Contact us
En
Русский English
Services Company Blog
En
Русский English
MS Patch Tuesday

Analysis of Microsoft Patch Tuesday updates - July 2025

Executive Summary

On Tuesday, July 08, 2025, Microsoft released its monthly security patch addressing 130 vulnerabilities across its products.

By severity:

  • Important - 116;
  • Critical - 12;
  • Low - 1;
  • Moderate - 1.

Exploited (Zero-Days) and Publicly Disclosed Vulnerabilities

Special attention should be paid to the following vulnerability. Fixing it is the highest priority:

  • CVE-2025-49719 (CVSS 7.5; Important) - Microsoft SQL Server Information Disclosure Vulnerability (Information Disclosure). A vulnerability in Microsoft SQL Server related to improper input validation allows an unauthenticated attacker to disclose sensitive information over the network. Successful exploitation may lead to data leakage, including credentials, database structure, or other sensitive details. The vulnerability has been publicly disclosed, increasing the risk of active exploitation.

Microsoft’s July 2025 Patch Tuesday includes fixes for 130 vulnerabilities, which is significantly higher than the number addressed in June (66). This month is characterized by an especially large update that requires increased attention from IT administrators and cybersecurity professionals. Key trends observed this month include:

  • Mass patching of RRAS RCEs: The most notable feature of this update is a large... in this service and requires immediate patch deployment.
  • High concentration of elevation-of-privilege vulnerabilities (EoP): A significant number of fixes are focused on privilege escalation issues in various Windows components. This indicates ongoing efforts... to strengthen the security of the Windows kernel and related components.
  • Critical vulnerabilities in key products: This month, critical vulnerabilities were found across a wide range of Microsoft products, including SPNEGO, Office, SharePoint, Hyper-V, and SQL Server. This highlights the need for a comprehensive approach to vulnerability management.
  • Publicly disclosed SQL Server vulnerability: The presence of a publicly disclosed vulnerability (CVE-2025-49719) in Microsoft SQL Server significantly increases the risk of exploitation. Attackers can quickly develop exploits for this vulnerability, so applying the fix should be prioritized.
  • BitLocker security feature bypass vulnerabilities: The discovery of security feature bypass vulnerabilities in BitLocker raises concerns about the integrity of disk encryption. Although these vulnerabilities are not critical, they should be considered as part of risk assessments.

Full List of Vulnerabilities

Below is a table of all vulnerabilities fixed this month.

