Patch Tuesday for July 2025 was the busiest day for Microsoft fixes since January, with 130 Microsoft CVEs patched – including 17 ones at high risk for exploitation.
July’s total also included 10 non-Microsoft CVEs. In all, Microsoft Patch Tuesday July 2025 was twice the size of June’s patch total, and the biggest month for Microsoft CVEs since January’s 159.
High-Risk Flaws in Microsoft Patch Tuesday July 2025
The highest-rated vulnerability for July is a 9.8-severity remote code execution (RCE) flaw affecting Windows 10, version 1607 and above. CVE-2025-47981 affects SPNEGO Extended Negotiation (NEGOEX) Security Mechanism, and is a heap-based buffer overflow vulnerability caused by a Group Policy Object (GPO) enabled by default on these operating systems: “Network security: Allow PKU2U authentication requests to this computer to use online identities.”
An attacker could exploit the vulnerability by sending a malicious message to the server, potentially leading to remote code execution, Microsoft said.
Microsoft Office and SharePoint each had two high-risk RCE vulnerabilities.
CVE-2025-49695 is a Use After Free vulnerability in Microsoft Office, while CVE-2025-49696 is an Out-of-bounds Read/Heap-based Buffer Overflow in Office. Both vulnerabilities are rated 8.4 and could allow an attacker to achieve remote code execution without user interaction. Security updates for Microsoft Office LTSC for Mac 2021 and 2024 are not yet available and will be released as soon as possible.
CVE-2025-49701 is an 8.8-severity Improper Authorization vulnerability in SharePoint, and CVE-2025-49704 is a Code Injection vulnerability in SharePoint that’s also rated 8.8.
Other vulnerabilities deemed more likely to be exploited include:
- CVE-2025-49724, an 8.8-rated Windows Connected Devices Platform Service Remote Code Execution vulnerability
- CVE-2025-49735, an 8.1-severity Windows KDC Proxy Service (KPSSVC) Remote Code Execution vulnerability
- CVE-2025-47978, a 6.5-severity Windows Kerberos Denial of Service vulnerability
- CVE-2025-47987, a 7.8-rated Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege vulnerability
- CVE-2025-48799, a 7.8-rated Windows Update Service Elevation of Privilege vulnerability
- CVE-2025-48800, CVE-2025-48001, CVE-2025-48804 and CVE-2025-48818, all 6.8-severity BitLocker Security Feature Bypass vulnerabilities
- CVE-2025-49718, a 7.5-rated Microsoft SQL Server Information Disclosure vulnerability
- CVE-2025-49727, a 7.0-severity Win32k Elevation of Privilege vulnerability
- CVE-2025-49744, a 7.0-rated Windows Graphics Component Elevation of Privilege vulnerability
Other IT Vendors Issuing Patch Tuesday Updates
Microsoft isn’t the only IT vendor issuing updates on the second Tuesday of the month. Other vendors releasing updates and patches in the last day have included:
