All new patches will be approved in our patch policy.

 

This month Microsoft released patches for 137 vulnerabilities with 14 rated “Critical” in severity.

July 2025 Patch Tuesday includes security updates for 137 flaws with one publicly disclosed zero-day vulnerability.

• CVE-2025-49719 is a publicly disclosed zero-day vulnerability in Microsoft SQL Server 2016-2022 that can be exploited without authentication.
• CVE-2025-47981 is a Critical remote code execution (RCE) vulnerability in the Windows SPNEGO Extended Negotiation component. The code executes with elevated privileges with no user interaction.
• Microsoft SharePoint vulnerability CVE-2025-49704 can be exploited remotely over the Internet provided the attacker has an account on the platform.
• CVE-2025-47178 involves a RCE flaw in Microsoft Configuration Manager.
• One new standalone SSU for Windows 10 Version 1607/Server 2016.

 

Disclosed: CVE-2025-49719
Exploited: None

 

Security Update Guide

https://msrc.microsoft.com/update-guide/en-us

 

Microsoft Security Advisories

ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:7/08/2025)

https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001

Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.

NOTE: The Windows 10/11 Security Stack Updates are included in the monthly Cumulative Updates.

 

Known Issues

Microsoft confirmed an issue where “WSUS update and sync operation fail with timeout errors” on July 9th. It was fixed later that evening – “The issue has been addressed through a service-side repair activity and should be resolved. WSUS sync and update activities are expected to proceed as usual at this time.”

WSUS Sync

https://www.reddit.com/r/sysadmin/comments/1lvi5gj/wsus_sync/

 

Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.

 

Good resource for known issues with Windows 10/11 patches. Find the version and click on “Known issues”.

Windows release health
https://docs.microsoft.com/en-us/windows/release-health/

 

Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022,2025 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

 

Security and Quality Rollup

• KB5062597 – Windows Server 2012 R2 (ESU)
• KB5062592 – Windows Server 2012 (ESU)

 

Cumulative Updates

Windows 10

• KB5060998 – Original release version 1507 (OS Build 10240)
• KB5062560 – Version 1607 “Anniversary Update” (OS Build 14393)
• KB5062557 – Version 1809 “October 2018 Update” (OS Build 17763)
• KB5062554 – Version 21H2 “November 2021 Update” (OS Build 19044)
• KB5062554 – Version 22H2 “November 2022 Update” (OS Build 19045)

(Versions 1511,1703,1709,1803,1903,1909,2004,20H2,21H1 are no longer under support)

 

Windows 11

• KB5062552 – 22H2 (OS Build 22621)
• KB5062552 – 23H2 (OS Build 22631)
• KB5062553 – 24H2 (OS Build 26100)

(Version 21H2 is no longer under support)

 

Windows Server

• KB5062560 – Server 2016 (same KB as Windows 10 Version 1607)
• KB5062557 – Server 2019 (same KB as Windows 10 Version 1809)
• KB5062572 – Server 2022 (OS Build 20348)
• KB5062570 – Server 23H2 (OS Build 25398)
• KB5062553 – Server 2025 (OS Build 26100)

 

July 2025 updates for Microsoft Office

https://support.microsoft.com/en-us/topic/july-2025-updates-for-microsoft-office-0e88422d-f598-4ea2-902c-2b428f37ebff

 

Notable CVEs

 

CVE-2025-47178 | Microsoft Configuration Manager Remote Code Execution Vulnerability (KB31909343)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-47178

Improper neutralization of special elements used in an sql command (‘sql injection’) in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.

 

CVE-2025-47981 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47981

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network. An attacker could exploit this vulnerability by sending a malicious message to the server, potentially leading to remote code execution.

 

CVE-2025-48822 | Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-48822

A user needs to be tricked into importing an INF file. An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

 

CVE-2025-49704 | Microsoft SharePoint Remote Code Execution Vulnerability (KB5002741,KB5002744)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

 

CVE-2025-49717 | Microsoft SQL Server Remote Code Execution Vulnerability (KB5058712,KB5058713,KB5058721,KB5058722)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network. See KB for more detailed information.

 

CVE-2025-49719 | Microsoft SQL Server Information Disclosure Vulnerability (KB5058712,KB5058713,KB5058714,KB5058716,KB5058717,KB5058718,KB5058721,KB5058722)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-49719

Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

 

CVE-2025-49740 | Windows SmartScreen Security Feature Bypass Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-49740

An attacker who successfully exploited the vulnerability could evade Mark of the Web (MOTW) defenses. To exploit this security feature bypass vulnerability, an attacker would need to convince a user to launch malicious files using a launcher application that requests that no UI be shown. A user needs to be tricked into running malicious files.