Microsoft Patch Tuesday, July 2025
Today, Microsoft released patches for 130 Microsoft vulnerabilities and 9 additional vulnerabilities not part of Microsoft's portfolio but distributed by Microsoft. 14 of these are rated critical. Only one of the vulnerabilities was disclosed before being patched, and none of the vulnerabilities have so far been exploited.
Noteworthy Vulnerabilities:
CVE-2025-49695 and CVE-2025-49696: Both vulnerabilities affect Microsoft Office, are rated critical, and are considered "more likely" to be exploited by Microsoft. These issues do not require user interaction, so the user does not need to open a document. The exploit could be triggered via the preview pane. Macs are affected as well, but a patch is currently only available for Windows.
CVE-2025-49719: This vulnerability has already been made public. It does allow for information disclosure on a Microsoft SQL Server. To patch, you must patch the OLE DB Driver.
CVE-2025-49717: Exploitation is considered less likely for this vulnerability. But if exploited, it would allow code execution via a Microsoft SQL Server. Take this as additional motivation not to expose SQL servers.
CVE-2025-49704: I consider this vulnerability interesting as it appears to allow command/code injection in SharePoint. However, an attacker has to be authenticated to take advantage of this vulnerability.
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue | |||||||
| CVE-2025-36350 | No | No | - | Less Likely | Critical | 5.6 | 4.9 |
| AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue | |||||||
| CVE-2025-36357 | No | No | - | Less Likely | Critical | 5.6 | 4.9 |
| Azure Monitor Agent Remote Code Execution Vulnerability | |||||||
| CVE-2025-47988 | No | No | - | Less Likely | Important | 7.5 | 6.5 |
| Azure Service Fabric Runtime Elevation of Privilege Vulnerability | |||||||
| CVE-2025-21195 | No | No | - | Less Likely | Important | 6.0 | 5.2 |
| BitLocker Security Feature Bypass Vulnerability | |||||||
| CVE-2025-48001 | No | No | - | More Likely | Important | 6.8 | 5.9 |
| CVE-2025-48003 | No | No | - | Less Likely | Important | 6.8 | 5.9 |
| CVE-2025-48800 | No | No | - | More Likely | Important | 6.8 | 5.9 |
| CVE-2025-48818 | No | No | - | More Likely | Important | 6.8 | 5.9 |
| CVE-2025-48804 | No | No | - | More Likely | Important | 6.8 | 5.9 |
| Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49690 | No | No | - | Less Likely | Important | 7.4 | 6.4 |
| Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | |||||||
| CVE-2025-47987 | No | No | - | More Likely | Important | 7.8 | 6.8 |
| HID Class Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-48816 | No | No | - | Unlikely | Important | 7.8 | 6.8 |
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49675 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| MITRE: CVE-2025-27613 Gitk Arguments Vulnerability | |||||||
| CVE-2025-27613 | No | No | - | - | - | ||
| MITRE: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability | |||||||
| CVE-2025-27614 | No | No | - | - | - | ||
| MITRE: CVE-2025-46334 Git Malicious Shell Vulnerability | |||||||
| CVE-2025-46334 | No | No | - | - | - | ||
| MITRE: CVE-2025-46835 Git File Overwrite Vulnerability | |||||||
| CVE-2025-46835 | No | No | - | - | - | ||
| MITRE: CVE-2025-48384 Git Symlink Vulnerability | |||||||
| CVE-2025-48384 | No | No | - | - | - | ||
| MITRE: CVE-2025-48385 Git Protocol Injection Vulnerability | |||||||
| CVE-2025-48385 | No | No | - | - | - | ||
| MITRE: CVE-2025-48386 Git Credential Helper Vulnerability | |||||||
| CVE-2025-48386 | No | No | - | - | - | ||
| Microsoft Brokering File System Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49677 | No | No | - | Less Likely | Important | 7.0 | 6.1 |
| CVE-2025-49694 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| CVE-2025-49693 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Configuration Manager Remote Code Execution Vulnerability | |||||||
| CVE-2025-47178 | No | No | - | Unlikely | Important | 8.0 | 7.0 |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||||
| CVE-2025-49741 | No | No | Less Likely | Less Likely | Important | 7.4 | 6.4 |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||||
