD Store Queue | CVE-2025-36350 | AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue | Critical |
| Azure Monitor Agent | CVE-2025-47988 | Azure Monitor Agent Remote Code Execution Vulnerability | Important |
| Capability Access Management Service (camsvc) | CVE-2025-49690 | Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability | Important |
| HID class driver | CVE-2025-48816 | HID Class Driver Elevation of Privilege Vulnerability | Important |
| Kernel Streaming WOW Thunk Service Driver | CVE-2025-49675 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-49677 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-49694 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-49693 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Configuration Manager | CVE-2025-47178 | Microsoft Configuration Manager Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-49732 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-49742 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-49744 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Input Method Editor (IME) | CVE-2025-49687 | Windows Input Method Editor (IME) Elevation of Privilege Vulnerability | Important |
| Microsoft Input Method Editor (IME) | CVE-2025-47991 | Windows Input Method Editor (IME) Elevation of Privilege Vulnerability | Important |
| Microsoft Input Method Editor (IME) | CVE-2025-47972 | Windows Input Method Editor (IME) Elevation of Privilege Vulnerability | Important |
| Microsoft MPEG-2 Video Extension | CVE-2025-48806 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | Important |
| Microsoft MPEG-2 Video Extension | CVE-2025-48805 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-47994 | Microsoft Office Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2025-49697 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-49695 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-49696 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-49699 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-49702 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Excel | CVE-2025-48812 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-49711 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office PowerPoint | CVE-2025-49705 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-49701 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-49704 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2025-49706 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2025-49703 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office Word | CVE-2025-49698 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office Word | CVE-2025-49700 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft PC Manager | CVE-2025-47993 | Microsoft PC Manager Elevation of Privilege Vulnerability | Important |
| Microsoft PC Manager | CVE-2025-49738 | Microsoft PC Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Teams | CVE-2025-49731 | Microsoft Teams Elevation of Privilege Vulnerability | Important |
| Microsoft Teams | CVE-2025-49737 | Microsoft Teams Elevation of Privilege Vulnerability | Important |
| Microsoft Windows QoS scheduler | CVE-2025-49730 | Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Windows Search Component | CVE-2025-49685 | Windows Search Service Elevation of Privilege Vulnerability | Important |
| Office Developer Platform | CVE-2025-49756 | Office Developer Platform Security Feature Bypass Vulnerability | Important |
| Remote Desktop Client | CVE-2025-48817 | Remote Desktop Client Remote Code Execution Vulnerability | Important |
| Remote Desktop Client | CVE-2025-33054 | Remote Desktop Spoofing Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-48822 | Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability | Critical |
| Role: Windows Hyper-V | CVE-2025-47999 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-48002 | Windows Hyper-V Information Disclosure Vulnerability | Important |
| Service Fabric | CVE-2025-21195 | Azure Service Fabric Runtime Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2025-49719 | Microsoft SQL Server Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2025-49718 | Microsoft SQL Server Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2025-49717 | Microsoft SQL Server Remote Code Execution Vulnerability | Critical |
| Storage Port Driver | CVE-2025-49684 | Windows Storage Port Driver Information Disclosure Vulnerability | Important |
| Universal Print Management Service | CVE-2025-47986 | Universal Print Management Service Elevation of Privilege Vulnerability | Important |
| Virtual Hard Disk (VHDX) | CVE-2025-47971 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important |
| Virtual Hard Disk (VHDX) | CVE-2025-49689 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important |
| Virtual Hard Disk (VHDX) | CVE-2025-49683 | Microsoft Virtual Hard Disk Remote Code Execution Vulnerability | Low |
| Virtual Hard Disk (VHDX) | CVE-2025-47973 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2025-49739 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2025-27614 | MITRE: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability | Unknown |
| Visual Studio | CVE-2025-27613 | MITRE: CVE-2025-27613 Gitk Arguments Vulnerability | Unknown |
| Visual Studio | CVE-2025-46334 | MITRE: CVE-2025-46334 Git Malicious Shell Vulnerability | Unknown |
| Visual Studio | CVE-2025-46835 | MITRE: CVE-2025-46835 Git File Overwrite Vulnerability | Unknown |
| Visual Studio | CVE-2025-48384 | MITRE: CVE-2025-48384 Git Symlink Vulnerability | Unknown |
| Visual Studio | CVE-2025-48386 | MITRE: CVE-2025-48386 Git Credential Helper Vulnerability | Unknown |
| Visual Studio | CVE-2025-48385 | MITRE: CVE-2025-48385 Git Protocol Injection Vulnerability | Unknown |
| Visual Studio Code - Python extension | CVE-2025-49714 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-49661 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows AppX Deployment Service | CVE-2025-48820 | Windows AppX Deployment Service Elevation of Privilege Vulnerability | Important |
| Windows BitLocker | CVE-2025-48818 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows BitLocker | CVE-2025-48001 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows BitLocker | CVE-2025-48804 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows BitLocker | CVE-2025-48003 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows BitLocker | CVE-2025-48800 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows Connected Devices Platform Service | CVE-2025-48000 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| Windows Connected Devices Platform Service | CVE-2025-49724 | Windows Connected Devices Platform Service Remote Code Execution Vulnerability | Important |
