Image
Today’s Patch Tuesday Alert addresses Microsoft’s July 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship ASPL-1164 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
The only publicly disclosed vulnerability this month is an information disclosure in Microsoft SQL Server. Successful exploitation of this vulnerability could allow information to be disclosed to a remote, unauthenticated attacker. Microsoft has reported this vulnerability as Exploitation Less Likely.
CVE Breakdown by Tag
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted
| Tag | CVE Count | CVEs |
| Windows Kernel | 4 | CVE-2025-26636, CVE-2025-48808, CVE-2025-48809, CVE-2025-49666 |
| Remote Desktop Client | 2 | CVE-2025-33054, CVE-2025-48817 |
| Windows Virtualization-Based Security (VBS) Enclave | 3 | CVE-2025-47159, CVE-2025-48803, CVE-2025-48811 |
| Service Fabric | 1 | CVE-2025-21195 |
| Virtual Hard Disk (VHDX) | 4 | CVE-2025-47971, CVE-2025-49689, CVE-2025-47973, CVE-2025-49683 |
| Microsoft Input Method Editor (IME) | 3 | CVE-2025-47972, CVE-2025-49687, CVE-2025-47991 |
| Windows SSDP Service | 3 | CVE-2025-47976, CVE-2025-47975, CVE-2025-48815 |
| Windows GDI | 1 | CVE-2025-47984 |
| Windows Event Tracing | 2 | CVE-2025-47985, CVE-2025-49660 |
| Universal Print Management Service | 1 | CVE-2025-47986 |
| Windows Cred SSProvider Protocol | 1 | CVE-2025-47987 |
| Windows Routing and Remote Access Service (RRAS) | 16 | CVE-2025-48824, CVE-2025-49657, CVE-2025-49670, CVE-2025-49671, CVE-2025-49672, CVE-2025-49674, CVE-2025-49676, CVE-2025-49688, CVE-2025-49753, CVE-2025-47998, CVE-2025-49663, CVE-2025-49668, CVE-2025-49669, CVE-2025-49673, CVE-2025-49681, CVE-2025-49729 |
| Windows TDX.sys | 2 | CVE-2025-49658, CVE-2025-49659 |
| Windows Ancillary Function Driver for WinSock | 1 | CVE-2025-49661 |
| Microsoft Brokering File System | 3 | CVE-2025-49677, CVE-2025-49694, CVE-2025-49693 |
| Windows TCP/IP | 1 | CVE-2025-49686 |
| Capability Access Management Service (camsvc) | 1 | CVE-2025-49690 |
| Windows Media | 2 | CVE-2025-49691, CVE-2025-49682 |
| Microsoft PC Manager | 2 | CVE-2025-47993, CVE-2025-49738 |
| Microsoft Office | 6 | CVE-2025-47994, CVE-2025-49695, CVE-2025-49696, CVE-2025-49697, CVE-2025-49699, CVE-2025-49702 |
| AMD L1 Data Queue | 1 | CVE-2025-36357 |
| AMD Store Queue | 1 | CVE-2025-36350 |
| Microsoft Office Excel | 2 | CVE-2025-48812, CVE-2025-49711 |
| Windows Netlogon | 1 | CVE-2025-49716 |
| SQL Server | 3 | CVE-2025-49717, CVE-2025-49719, CVE-2025-49718 |
| Visual Studio | 8 | CVE-2025-27613, CVE-2025-27614, CVE-2025-46334, CVE-2025-46835, CVE-2025-48384, CVE-2025-48385, CVE-2025-48386, CVE-2025-49739 |
| Windows Fast FAT Driver | 1 | CVE-2025-49721 |
| Windows StateRepository API | 1 | CVE-2025-49723 |
| Windows Notification | 2 | CVE-2025-49726, CVE-2025-49725 |
| Microsoft Teams | 2 | CVE-2025-49731, CVE-2025-49737 |
| Windows KDC Proxy Service (KPSSVC) | 1 | CVE-2025-49735 |
| Microsoft Configuration Manager | 1 | CVE-2025-47178 |
| Microsoft Edge (Chromium-based) | 3 | CVE-2025-49713, CVE-2025-49741, CVE-2025-6554 |
| Office Developer Platform | 1 | CVE-2025-49756 |
| Windows Storage | 1 | CVE-2025-49760 |
| Windows Kerberos | 1 | CVE-2025-47978 |
| Windows Imaging Component | 1 | CVE-2025-47980 |
| Windows SPNEGO Extended Negotiation | 1 | CVE-2025-47981 |
| Windows Storage VSP Driver | 1 | CVE-2025-47982 |
| Windows MBT Transport driver | 1 | CVE-2025-47996 |
| Windows Connected Devices Platform Service | 2 | CVE-2025-48000, CVE-2025-49724 |
| Windows BitLocker | 5 | CVE-2025-48001, CVE-2025-48003, CVE-2025-48800, CVE-2025-48804, CVE-2025-48818 |
| Role: Windows Hyper-V | 3 | CVE-2025-48002, CVE-2025-48822, CVE-2025-47999 |
| Windows Update Service | 1 | CVE-2025-48799 |
| Windows SMB | 1 | CVE-2025-48802 |
| Microsoft MPEG-2 Video Extension | 2 | CVE-2025-48805, CVE-2025-48806 |
| Windows Secure Kernel Mode | 1 | CVE-2025-48810 |
| Windows Remote Desktop Licensing Service | 1 | CVE-2025-48814 |
| HID class driver | 1 | CVE-2025-48816 |
| Windows Universal Plug and Play (UPnP) Device Host | 2 | CVE-2025-48819, CVE-2025-48821 |
| Windows AppX Deployment Service | 1 | CVE-2025-48820 |
| Windows Cryptographic Services | 1 | CVE-2025-48823 |
| Windows User-Mode Driver Framework Host | 1 | CVE-2025-49664 |
| Workspace Broker | 1 | CVE-2025-49665 |
| Windows Win32K - ICOMP | 2 | CVE-2025-49667, CVE-2025-49733 |
| Kernel Streaming WOW Thunk Service Driver | 1 | CVE-2025-49675 |
| Windows NTFS | 1 | CVE-2025-49678 |
| Windows Shell | 1 | CVE-2025-49679 |
| Windows Performance Recorder | 1 | CVE-2025-49680 |
| Storage Port Driver | 1 | CVE-2025-49684 |
| Microsoft Windows Search Component | 1 | CVE-2025-49685 |
| Microsoft Office Word | 3 | CVE-2025-49698, CVE-2025-49700, CVE-2025-49703 |
| Microsoft Office SharePoint | 3 | CVE-2025-49701, CVE-2025-49704, CVE-2025-49706 |
| Microsoft Office PowerPoint | 1 | CVE-2025-49705 |
| Visual Studio Code - Python extension | 1 | CVE-2025-49714 |
| Windows Print Spooler Components | 1 | CVE-2025-49722 |
| Windows Win32K - GRFX | 1 | CVE-2025-49727 |
| Microsoft Windows QoS scheduler | 1 | CVE-2025-49730 |
| Microsoft Graphics Component | 3 | CVE-2025-49732, CVE-2025-49742, CVE-2025-49744 |
| Windows SmartScreen | 1 | CVE-2025-49740 |
| Azure Monitor Agent | 1 | CVE-2025-47988 |
| Mariner | 4 | CVE-2025-1736, CVE-2025-1734, CVE-2025-1744, CVE-2025-1861 |
Other Information
At the time of publication, there were no new advisories included with the July Security Guidance.