| CVE-2025-49713 | No | No | - | Unlikely | Important | 8.8 | 7.7 |
| Microsoft Excel Information Disclosure Vulnerability | |||||||
| CVE-2025-48812 | No | No | - | Unlikely | Important | 5.5 | 4.8 |
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2025-49711 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | |||||||
| CVE-2025-48805 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| CVE-2025-48806 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Office Elevation of Privilege Vulnerability | |||||||
| CVE-2025-47994 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Office Remote Code Execution Vulnerability | |||||||
| CVE-2025-49695 | No | No | - | More Likely | Critical | 8.4 | 7.3 |
| CVE-2025-49696 | No | No | - | More Likely | Critical | 8.4 | 7.3 |
| CVE-2025-49697 | No | No | - | Less Likely | Critical | 8.4 | 7.3 |
| CVE-2025-49699 | No | No | - | Less Likely | Important | 7.0 | 6.1 |
| CVE-2025-49702 | No | No | - | Less Likely | Critical | 7.8 | 6.8 |
| Microsoft PC Manager Elevation of Privilege Vulnerability | |||||||
| CVE-2025-47993 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| CVE-2025-49738 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Microsoft PowerPoint Remote Code Execution Vulnerability | |||||||
| CVE-2025-49705 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Microsoft SQL Server Information Disclosure Vulnerability | |||||||
| CVE-2025-49719 | Yes | No | - | Less Likely | Important | 7.5 | 6.5 |
| CVE-2025-49718 | No | No | - | More Likely | Important | 7.5 | 6.5 |
| Microsoft SQL Server Remote Code Execution Vulnerability | |||||||
| CVE-2025-49717 | No | No | - | Unlikely | Critical | 8.5 | 7.4 |
| Microsoft SharePoint Remote Code Execution Vulnerability | |||||||
| CVE-2025-49701 | No | No | - | More Likely | Important | 8.8 | 7.7 |
| CVE-2025-49704 | No | No | - | More Likely | Critical | 8.8 | 7.7 |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||||
| CVE-2025-49706 | No | No | - | Less Likely | Important | 6.3 | 5.5 |
| Microsoft Teams Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49731 | No | No | - | Less Likely | Important | 3.1 | 2.7 |
| CVE-2025-49737 | No | No | - | Less Likely | Important | 7.0 | 6.1 |
| Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | |||||||
| CVE-2025-47971 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| CVE-2025-49689 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| CVE-2025-47973 | No | No | - | Unlikely | Important | 7.8 | 6.8 |
| Microsoft Virtual Hard Disk Remote Code Execution Vulnerability | |||||||
| CVE-2025-49683 | No | No | - | Unlikely | Important | 7.8 | 6.8 |
| Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49730 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Word Remote Code Execution Vulnerability | |||||||
| CVE-2025-49700 | No | No | - | Unlikely | Important | 7.8 | 6.8 |
| CVE-2025-49703 | No | No | - | Less Likely | Critical | 7.8 | 6.8 |
| CVE-2025-49698 | No | No | - | Less Likely | Critical | 7.8 | 6.8 |
| NTFS Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49678 | No | No | - | Unlikely | Important | 7.0 | 6.1 |
| Office Developer Platform Security Feature Bypass Vulnerability | |||||||
| CVE-2025-49756 | No | No | - | Less Likely | Important | 3.3 | 2.9 |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||||
| CVE-2025-48817 | No | No | - | Less Likely | Important | 8.8 | 7.7 |
| Remote Desktop Licensing Service Security Feature Bypass Vulnerability | |||||||
| CVE-2025-48814 | No | No | - | Less Likely | Important | 7.5 | 6.5 |
| Remote Desktop Spoofing Vulnerability | |||||||
| CVE-2025-33054 | No | No | - | Less Likely | Important | 8.1 | 7.1 |
| SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | |||||||
| CVE-2025-47981 | No | No | - | More Likely | Critical | 9.8 | 8.5 |
| Universal Print Management Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-47986 | No | No | - | Unlikely | Important | 8.8 | 7.7 |
| Visual Studio Code Python Extension Remote Code Execution Vulnerability | |||||||
