Here’s a summary of the key details from the July 2025 Windows Update, based on your GIGAZINE excerpt and the official Microsoft Security Response Center (MSRC) blog:
Release Date: July 8, 2025
Total Flaws Fixed: 137
Zero-day vulnerability: 1 (in Microsoft SQL Server)
If you need details on specific CVEs, rollout help, or issue troubleshooting, let me know!
Source: GIGAZINE Today is the monthly 'Windows Update' day.
July 2025 Windows Security Updates – Highlights
Release Date: July 8, 2025Total Flaws Fixed: 137
Zero-day vulnerability: 1 (in Microsoft SQL Server)
Most Critical Updates & Vulnerabilities
- Highest Severity Vulnerability:
- CVE-2025-47981 (SPNEGO Extended Negotiation (NEGOEX) Mechanism)
- CVSS Score: 9.8
- Impact: Remote code execution (RCE) possible without authentication or user interaction
- Recommendation: Enterprises should assess risk and apply updates immediately
- Zero-day Vulnerability:
- CVE-2025-49719 (Microsoft SQL Server Information Disclosure)
- Nature: Unauthenticated remote attacker could access data from uninitialized memory
- Solution: Update to the latest SQL Server and client
Affected Products and Patch IDs
| Product | Max Severity | Main Threat | KB Article/Info |
|---|---|---|---|
| Windows 11 v24H2, v23H2 | Emergency | Remote Code Execution (RCE) | 5062553, 5062552 |
| Windows 10 v22H2 | Emergency | RCE | 5062554 |
| Windows Server 2025 | Emergency | RCE | 5062553 |
| Windows Server 2022, 23H2 | Emergency | RCE | 5062572, 5062570 |
| Windows Server 2019, 2016 | Emergency | RCE | 5062557, 5062560 |
| Remote Desktop Client | Emergency | RCE | Info |
| Microsoft Office | Emergency | RCE | Info |
| Microsoft SharePoint | Emergency | RCE | Info |
| Microsoft SQL Server | Emergency | RCE | Info |
| Microsoft Visual Studio | Important | Privilege Elevation | Info |
| Microsoft Azure | Important | RCE | Info |
Additional Notes
- No new families were added to the Malicious Software Removal Tool this month.
- Eight existing vulnerabilities received updates (mainly in Microsoft Defender, Defender for Endpoint, SQL Server Native Client, .NET, Visual Studio, and HLK) – see the full release note for CVE numbers.
- No new security advisories published this month.
- The next patch day: August 12, 2025 (US time).
Action Items for Users and IT
- Update all affected products immediately (especially for enterprise/domains, due to the RCE and zero-day risks)
- Refer to the Security Update Guide for detailed product lists and patching order
- Check KB articles (linked above) for known issues and deployment tips.
If you need details on specific CVEs, rollout help, or issue troubleshooting, let me know!
Source: GIGAZINE Today is the monthly 'Windows Update' day.
