Here’s a summary of the key details from the July 2025 Windows Update, based on your GIGAZINE excerpt and the official Microsoft Security Response Center (MSRC) blog:
July 2025 Windows Security Updates – Highlights
Release Date: July 8, 2025 Total Flaws Fixed: 137 Zero-day vulnerability: 1 (in Microsoft SQL Server)
Impact: Remote code execution (RCE) possible without authentication or user interaction
Recommendation: Enterprises should assess risk and apply updates immediately
Zero-day Vulnerability:
CVE-2025-49719 (Microsoft SQL Server Information Disclosure)
Nature: Unauthenticated remote attacker could access data from uninitialized memory
Solution: Update to the latest SQL Server and client
Affected Products and Patch IDs
Product
Max Severity
Main Threat
KB Article/Info
Windows 11 v24H2, v23H2
Emergency
Remote Code Execution (RCE)
5062553, 5062552
Windows 10 v22H2
Emergency
RCE
5062554
Windows Server 2025
Emergency
RCE
5062553
Windows Server 2022, 23H2
Emergency
RCE
5062572, 5062570
Windows Server 2019, 2016
Emergency
RCE
5062557, 5062560
Remote Desktop Client
Emergency
RCE
Info
Microsoft Office
Emergency
RCE
Info
Microsoft SharePoint
Emergency
RCE
Info
Microsoft SQL Server
Emergency
RCE
Info
Microsoft Visual Studio
Important
Privilege Elevation
Info
Microsoft Azure
Important
RCE
Info
Additional Notes
No new families were added to the Malicious Software Removal Tool this month.
Eight existing vulnerabilities received updates (mainly in Microsoft Defender, Defender for Endpoint, SQL Server Native Client, .NET, Visual Studio, and HLK) – see the full release note for CVE numbers.
No new security advisories published this month.
The next patch day: August 12, 2025 (US time).
Action Items for Users and IT
Update all affected products immediately (especially for enterprise/domains, due to the RCE and zero-day risks)