| CVE-2025-49714 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Visual Studio Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49739 | No | No | - | Less Likely | Important | 8.8 | 7.7 |
| Win32k Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49727 | No | No | - | More Likely | Important | 7.0 | 6.1 |
| CVE-2025-49733 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49661 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Windows AppX Deployment Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-48820 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-48000 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Windows Connected Devices Platform Service Remote Code Execution Vulnerability | |||||||
| CVE-2025-49724 | No | No | - | More Likely | Important | 8.8 | 7.7 |
| Windows Cryptographic Services Information Disclosure Vulnerability | |||||||
| CVE-2025-48823 | No | No | - | Less Likely | Important | 5.9 | 5.2 |
| Windows Event Tracing Elevation of Privilege Vulnerability | |||||||
| CVE-2025-47985 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| CVE-2025-49660 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49721 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Windows GDI Information Disclosure Vulnerability | |||||||
| CVE-2025-47984 | No | No | - | Less Likely | Important | 7.5 | 6.5 |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49732 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| CVE-2025-49744 | No | No | - | More Likely | Important | 7.0 | 6.1 |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||||
| CVE-2025-49742 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Windows Hyper-V Denial of Service Vulnerability | |||||||
| CVE-2025-47999 | No | No | - | Less Likely | Important | 6.8 | 5.9 |
| Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability | |||||||
| CVE-2025-48822 | No | No | - | Less Likely | Critical | 8.6 | 7.5 |
| Windows Hyper-V Information Disclosure Vulnerability | |||||||
| CVE-2025-48002 | No | No | - | Less Likely | Important | 5.7 | 5.0 |
| Windows Imaging Component Information Disclosure Vulnerability | |||||||
| CVE-2025-47980 | No | No | - | Less Likely | Critical | 6.2 | 5.4 |
| Windows Input Method Editor (IME) Elevation of Privilege Vulnerability | |||||||
| CVE-2025-47972 | No | No | - | Unlikely | Important | 8.0 | 7.0 |
| CVE-2025-49687 | No | No | - | Less Likely | Important | 8.8 | 7.7 |
| CVE-2025-47991 | No | No | - | Unlikely | Important | 7.8 | 6.8 |
| Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability | |||||||
| CVE-2025-49735 | No | No | - | More Likely | Critical | 8.1 | 7.1 |
| Windows Kerberos Denial of Service Vulnerability | |||||||
| CVE-2025-47978 | No | No | - | More Likely | Important | 6.5 | 5.7 |
| Windows Kernel Information Disclosure Vulnerability | |||||||
| CVE-2025-26636 | No | No | - | Less Likely | Important | 5.5 | 4.8 |
| CVE-2025-48808 | No | No | - | Unlikely | Important | 5.5 | 4.8 |
| Windows MBT Transport Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-47996 | No | No | - | Unlikely | Important | 7.8 | 6.8 |
| Windows Media Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49682 | No | No | - | Less Likely | Important | 7.3 | 6.4 |
| Windows Miracast Wireless Display Remote Code Execution Vulnerability | |||||||
| CVE-2025-49691 | No | No | - | Less Likely | Important | 8.0 | 7.0 |
| Windows Netlogon Denial of Service Vulnerability | |||||||
| CVE-2025-49716 | No | No | - | Unlikely | Important | 5.9 | 5.2 |
| Windows Notification Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49726 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| CVE-2025-49725 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Windows Performance Recorder (WPR) Denial of Service Vulnerability | |||||||
| CVE-2025-49680 | No | No | - | Less Likely | Important | 7.3 | 6.4 |
| Windows Print Spooler Denial of Service Vulnerability | |||||||
| CVE-2025-49722 | No | No | - | Less Likely | Important | 5.7 | 5.0 |
| Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | |||||||
| CVE-2025-49671 | No | No | - | Unlikely | Important | 6.5 | 5.7 |
| CVE-2025-49681 | No | No | - | Unlikely | Important | 6.5 | 5.7 |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||||
