Full Report
Patch Tuesday for July 2025 was the busiest day for Microsoft fixes since January, with 130 Microsoft CVEs patched – including 17 ones at high risk for exploitation. July’s total also included 10 non-Microsoft CVEs. In all, Microsoft Patch Tuesday July 2025 was twice the size of June’s patch total, and the biggest month for Microsoft CVEs since January’s 159. High-Risk Flaws in Microsoft Patch Tuesday July 2025 The highest-rated vulnerability for July is a 9.8-severity remote code execution (RCE) flaw affecting Windows 10, version 1607 and above. CVE-2025-47981 affects SPNEGO Extended Negotiation (NEGOEX) Security Mechanism, and is a heap-based buffer overflow vulnerability caused by a Group Policy Object (GPO) enabled by default on these operating systems: "Network security: Allow PKU2U authentication requests to this computer to use online identities." An attacker could exploit the vulnerability by sending a malicious message to the server, potentially leading to remote code execution, Microsoft said. Microsoft Office and SharePoint each had two high-risk RCE vulnerabilities. CVE-2025-49695 is a Use After Free vulnerability in Microsoft Office, while CVE-2025-49696 is an Out-of-bounds Read/Heap-based Buffer Overflow in Office. Both vulnerabilities are rated 8.4 and could allow an attacker to achieve remote code execution without user interaction. Security updates for Microsoft Office LTSC for Mac 2021 and 2024 are not yet available and will be released as soon as possible. CVE-2025-49701 is an 8.8-severity Improper Authorization vulnerability in SharePoint, and CVE-2025-49704 is a Code Injection vulnerability in SharePoint that’s also rated 8.8. Other vulnerabilities deemed more likely to be exploited include: CVE-2025-49724, an 8.8-rated Windows Connected Devices Platform Service Remote Code Execution vulnerability CVE-2025-49735, an 8.1-severity Windows KDC Proxy Service (KPSSVC) Remote Code Execution vulnerability CVE-2025-47978, a 6.5-severity Windows Kerberos Denial of Service vulnerability CVE-2025-47987, a 7.8-rated Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege vulnerability CVE-2025-48799, a 7.8-rated Windows Update Service Elevation of Privilege vulnerability CVE-2025-48800, CVE-2025-48001, CVE-2025-48804 and CVE-2025-48818, all 6.8-severity BitLocker Security Feature Bypass vulnerabilities CVE-2025-49718, a 7.5-rated Microsoft SQL Server Information Disclosure vulnerability CVE-2025-49727, a 7.0-severity Win32k Elevation of Privilege vulnerability CVE-2025-49744, a 7.0-rated Windows Graphics Component Elevation of Privilege vulnerability Other IT Vendors Issuing Patch Tuesday Updates Microsoft isn’t the only IT vendor issuing updates on the second Tuesday of the month. Other vendors releasing updates and patches in the last day have included: AMD Fortinet Google Android Ivanti SAP
Analysis Summary
This summary focuses on the specific Microsoft vulnerabilities mentioned in the provided context from the July 2025 Patch Tuesday report.
# Vulnerability: Windows and SQL Server Flaws Patched in July 2025
## CVE Details
- CVE ID: CVE-2025-48799, CVE-2025-48800, CVE-2025-48001, CVE-2025-48804, CVE-2025-48818, CVE-2025-49718, CVE-2025-49727, CVE-2025-49744
- CVSS Score: 7.8 (High) for CVE-2025-48799; 6.8 (Medium) for BitLocker issues; 7.5 (High) for CVE-2025-49718; 7.0 (High) for others.
- CWE: Varies (e.g., Improper Access Control for EoP, Improper Restriction of Data Leakage for Info Disclosure).
## Affected Systems
- Products: Windows Update Service, BitLocker, Microsoft SQL Server, Win32k, Windows Graphics Component.
- Versions: Not explicitly listed in the provided text; requires consulting official Microsoft MSRC advisories.
- Configurations: Specific required configurations are not detailed in the summary text.
## Vulnerability Description
The July 2025 Microsoft Patch Tuesday addressed several critical flaws, including:
1. **Elevation of Privilege (EoP)** in the Windows Update Service (CVE-2025-48799, CVSS 7.8).
2. **BitLocker Security Feature Bypass** vulnerabilities (CVE-2025-48800, CVE-2025-48001, CVE-2025-48804, CVE-2025-48818, all CVSS 6.8).
3. **Information Disclosure** in Microsoft SQL Server (CVE-2025-49718, CVSS 7.5).
4. **Elevation of Privilege** in Win32k (CVE-2025-49727, CVSS 7.0) and Windows Graphics Component (CVE-2025-49744, CVSS 7.0).
## Exploitation
- Status: Not specified whether any of the above-listed CVEs were exploited in the wild or if PoCs are publicly available.
- Complexity: Varies by vulnerability type (EoP typically requires local or pre-authentication access).
- Attack Vector: Likely varied (local for EoP, network for SQL Server disclosure).
## Impact
- Confidentiality: Potential impact due to Information Disclosure in SQL Server.
- Integrity: Potential impact from successful Elevation of Privilege attacks and BitLocker bypasses.
- Availability: Lower direct impact unless combined with denial-of-service capabilities (not specified).
## Remediation
### Patches
Specific patches are available via the July 2025 Microsoft Windows Updates. Users should refer to the MSRC guidance for specific update KB numbers corresponding to:
- CVE-2025-48799
- CVE-2025-48800, CVE-2025-48001, CVE-2025-48804, CVE-2025-48818
- CVE-2025-49718
- CVE-2025-49727
- CVE-2025-49744
### Workarounds
No specific workarounds are detailed in the provided summary. All listed vulnerabilities are deemed high/moderate risk and warrant immediate patching.
## Detection
- **Indicators of Compromise (IoCs):** Not specified.
- **Detection Methods and Tools:** Monitoring for unauthorized application of specific Windows updates to determine patch status. Behavior analysis should look for unusual activity related to the Windows Update Service or unexpected file access attempts associated with BitLocker processes.
## References
- Vendor Advisory: Microsoft Security Response Center (MSRC) Update Guide for July 2025.
- Specific links provided in the article (defanged):
- hXXps://msrc[.]microsoft[.]com/update-guide/en-US/vulnerability/CVE-2025-48799
- hXXps://msrc[.]microsoft[.]com/update-guide/en-US/vulnerability/CVE-2025-48800
- hXXps://msrc[.]microsoft[.]com/update-guide/en-US/vulnerability/CVE-2025-48001
- hXXps://msrc[.]microsoft[.]com/update-guide/en-US/vulnerability/CVE-2025-48804
- hXXps://msrc[.]microsoft[.]com/update-guide/en-US/vulnerability/CVE-2025-48818
- hXXps://msrc[.]microsoft[.]com/update-guide/en-US/vulnerability/CVE-2025-49718
- hXXps://msrc[.]microsoft[.]com/update-guide/en-US/vulnerability/CVE-2025-49727
- hXXps://msrc[.]microsoft[.]com/update-guide/en-US/vulnerability/CVE-2025-49744
- General Reference: hXXps://thecyberexpress[.]com/microsoft-patch-tuesday-july-2025/