[German]Microsoft released security updates for Windows clients and servers, Office and other products on July 8, 2025. The security updates fixes 128 vulnerabilities (CVEs), one were classified as 0-day. The following is a compact overview of the updates released on Patchday. More details about some vulnerabilities are following in discrete blog posts.
Notes on the updates
A list of updates can be found on this Microsoft page. Details on the update packages for Windows, Office etc. are available in separate blog posts.
Windows 10/11, Windows Server
All Windows 10/11 updates (as well as the updates of the server counterparts) are cumulative. The monthly patchday update contains all security fixes for these Windows versions – as well as all non-security fixes up to the patchday. In addition to the security patches for the vulnerabilities, the updates also contain fixes to correct errors or new features.
Windows Server 2012 R2
An ESU license is required for Windows Server 2012 /R2 to receive further security updates (Windows Server 2012/R2 gets Extended Security Updates (ESU) until October 2026).
Fixed vulnerabilities
Tenable has published this blog post with an overview of the vulnerabilities that have been fixed. Here are some of the critical vulnerabilities that have been fixed:
- CVE-2025-49719: Microsoft SQL Server Information Disclosure vulnerability, CVEv3 Score 7.5, important; An unauthenticated attacker could exploit this vulnerability to obtain uninitialized memory. According to Microsoft's Exploitability Index, it is classified as "Exploitation Less Likely". The vulnerability was publicly disclosed before patches were available. Users of SQL Server are advised to update to the latest version, which includes driver fixes. If users are using their own applications or third-party software that utilizes SQL Server, it is recommended to update to Microsoft OLE DB Driver for SQL Server version 18 or 19. It is important to ensure compatibility before updating. Further information on General Distribution Release (GDR) or Cumulative Update (CU) versions can be found in the advisory.
- CVE-2025-47981: SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution vulnerability, CVEv3 Score 9.8, critical; "Exploitation More Likely"; An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted message to a vulnerable server. If successfully exploited, an attacker could gain RCE privileges. Microsoft states that this vulnerability only affects Windows 10 version 1607 and later, as a specific Group Policy Object (GPO) is enabled by default in these versions: Network security: Allow PKU2U authentication requests to this computer to use online identities.
- CVE-2025-49701 and CVE-2025-49704: Microsoft SharePoint Remote Code Execution vulnerability, CVEv3 Score 8.8, critical and important; To exploit these vulnerabilities, an attacker must authenticate with at least site owner privileges. Once authenticated, an attacker could write arbitrary code into a vulnerable SharePoint server to gain RCE.
- CVE-2025-49735: Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability, CVEv3 Score 8.1, critical; The Windows Kerberos Key Distribution Center (KDC) proxy service is an authentication mechanism used for KDC servers over HTTPS. An unauthenticated attacker could exploit this vulnerability by using a crafted application to exploit a cryptographic protocol vulnerability to execute arbitrary code. According to the advisory, only Windows servers running "[MS-KKDCP]: Kerberos Key Distribution Center (KDC) Proxy Protocol" were configured. Although the advisory mentions that the attacker must exploit a race condition, the vulnerability was still classified as "Exploitation More Likely".
- CVE-2025-49724: Windows Connected Devices Platform Service Remote Code Execution vulnerability, CVEv3 Score 8.8, important; An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted data packets to a system on which the Nearby Sharing feature is enabled. The Microsoft advisory indicates that the Nearby Sharing feature is not enabled by default.
- CVE-2025-49695, CVE-2025-49696, CVE-2025-49697, CVE-2025-49698, CVE-2025-49702 and CVE-2025-49703: Microsoft Office and Microsoft Word Remote Code Execution vulnerabilities, CVEv3 score 8.4, critical; various vulnerability mechanisms; exploitation is "less likely".
- CVE-2025-48822: Windows Hyper-V Discrete Device Assignment (DDA) remote code execution vulnerability, CVEv3 Score 8.6, critical; out-of-bounds read in Hyper-V that could allow an unauthorized attacker to execute code locally. Microsoft rates the complexity of the attack as "low" and exploitation is "less likely".
- CVE-2025-48799: Windows Update Service Elevation of Privilege vulnerability, CVEv3.1, Score 7.8, important; An attacker who successfully exploits this vulnerability can create, modify or delete files in the security context of the "NT AUTHORITY\SYSTEM" account. Microsoft considers exploitation of the attack to be "more likely".
A list of all CVEs discovered can be found on this Microsoft page, excerpts are available at Tenable and Talos.
Similar articles:
Microsoft Security Update Summary (July 8, 2025)
Patchday: Windows 10/11 Updates (July 8, 2025)
Patchday: Windows Server-Updates (July 8, 2025)
Patchday: Microsoft Office Updates (July 8, 2025)
Windows 10/11: Preview Updates June 2025
Windows 11 24H2: Azure Virtual Desktop (AVD) App Attach fails
Windows 11 24H2 June 2025 update issues: KB5060842 with wrong timestamp and Print to PDF
Windows 11 24H2: June 2025 Preview Update KB5060829 triggers Firewall Events
