FREE TRIAL
Patch Tuesday

Microsoft Patch Tuesday – July 2025

9 min. read
08/07/2025
By Esben Dochy

Contents

Microsoft Patch Tuesday

⚡ TL;DR | Go Straight to the July 202Patch Tuesday Audit Report

Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The July 2025 edition of Patch Tuesday brings us 137 new fixes, with 14 rated as critical. We’ve listed the most important changes below.

Microsoft SQL Server Remote Code Execution Vulnerability

CVE-2025-49717, is a heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network. It has a CVSS base score of 8.5 but is “unlikely” to be exploited according to Microsoft.

The main reason that Microsoft most likely came to the unlikely exploitation is that the complexity to exploit the vulnerability is listed as high. It would require an attacker to take additional actions prior to exploitation to prepare the target environment.

On the vulenrability’s page, Microsoft has added additional guidance for GDR and/or CU (Cumulative Update) updates.

Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability

CVE-2025-49735 is a Remote Code Execution vulnerability in the Windows KDC Proxy Service. The Windows KDC Proxy Service enables Kerberos authentication to work over HTTPS, allowing remote clients to securely obtain tickets from a domain controller across network boundaries like firewalls.

Not all servers are vulnerable, there is a specific requirement. This vulnerability only affects Windows Servers that are configured as a [MS-KKDCP]: Kerberos Key Distribution Center (KDC) Proxy Protocol server. Domain controllers are not affected.

Microsoft SharePoint Remote Code Execution Vulnerability

The last highlight of this month is CVE-2025-49704, a RCE vulnerability in SharePoint with a CVSS base score of 8.8.

According to Microsoft exploitation is “more likely” and exploitation does not require admin or other elevated privileges, meaning the attack complexity is low.

Run the Patch Tuesday July 2025 Audit

To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!