CVETitleTypeCVSSSeverityExploitedPublicly Disclosed
CVE-2025-49719Microsoft SQL Server Information Disclosure VulnerabilityInformation Disclosure7.5ImportantNoYes
CVE-2025-47981SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution VulnerabilityRemote Code Execution9.8CriticalNoNo
CVE-2025-47986Universal Print Management Service Elevation of Privilege VulnerabilityElevation of Privilege8.8ImportantNoNo
CVE-2025-47998Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-48817Remote Desktop Client Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-48824Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-49657Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-49663Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-49668Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-49669Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-49670Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-49672Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-49673Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-49674Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-49676Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-49687Windows Input Method Editor (IME) Elevation of Privilege VulnerabilityElevation of Privilege8.8ImportantNoNo
CVE-2025-49688Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-49691Windows Miracast Wireless Display Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-49701Microsoft SharePoint Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-49704Microsoft SharePoint Remote Code Execution VulnerabilityRemote Code Execution8.8CriticalNoNo
CVE-2025-49713Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-49723Windows StateRepository API Server file Tampering VulnerabilityTampering8.8ImportantNoNo
CVE-2025-49724Windows Connected Devices Platform Service Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-49729Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-49739Visual Studio Elevation of Privilege VulnerabilityElevation of Privilege8.8ImportantNoNo
CVE-2025-49740Windows SmartScreen Security Feature Bypass VulnerabilitySecurity Feature Bypass8.8ImportantNoNo
CVE-2025-49753Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-48822Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution VulnerabilityRemote Code Execution8.6CriticalNoNo
CVE-2025-49717Microsoft SQL Server Remote Code Execution VulnerabilityRemote Code Execution8.5CriticalNoNo
CVE-2025-49695Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution8.4CriticalNoNo
CVE-2025-49696Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution8.4CriticalNoNo
CVE-2025-49697Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution8.4CriticalNoNo
CVE-2025-33054Remote Desktop Spoofing VulnerabilitySpoofing8.1ImportantNoNo
CVE-2025-49735Windows KDC Proxy Service (KPSSVC) Remote Code Execution VulnerabilityRemote Code Execution8.1CriticalNoNo
CVE-2025-47178Microsoft Configuration Manager Remote Code Execution VulnerabilityRemote Code Execution8.0ImportantNoNo
CVE-2025-47972Windows Input Method Editor (IME) Elevation of Privilege VulnerabilityElevation of Privilege8.0ImportantNoNo
CVE-2025-47159Windows Virtualization-Based Security (VBS) Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-47971Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-47973Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-47976Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-47982Windows Storage VSP Driver Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-47985Windows Event Tracing Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-47987Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-47991Windows Input Method Editor (IME) Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-47993Microsoft PC Manager Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-47994Microsoft Office Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-47996Windows MBT Transport Driver Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-48000Windows Connected Devices Platform Service Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-48799Windows Update Service Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-48805Microsoft MPEG-2 Video Extension Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-48806Microsoft MPEG-2 Video Extension Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-48815Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-48816HID Class Driver Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-48820Windows AppX Deployment Service Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49659Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49660Windows Event Tracing Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49661Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49665Workspace Broker Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49667Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49675Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49679Windows Shell Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49683Microsoft Virtual Hard Disk Remote Code Execution VulnerabilityDenial of Service7.8LowNoNo
CVE-2025-49686Windows TCP/IP Driver Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49689Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49693Microsoft Brokering File System Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49694Microsoft Brokering File System Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49698Microsoft Word Remote Code Execution VulnerabilityRemote Code Execution7.8CriticalNoNo
CVE-2025-49700Microsoft Word Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-49702Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution7.8CriticalNoNo
CVE-2025-49703Microsoft Word Remote Code Execution VulnerabilityRemote Code Execution7.8CriticalNoNo
CVE-2025-49705Microsoft PowerPoint Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-49711Microsoft Excel Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-49714Visual Studio Code Python Extension Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-49721Windows Fast FAT File System Driver Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49725Windows Notification Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49726Windows Notification Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49730Microsoft Windows QoS Scheduler Driver Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49732Windows Graphics Component Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49733Win32k Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49738Microsoft PC Manager Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-49742Windows Graphics Component Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-47984Windows GDI Information Disclosure VulnerabilityInformation Disclosure7.5ImportantNoNo
CVE-2025-47988Azure Monitor Agent Remote Code Execution VulnerabilityRemote Code Execution7.5ImportantNoNo
CVE-2025-48814Remote Desktop Licensing Service Security Feature Bypass VulnerabilitySecurity Feature Bypass7.5ImportantNoNo
CVE-2025-49718Microsoft SQL Server Information Disclosure VulnerabilityInformation Disclosure7.5ImportantNoNo
CVE-2025-49690Capability Access Management Service (camsvc) Elevation of Privilege VulnerabilityElevation of Privilege7.4ImportantNoNo
CVE-2025-49741Microsoft Edge (Chromium-based) Information Disclosure VulnerabilityInformation Disclosure7.4ImportantNoNo
CVE-2025-49680Windows Performance Recorder (WPR) Denial of Service VulnerabilityDenial of Service7.3ImportantNoNo
CVE-2025-49682Windows Media Elevation of Privilege VulnerabilityElevation of Privilege7.3ImportantNoNo
CVE-2025-49666Windows Server Setup and Boot Event Collection Remote Code Execution VulnerabilityRemote Code Execution7.2ImportantNoNo
CVE-2025-48819Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege VulnerabilityElevation of Privilege7.1ImportantNoNo
CVE-2025-48821Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege VulnerabilityElevation of Privilege7.1ImportantNoNo
CVE-2025-47975Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege VulnerabilityElevation of Privilege7.0ImportantNoNo
CVE-2025-49677Microsoft Brokering File System Elevation of Privilege VulnerabilityElevation of Privilege7.0ImportantNoNo
CVE-2025-49678NTFS Elevation of Privilege VulnerabilityElevation of Privilege7.0ImportantNoNo
CVE-2025-49685Windows Search Service Elevation of Privilege VulnerabilityElevation of Privilege7.0ImportantNoNo
CVE-2025-49699Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution7.0ImportantNoNo
CVE-2025-49727Win32k Elevation of Privilege VulnerabilityElevation of Privilege7.0ImportantNoNo
CVE-2025-49737Microsoft Teams Elevation of Privilege VulnerabilityElevation of Privilege7.0ImportantNoNo
CVE-2025-49744Windows Graphics Component Elevation of Privilege VulnerabilityElevation of Privilege7.0ImportantNoNo
CVE-2025-47999Windows Hyper-V Denial of Service VulnerabilityDenial of Service6.8ImportantNoNo
CVE-2025-48001BitLocker Security Feature Bypass VulnerabilitySecurity Feature Bypass6.8ImportantNoNo
CVE-2025-48003BitLocker Security Feature Bypass VulnerabilitySecurity Feature Bypass6.8ImportantNoNo
CVE-2025-48800BitLocker Security Feature Bypass VulnerabilitySecurity Feature Bypass6.8ImportantNoNo
CVE-2025-48804BitLocker Security Feature Bypass VulnerabilitySecurity Feature Bypass6.8ImportantNoNo
CVE-2025-48818BitLocker Security Feature Bypass VulnerabilitySecurity Feature Bypass6.8ImportantNoNo
CVE-2025-48803Windows Virtualization-Based Security (VBS) Elevation of Privilege VulnerabilityElevation of Privilege6.7ImportantNoNo
CVE-2025-48811Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege VulnerabilityElevation of Privilege6.7ImportantNoNo
CVE-2025-47978Windows Kerberos Denial of Service VulnerabilityDenial of Service6.5ImportantNoNo
CVE-2025-48802Windows SMB Server Spoofing VulnerabilitySpoofing6.5ImportantNoNo
CVE-2025-49671Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityInformation Disclosure6.5ImportantNoNo
CVE-2025-49681Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityInformation Disclosure6.5ImportantNoNo
CVE-2025-49706Microsoft SharePoint Server Spoofing VulnerabilitySpoofing6.3ImportantNoNo
CVE-2025-47980Windows Imaging Component Information Disclosure VulnerabilityInformation Disclosure6.2CriticalNoNo
CVE-2025-21195Azure Service Fabric Runtime Elevation of Privilege VulnerabilityElevation of Privilege6.0ImportantNoNo
CVE-2025-48823Windows Cryptographic Services Information Disclosure VulnerabilityInformation Disclosure5.9ImportantNoNo
CVE-2025-49716Windows Netlogon Denial of Service VulnerabilityDenial of Service5.9ImportantNoNo
CVE-2025-48002Windows Hyper-V Information Disclosure VulnerabilityInformation Disclosure5.7ImportantNoNo
CVE-2025-49722Windows Print Spooler Denial of Service VulnerabilityDenial of Service5.7ImportantNoNo
CVE-2025-26636Windows Kernel Information Disclosure VulnerabilityInformation Disclosure5.5ImportantNoNo
CVE-2025-48808Windows Kernel Information Disclosure VulnerabilityInformation Disclosure5.5ImportantNoNo
CVE-2025-48809Windows Secure Kernel Mode Information Disclosure VulnerabilityInformation Disclosure5.5ImportantNoNo
CVE-2025-48810Windows Secure Kernel Mode Information Disclosure VulnerabilityInformation Disclosure5.5ImportantNoNo
CVE-2025-48812Microsoft Excel Information Disclosure VulnerabilityInformation Disclosure5.5ImportantNoNo
CVE-2025-49658Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure VulnerabilityInformation Disclosure5.5ImportantNoNo
CVE-2025-49664Windows User-Mode Driver Framework Host Information Disclosure VulnerabilityInformation Disclosure5.5ImportantNoNo
CVE-2025-49684Windows Storage Port Driver Information Disclosure VulnerabilityInformation Disclosure5.5ImportantNoNo
CVE-2025-49760Windows Storage Spoofing VulnerabilitySpoofing3.5ModerateNoNo
CVE-2025-49756Office Developer Platform Security Feature Bypass VulnerabilitySecurity Feature Bypass3.3ImportantNoNo
CVE-2025-49731Microsoft Teams Elevation of Privilege VulnerabilityElevation of Privilege3.1ImportantNoNo

