Microsoft has rolled out the Patch Tuesday updates for July 2025, ensuring the updates. This month’s update bundle is rather huge, addressing 137 different vulnerabilities across different products. Users with eligible devices should ensure keeping their systems up-to-date with the latest fixes to prevent potential threats.
One Zero-Day, Fourteen Critical Vulnerabilities Addressed
The most noteworthy security fixes with the July 2025 Patch Tuesday from Microsoft address ten critical severity vulnerabilities. Of these, nine vulnerabilities would allow remote code execution following an exploitation attempt, whereas one would result in information disclosure. Below is a quick breakdown of some of these issues.
- CVE-2025-49695, CVE-2025-49696, CVE-2025-49697 (critical severity; CVSS 8.4): These include a use-after-free flaw, an out-of-bounds read, and a heap-based buffer overflow, respectively, in Microsoft Office. All three affected the Microsoft Office Preview Pane, allowing an unauthorized attacker to execute code.
- CVE-2025-49702 (critical severity; CVSS 7.8): A type confusion vulnerability in Microsoft Office leading to remote code execution. An unauthorized attacker could exploit the flaw via the Preview Pane by tricking the target user into opening a maliciously crafted file.
- CVE-2025-47981 (critical severity; CVSS 9.8): A heap-based buffer overflow affecting the Windows SPNEGO Extended Negotiation. An unauthorized adversary could exploit the flaw by sending a malicious message to the target server, gaining remote code execution over the target network.
- CVE-2025-47980 (critical severity; CVSS 6.2): an information disclosure vulnerability in Windows Imaging Component. An unauthorized attacker could exploit this flaw to “access small portions of heap memory”.
Besides these, Microsoft also addressed a zero-day vulnerability with this update bundle. Identified as CVE-2025-49719 (important severity; CVSS 7.5), the vulnerability existed due to improper input validation in SQL Server, leading to information disclosure to an unauthorized adversary. Microsoft confirmed detecting active exploitation attempts for this flaw and urges users to update their SQL servers to the patched versions.
Other Noteworthy Fixes In July Patch Tuesday From Microsoft
Alongside these fixes, Microsoft also addressed 119 other important severity vulnerabilities, making this month’s update bundle crucial for Microsoft users’ devices. These include 5 denial of service vulnerabilities, 53 privilege escalation issues, 15 information disclosure, 33 remote code execution vulnerabilities, 8 security feature bypass issues, 4 spoofing vulnerabilities, and 1 tampering issue.
Of these, 24 vulnerabilities achieved a high CVSS score of 8.8. Some of these are quickly listed below.
- CVE-2025-47998, CVE-2025-48824, CVE-2025-49657, CVE-2025-49663, CVE-2025-49668, CVE-2025-49669, CVE-2025-49670, CVE-2025-49672, CVE-2025-49673, CVE-2025-49674, CVE-2025-49676, CVE-2025-49729, CVE-2025-49753: All these vulnerabilities existed in the Windows Routing and Remote Access Service (RRAS). Microsoft described all these vulnerabilities as heap-based buffer overflow that could let an unauthorized attacker execute code over the target network.
- CVE-2025-49681: An out-of-bounds read vulnerability in Windows RRAS, which would allow information disclosure to an unauthorized adversary if the victim user is tricked into connecting to a malicious server.
- CVE-2025-49688: A double-free vulnerability in Windows RRAS allows remote code execution. An unauthorized attacker could exploit the flaw by tricking the victim user into connecting to a malicious server set up by the attacker.
- CVE-2025-49740: A security feature bypass in Windows SmartScreen that would let an attacker escape Mark-of-the-Web (MoTW) security checks by tricking the victim into opening a maliciously crafted file.
- CVE-2025-49723: A tampering issue in the Windows StateRepository API that existed due to missing authorization. An authorized attacker with low privileges could exploit the flaw to gain elevated privileges, execute code, or access resources. However, the outcome of these elevated privileges, as Microsoft explained, would only allow deleting SYSTEM files, without allowing file viewing and modification.
Keep Your Systems Updated!
While Microsoft ensures automatic roll-out of all security updates to eligible devices, users should still check their systems manually for any updates pending installation. Particularly, enterprise users and organizations should ensure updating all devices on their networks to avoid potential threats due to outdated systems and unpatched vulnerabilities.
Let us know your thoughts in the comments.