Run the July Patch Tuesday Audit

Patch Tuesday July 2025 CVE Codes & Titles

CVE NumberCVE Title
CVE-2025-49760Windows Storage Spoofing Vulnerability
CVE-2025-49756Office Developer Platform Security Feature Bypass Vulnerability
CVE-2025-49753Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49744Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-49742Windows Graphics Component Remote Code Execution Vulnerability
CVE-2025-49740Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2025-49739Visual Studio Elevation of Privilege Vulnerability
CVE-2025-49738Microsoft PC Manager Elevation of Privilege Vulnerability
CVE-2025-49737Microsoft Teams Elevation of Privilege Vulnerability
CVE-2025-49735Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
CVE-2025-49733Win32k Elevation of Privilege Vulnerability
CVE-2025-49732Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-49731Microsoft Teams Elevation of Privilege Vulnerability
CVE-2025-49730Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability
CVE-2025-49729Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49727Win32k Elevation of Privilege Vulnerability
CVE-2025-49726Windows Notification Elevation of Privilege Vulnerability
CVE-2025-49725Windows Notification Elevation of Privilege Vulnerability
CVE-2025-49724Windows Connected Devices Platform Service Remote Code Execution Vulnerability
CVE-2025-49723Windows StateRepository API Server file Tampering Vulnerability
CVE-2025-49722Windows Print Spooler Denial of Service Vulnerability
CVE-2025-49721Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
CVE-2025-49719Microsoft SQL Server Information Disclosure Vulnerability
CVE-2025-49718Microsoft SQL Server Information Disclosure Vulnerability
CVE-2025-49717Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2025-49716Windows Netlogon Denial of Service Vulnerability
CVE-2025-49714Visual Studio Code Python Extension Remote Code Execution Vulnerability
CVE-2025-49711Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-49706Microsoft SharePoint Server Spoofing Vulnerability
CVE-2025-49705Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2025-49704Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-49703Microsoft Word Remote Code Execution Vulnerability
CVE-2025-49702Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49701Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-49700Microsoft Word Remote Code Execution Vulnerability
CVE-2025-49699Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49698Microsoft Word Remote Code Execution Vulnerability
CVE-2025-49697Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49696Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49695Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49694Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-49693Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-49691Windows Miracast Wireless Display Remote Code Execution Vulnerability
CVE-2025-49690Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
CVE-2025-49689Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVE-2025-49688Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49687Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
CVE-2025-49686Windows TCP/IP Driver Elevation of Privilege Vulnerability
CVE-2025-49685Windows Search Service Elevation of Privilege Vulnerability
CVE-2025-49684Windows Storage Port Driver Information Disclosure Vulnerability
CVE-2025-49683Microsoft Virtual Hard Disk Remote Code Execution Vulnerability
CVE-2025-49682Windows Media Elevation of Privilege Vulnerability
CVE-2025-49681Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-49680Windows Performance Recorder (WPR) Denial of Service Vulnerability
CVE-2025-49679Windows Shell Elevation of Privilege Vulnerability
CVE-2025-49678NTFS Elevation of Privilege Vulnerability
CVE-2025-49677Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-49676Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49675Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2025-49674Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49673Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49672Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49671Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-49670Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49669Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49668Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49667Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2025-49666Windows Server Setup and Boot Event Collection Remote Code Execution Vulnerability
CVE-2025-49665Workspace Broker Elevation of Privilege Vulnerability
CVE-2025-49664Windows User-Mode Driver Framework Host Information Disclosure Vulnerability
CVE-2025-49663Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49661Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-49660Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2025-49659Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability
CVE-2025-49658Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability
CVE-2025-49657Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-48824Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-48823Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2025-48822Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability
CVE-2025-48821Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
CVE-2025-48820Windows AppX Deployment Service Elevation of Privilege Vulnerability
CVE-2025-48819Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
CVE-2025-48818BitLocker Security Feature Bypass Vulnerability
CVE-2025-48817Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-48816HID Class Driver Elevation of Privilege Vulnerability
CVE-2025-48815Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2025-48814Remote Desktop Licensing Service Security Feature Bypass Vulnerability
CVE-2025-48812Microsoft Excel Information Disclosure Vulnerability
CVE-2025-48811Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2025-48810Windows Secure Kernel Mode Information Disclosure Vulnerability
CVE-2025-48809Windows Secure Kernel Mode Information Disclosure Vulnerability
CVE-2025-48808Windows Kernel Information Disclosure Vulnerability
CVE-2025-48806Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
CVE-2025-48805Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
CVE-2025-48804BitLocker Security Feature Bypass Vulnerability
CVE-2025-48803Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability
CVE-2025-48802Windows SMB Server Spoofing Vulnerability
CVE-2025-48800BitLocker Security Feature Bypass Vulnerability
CVE-2025-48799Windows Update Service Elevation of Privilege Vulnerability
CVE-2025-48386MITRE: CVE-2025-48386 Git Credential Helper Vulnerability
CVE-2025-48385MITRE: CVE-2025-48385 Git Protocol Injection Vulnerability
CVE-2025-48384MITRE: CVE-2025-48384 Git Symlink Vulnerability
CVE-2025-48003BitLocker Security Feature Bypass Vulnerability
CVE-2025-48002Windows Hyper-V Information Disclosure Vulnerability
CVE-2025-48001BitLocker Security Feature Bypass Vulnerability
CVE-2025-48000Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2025-47999Windows Hyper-V Denial of Service Vulnerability
CVE-2025-47998Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-47996Windows MBT Transport Driver Elevation of Privilege Vulnerability
CVE-2025-47994Microsoft Office Elevation of Privilege Vulnerability
CVE-2025-47993Microsoft PC Manager Elevation of Privilege Vulnerability
CVE-2025-47991Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
CVE-2025-47988Azure Monitor Agent Remote Code Execution Vulnerability
CVE-2025-47987Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
CVE-2025-47986Universal Print Management Service Elevation of Privilege Vulnerability
CVE-2025-47985Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2025-47984Windows GDI Information Disclosure Vulnerability
CVE-2025-47982Windows Storage VSP Driver Elevation of Privilege Vulnerability
CVE-2025-47981SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
CVE-2025-47980Windows Imaging Component Information Disclosure Vulnerability
CVE-2025-47978Windows Kerberos Denial of Service Vulnerability
CVE-2025-47976Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2025-47975Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2025-47973Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVE-2025-47972Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
CVE-2025-47971Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVE-2025-47178Microsoft Configuration Manager Remote Code Execution Vulnerability
CVE-2025-47161Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
CVE-2025-47159Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability
CVE-2025-46835MITRE: CVE-2025-46835 Git File Overwrite Vulnerability
CVE-2025-46334MITRE: CVE-2025-46334 Git Malicious Shell Vulnerability
CVE-2025-36357AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue
CVE-2025-36350AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue
CVE-2025-33054Remote Desktop Spoofing Vulnerability
CVE-2025-30399.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-27614MITRE: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability
CVE-2025-27613MITRE: CVE-2025-27613 Gitk Arguments Vulnerability
CVE-2025-26684Microsoft Defender Elevation of Privilege Vulnerability
CVE-2025-26636Windows Kernel Information Disclosure Vulnerability
CVE-2025-21195Azure Service Fabric Runtime Elevation of Privilege Vulnerability
CVE-2024-49000SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-43614Microsoft Defender for Endpoint for Linux Spoofing Vulnerability
CVE-2022-33637Microsoft Defender for Endpoint Tampering Vulnerability
CVE-2022-23278Microsoft Defender for Endpoint Spoofing Vulnerability
NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.

TRY NOW TALK TO SALES