Conclusion

Microsoft’s July Patch Tuesday is one of the largest updates in recent times, covering 130 vulnerabilities. This volume requires IT administrators to plan carefully and deploy updates promptly. Priority should be given to immediately installing patches for critical vulnerabilities, especially CVE-2025-47981 (SPNEGO, RCE) and the publicly disclosed CVE-2025-49719 (SQL Server, Information Disclosure). Vulnerabilities in the Windows Routing and Remote Access Service (RRAS) also demand top priority due to their high number and potentially serious impact. It is recommended to prioritize updates for Office, SharePoint, SQL Server and Hyper-V, given their critical role in corporate infrastructure and the high likelihood of exploitation. You should not overlook the need to update BitLocker to eliminate security feature bypass vulnerabilities. With the continuously growing number of vulnerabilities, timely patching and proactive vulnerability management remain key elements of a cybersecurity strategy. Delaying updates creates an unjustified risk to infrastructure security.

Paranoid Security How Attackers Abuse Signed Drivers to Take Over Infrastructure. Using BYOVD to Bypass PPL Protection Mechanisms in Windows. February 5
Vulnerability Research How Attackers Abuse Signed Drivers to Take Over Infrastructure. Using BYOVD to Bypass PPL Protection Mechanisms in Windows.
Paranoid Security Microsoft Patch Tuesday Analysis – January 2026 January 13
MS Patch Tuesday Microsoft Patch Tuesday Analysis – January 2026
Paranoid Security FortiOS 8.0 firmware analysis & rootfs decryption January 12
FortiOS 8.0 firmware analysis & rootfs decryption