July, 2025: Patch Tuesday - A Large Number of Patches but Only One Zero-Day

Welcome to my July Patch Tuesday newsletter. Today Microsoft released 137 updates and an additional 3 in the past month for a total of 140 updates.

We have more than double the updates this month compared to last month but the good thing is we only have one zero-day to look at:

  • Publicly known:
    • CVE-2025-49719 (Information Disclosure)
      • Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

This vulnerability was patched today. If you have one of the affected versions of SQL Server installed (see chart below) please update it. Also, if you have an application using SQL make sure you update your application to use MS OLE DB Driver 18 or 19. You have time to get these tested and updated because the severity is only "Important" and the Exploitability Assessment is "Exploitation Less Likely".

Besides this one, there are another 14 updates that are rated "Critical":

So, we do have a good bit of updating that needs to be done. You will want to download, update and reboot those systems. See you next month!

Patch data provided by:

LOGbinder.com

Technology

Products Affected

Severity

Reference

Workaround/ Exploited / Publicly Disclosed

Vulnerability Info

Windows

Windows 10, 11

2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations

Remote Desktop Client

Windows App Client

Critical

CVE-2025-26636
CVE-2025-33054
CVE-2025-36350
CVE-2025-36357
CVE-2025-47159
CVE-2025-47971
CVE-2025-47972
CVE-2025-47973
CVE-2025-47975
CVE-2025-47976
CVE-2025-47978
CVE-2025-47980
CVE-2025-47981
CVE-2025-47982
CVE-2025-47984
CVE-2025-47985
CVE-2025-47986
CVE-2025-47987
CVE-2025-47991
CVE-2025-47993
CVE-2025-47996
CVE-2025-47998
CVE-2025-47999
CVE-2025-48000
CVE-2025-48001
CVE-2025-48002
CVE-2025-48003
CVE-2025-48799
CVE-2025-48800
CVE-2025-48802
CVE-2025-48803
CVE-2025-48804
CVE-2025-48805
CVE-2025-48806
CVE-2025-48808
CVE-2025-48809
CVE-2025-48810
CVE-2025-48811
CVE-2025-48814
CVE-2025-48815
CVE-2025-48816
CVE-2025-48817
CVE-2025-48818
CVE-2025-48819
CVE-2025-48820
CVE-2025-48821
CVE-2025-48822
CVE-2025-48823
CVE-2025-48824
CVE-2025-49657
CVE-2025-49658
CVE-2025-49659
CVE-2025-49660
CVE-2025-49661
CVE-2025-49663
CVE-2025-49664
CVE-2025-49665
CVE-2025-49666
CVE-2025-49667
CVE-2025-49668
CVE-2025-49669
CVE-2025-49670
CVE-2025-49671
CVE-2025-49672
CVE-2025-49673
CVE-2025-49674
CVE-2025-49675
CVE-2025-49676
CVE-2025-49677
CVE-2025-49678
CVE-2025-49679
CVE-2025-49680
CVE-2025-49681
CVE-2025-49682
CVE-2025-49683
CVE-2025-49684
CVE-2025-49685
CVE-2025-49686
CVE-2025-49687
CVE-2025-49688
CVE-2025-49689
CVE-2025-49690
CVE-2025-49691
CVE-2025-49693
CVE-2025-49694
CVE-2025-49716
CVE-2025-49721
CVE-2025-49722
CVE-2025-49723
CVE-2025-49724
CVE-2025-49725
CVE-2025-49726
CVE-2025-49727
CVE-2025-49729
CVE-2025-49730
CVE-2025-49732
CVE-2025-49733
CVE-2025-49735
CVE-2025-49740
CVE-2025-49742
CVE-2025-49744
CVE-2025-49753
CVE-2025-49760

Workaround: No
Exploited: No
Public: No

Denial of Service

Elevation of Privilege

Information Disclosure

Remote Code Execution

Security Feature Bypass

Spoofing

Tampering

Edge

Chromium-based

Important

CVE-2025-6554
CVE-2025-49713
CVE-2025-49741

Workaround: No
Exploited: No
Public: No

Information Disclosure

Remote Code Execution

Office

365 Apps for Enterprise

Excel/Outlook/Power Point/Word 2016

Office 2016, 2019

LTSC 2021, 2024 including for Mac

Office for Android

Teams for Android/Desktop/iOS/Mac

Office Online Server

Critical

CVE-2025-47994
CVE-2025-48812
CVE-2025-49695
CVE-2025-49696
CVE-2025-49697
CVE-2025-49698
CVE-2025-49699
CVE-2025-49700
CVE-2025-49702
CVE-2025-49703
CVE-2025-49705
CVE-2025-49711
CVE-2025-49731
CVE-2025-49737
CVE-2025-49756

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

Information Disclosure

Remote Code Execution

Security Feature Bypass

SharePoint

Enterprise Server 2016

Server 2019

Server Subscription Edition

Critical

CVE-2025-49701
CVE-2025-49703
CVE-2025-49704
CVE-2025-49706

Workaround: No
Exploited: No
Public: No

Remote Code Execution

Spoofing

SQL Server

2016 SP2 GDR

2016 SP3 Azure Connect Feature Pack

2017 CU31/GDR

2019 CU32/GDR

2022 CU19/GDR

Critical

CVE-2025-49717
CVE-2025-49718
CVE-2025-49719**

Workaround: No
Exploited: No
Public: Yes**

Information Disclosure

Remote Code Execution

Azure

Monitor Agent

Service Fabric

Important

CVE-2025-21195
CVE-2025-47988

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

Remote Code Execution

Developer Tools

Visual Studio 2015 Update 3

Visual Studio 2017 15.9-15.0

Visual Studio 2019 16.11-16.0

Visual Studio 2022 17.8, 17.10, 17.12, 17.14

Python Extension for Visual Studio Code

Important

CVE-2025-27613
CVE-2025-27614
CVE-2025-46334
CVE-2025-46835
CVE-2025-48384
CVE-2025-48385
CVE-2025-48386
CVE-2025-49714
CVE-2025-49739

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

Remote Code Execution

Apps

Microsoft PC Manager

Important

CVE-2025-49738

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

System Center

Microsoft Configuration Manger 2503

Important

CVE-2025-47178

Workaround: No
Exploited: No
Public: No

Remote Code Execution