| CVE-2025-48824 | No | No | - | Unlikely | Important | 8.8 | 7.7 |
| CVE-2025-49657 | No | No | - | Unlikely | Important | 8.8 | 7.7 |
| CVE-2025-49670 | No | No | - | Unlikely | Important | 8.8 | 7.7 |
| CVE-2025-49672 | No | No | - | Unlikely | Important | 8.8 | 7.7 |
| CVE-2025-49674 | No | No | - | Unlikely | Important | 8.8 | 7.7 |
| CVE-2025-49676 | No | No | - | Unlikely | Important | 8.8 | 7.7 |
| CVE-2025-49688 | No | No | - | Unlikely | Important | 8.8 | 7.7 |
| CVE-2025-49753 | No | No | - | Unlikely | Important | 8.8 | 7.7 |
| CVE-2025-47998 | No | No | - | Unlikely | Important | 8.8 | 7.7 |
| CVE-2025-49663 | No | No | - | Unlikely | Important | 8.8 | 7.7 |
| CVE-2025-49668 | No | No | - | Unlikely | Important | 8.8 | 7.7 |
| CVE-2025-49669 | No | No | - | Unlikely | Important | 8.8 | 7.7 |
| CVE-2025-49673 | No | No | - | Unlikely | Important | 8.8 | 7.7 |
| CVE-2025-49729 | No | No | - | Unlikely | Important | 8.8 | 7.7 |
| Windows SMB Server Spoofing Vulnerability | |||||||
| CVE-2025-48802 | No | No | - | Less Likely | Important | 6.5 | 5.7 |
| Windows Search Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49685 | No | No | - | Less Likely | Important | 7.0 | 6.1 |
| Windows Secure Kernel Mode Information Disclosure Vulnerability | |||||||
| CVE-2025-48809 | No | No | - | Less Likely | Important | 5.5 | 4.8 |
| CVE-2025-48810 | No | No | - | Less Likely | Important | 5.5 | 4.8 |
| Windows Server Setup and Boot Event Collection Remote Code Execution Vulnerability | |||||||
| CVE-2025-49666 | No | No | - | Unlikely | Important | 7.2 | 6.3 |
| Windows Shell Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49679 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-47976 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| CVE-2025-47975 | No | No | - | Less Likely | Important | 7.0 | 6.1 |
| CVE-2025-48815 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Windows SmartScreen Security Feature Bypass Vulnerability | |||||||
| CVE-2025-49740 | No | No | - | Less Likely | Important | 8.8 | 7.7 |
| Windows StateRepository API Server file Tampering Vulnerability | |||||||
| CVE-2025-49723 | No | No | - | Less Likely | Important | 8.8 | 7.7 |
| Windows Storage Port Driver Information Disclosure Vulnerability | |||||||
| CVE-2025-49684 | No | No | - | Less Likely | Important | 5.5 | 4.8 |
| Windows Storage Spoofing Vulnerability | |||||||
| CVE-2025-49760 | No | No | - | Less Likely | Moderate | 3.5 | 3.1 |
| Windows Storage VSP Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-47982 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Windows TCP/IP Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49686 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49659 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability | |||||||
| CVE-2025-49658 | No | No | - | Less Likely | Important | 5.5 | 4.8 |
| Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability | |||||||
| CVE-2025-48819 | No | No | - | Less Likely | Important | 7.1 | 6.2 |
| CVE-2025-48821 | No | No | - | Less Likely | Important | 7.1 | 6.2 |
| Windows Update Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-48799 | No | No | - | More Likely | Important | 7.8 | 6.8 |
| Windows User-Mode Driver Framework Host Information Disclosure Vulnerability | |||||||
| CVE-2025-49664 | No | No | - | Less Likely | Important | 5.5 | 4.8 |
| Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability | |||||||
| CVE-2025-47159 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| CVE-2025-48803 | No | No | - | Less Likely | Important | 6.7 | 5.8 |
| Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | |||||||
| CVE-2025-48811 | No | No | - | Less Likely | Important | 6.7 | 5.8 |
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49667 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
| Workspace Broker Elevation of Privilege Vulnerability | |||||||
| CVE-2025-49665 | No | No | - | Less Likely | Important | 7.8 | 6.8 |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
ISC Stormcast For Tuesday, July 8th, 2025 https://isc.sans.edu/podcastdetail/9516
×
![modal content]()
Diary Archives
Comments