July 2025 Windows Security Updates: Critical RCE Patches & Zero-Day Fixes

Here’s a summary of the key details from the July 2025 Windows Update, based on your GIGAZINE excerpt and the official Microsoft Security Response Center (MSRC) blog:

---

July 2025 Windows Security Updates – Highlights​

Release Date: July 8, 2025
Total Flaws Fixed: 137
Zero-day vulnerability: 1 (in Microsoft SQL Server)

Most Critical Updates & Vulnerabilities​

• Highest Severity Vulnerability:
• CVE-2025-47981 (SPNEGO Extended Negotiation (NEGOEX) Mechanism)
• CVSS Score: 9.8
• Impact: Remote code execution (RCE) possible without authentication or user interaction
• Recommendation: Enterprises should assess risk and apply updates immediately
• Zero-day Vulnerability:
• CVE-2025-49719 (Microsoft SQL Server Information Disclosure)
• Nature: Unauthenticated remote attacker could access data from uninitialized memory
• Solution: Update to the latest SQL Server and client

Affected Products and Patch IDs​

Additional Notes​

• No new families were added to the Malicious Software Removal Tool this month.
• Eight existing vulnerabilities received updates (mainly in Microsoft Defender, Defender for Endpoint, SQL Server Native Client, .NET, Visual Studio, and HLK) – see the full release note for CVE numbers.
• No new security advisories published this month.
• The next patch day: August 12, 2025 (US time).

---

Action Items for Users and IT​

• Update all affected products immediately (especially for enterprise/domains, due to the RCE and zero-day risks)
• Refer to the Security Update Guide for detailed product lists and patching order
• Check KB articles (linked above) for known issues and deployment tips.

References:

• MSRC July 2025 Patch Tuesday Announcement
• July 2025 Security Update Release Note

If you need details on specific CVEs, rollout help, or issue troubleshooting, let me know!

---

Source: GIGAZINE Today is the monthly 'Windows Update' day.