| Windows Cred SSProvider Protocol | CVE-2025-47987 | Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2025-48823 | Windows Cryptographic Services Information Disclosure Vulnerability | Important |
| Windows Event Tracing | CVE-2025-47985 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2025-49660 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Fast FAT Driver | CVE-2025-49721 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | Important |
| Windows GDI | CVE-2025-47984 | Windows GDI Information Disclosure Vulnerability | Important |
| Windows Imaging Component | CVE-2025-47980 | Windows Imaging Component Information Disclosure Vulnerability | Critical |
| Windows KDC Proxy Service (KPSSVC) | CVE-2025-49735 | Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability | Critical |
| Windows Kerberos | CVE-2025-47978 | Windows Kerberos Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2025-49666 | Windows Server Setup and Boot Event Collection Remote Code Execution Vulnerability | Important |
| Windows Kernel | CVE-2025-26636 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2025-48809 | Windows Secure Kernel Mode Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2025-48808 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows MBT Transport driver | CVE-2025-47996 | Windows MBT Transport Driver Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2025-49682 | Windows Media Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2025-49691 | Windows Miracast Wireless Display Remote Code Execution Vulnerability | Important |
| Windows Netlogon | CVE-2025-49716 | Windows Netlogon Denial of Service Vulnerability | Important |
| Windows Notification | CVE-2025-49726 | Windows Notification Elevation of Privilege Vulnerability | Important |
| Windows Notification | CVE-2025-49725 | Windows Notification Elevation of Privilege Vulnerability | Important |
| Windows NTFS | CVE-2025-49678 | NTFS Elevation of Privilege Vulnerability | Important |
| Windows Performance Recorder | CVE-2025-49680 | Windows Performance Recorder (WPR) Denial of Service Vulnerability | Important |
| Windows Print Spooler Components | CVE-2025-49722 | Windows Print Spooler Denial of Service Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2025-48814 | Remote Desktop Licensing Service Security Feature Bypass Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49688 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49676 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49672 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49670 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49671 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49753 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49729 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49673 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49674 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49669 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49663 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49668 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49681 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49657 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-47998 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-48824 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Secure Kernel Mode | CVE-2025-48810 | Windows Secure Kernel Mode Information Disclosure Vulnerability | Important |
| Windows Shell | CVE-2025-49679 | Windows Shell Elevation of Privilege Vulnerability | Important |
| Windows SmartScreen | CVE-2025-49740 | Windows SmartScreen Security Feature Bypass Vulnerability | Important |
| Windows SMB | CVE-2025-48802 | Windows SMB Server Spoofing Vulnerability | Important |
| Windows SPNEGO Extended Negotiation | CVE-2025-47981 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | Critical |
| Windows SSDP Service | CVE-2025-47976 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Important |
| Windows SSDP Service | CVE-2025-47975 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Important |
| Windows SSDP Service | CVE-2025-48815 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Important |
| Windows StateRepository API | CVE-2025-49723 | Windows StateRepository API Server file Tampering Vulnerability | Important |
| Windows Storage | CVE-2025-49760 | Windows Storage Spoofing Vulnerability | Moderate |
| Windows Storage VSP Driver | CVE-2025-47982 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2025-49686 | Windows TCP/IP Driver Elevation of Privilege Vulnerability | Important |
| Windows TDX.sys | CVE-2025-49658 | Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability | Important |
| Windows TDX.sys | CVE-2025-49659 | Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability | Important |
| Windows Universal Plug and Play (UPnP) Device Host | CVE-2025-48821 | Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability | Important |
| Windows Universal Plug and Play (UPnP) Device Host | CVE-2025-48819 | Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability | Important |
| Windows Update Service | CVE-2025-48799 | Windows Update Service Elevation of Privilege Vulnerability | Important |
| Windows User-Mode Driver Framework Host | CVE-2025-49664 | Windows User-Mode Driver Framework Host Information Disclosure Vulnerability | Important |
| Windows Virtualization-Based Security (VBS) Enclave | CVE-2025-47159 | Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability | Important |
| Windows Virtualization-Based Security (VBS) Enclave | CVE-2025-48811 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Important |
| Windows Virtualization-Based Security (VBS) Enclave | CVE-2025-48803 | Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability | Important |
| Windows Win32K - GRFX | CVE-2025-49727 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K - ICOMP | CVE-2025-49733 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K - ICOMP | CVE-2025-49667 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
| Workspace Broker | CVE-2025-49665 | Workspace Broker Elevation of Privilege Vulnerability | Important |
Patch Tuesday in July 2025 stands out for the significant number of bugs fixed (137 in total) and, above all, for the presence of a zero-day vulnerability that was already being exploited by attackers.
Updating your operating system and applications is the most effective and easiest way to prevent cyberattacks. Whether you are an individual user or a business network administrator, don't miss out on these updates.
Cybersecurity is not just for experts: we all have a responsibility to keep our devices protected. And applying the July 2025 Patch Tuesday patches is the first step.