Full Report
Microsoft has released the KB5062554 cumulative update for Windows 10 22H2 and Windows 10 21H2, with thirteen new fixes or changes. [...]
Analysis Summary
# Vulnerability: Zero-Day Fix in July 2025 Patch Tuesday Update (Specific CVEs Not Detailed)
## CVE Details
- CVE ID: **Not explicitly listed in the provided text scope.** (The article mentions 137 flaws fixed, including one zero-day, but does not cite specific identifiers here.)
- CVSS Score: **N/A**
- CWE: **N/A**
## Affected Systems
- Products: **Windows 10**
- Versions: **Builds 19044 and 19045** (specific to the update KB5062554 application)
- Configurations: **Systems utilizing the Entra ID Windows Account Manager (WAM) plugin; Systems using COM functionality.**
## Vulnerability Description
The provided text mentions three key fixes included in the cumulative update KB5062554, which likely address unlisted CVEs:
1. **Entra ID WAM Registration Issue:** A flaw affecting device registration within the Entra ID Windows Account Manager (WAM) plugin.
2. **COM Activation Failure:** An issue causing remote Component Object Model (COM) activations to fail with error `0x8001011`.
3. **curl Update:** An update to the bundled `curl` tool to version v8.13.0.
*Note: The context states Microsoft July 2025 Patch Tuesday fixed one zero-day and 137 flaws in total—the specific details for the zero-day are not available in this excerpt.*
## Exploitation
- Status: **Unknown/Not specified for the specific issues detailed.** (The broader context implies a zero-day was patched, suggesting active exploitation might have occurred before the patch.)
- Complexity: **Unknown**
- Attack Vector: **Likely Network/Local based on the nature of WAM and COM flaws.**
## Impact
- Confidentiality: **Unknown**
- Integrity: **Unknown**
- Availability: **Potential impact due to COM activation failure (0x8001011 error).**
## Remediation
### Patches
- **KB5062554 Cumulative Update** for Windows 10 (OS Builds 19044.6093 and 19045.6093).
- The update seems to address fixes first previewed in **KB5061087** (June 24, 2025 preview update bulletin).
### Workarounds
- **For blurry text after curl update:** If experiencing blurry CJK text at 96 DPI (100% scaling) in Chromium browsers (Edge, Chrome):
- Set display scaling to **125% or 150%** temporarily.
## Detection
- **Indicators of Compromise:** Not specified for the vulnerabilities themselves.
- **Detection methods and tools:** Not specified. (Standard security monitoring for WAM/COM-related anomalies would be recommended.)
## References
- Vendor Advisory (KB5062554 Support Bulletin): `support.microsoft.com/en-us/topic/july-8-2025-kb5062554-os-builds-19044-6093-and-19045-6093-806b229f-70cd-404d-861c-4adb299e3930`
- Previous Preview Bulletin: `support.microsoft.com/en-us/topic/june-24-2025-kb5061087-os-build-19045-6036-preview-adf49eb5-cd10-4a97-a14b-78811782a3c8`