Monthly Patch
July 2025 Monthly Patch
9 July 2025
Microsoft has released security patches to address multiple vulnerabilities in their software and products.
Microsoft has released security patches to address multiple vulnerabilities in their software and products.
The vulnerabilities that have been classified as Critical in severity are listed in the table below.
For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2025-Jul
CVE-2025-47981: Successful exploitation of the heap-based buffer overflow vulnerability could allow an unauthorised attacker to perform remote code execution over a network by sending a malicious message to the server. This vulnerability affects versions of Windows client machines running Windows 10 version 1607 and later. Users of the affected products are advised to upgrade their Windows to the latest versions.
Critical Vulnerabilities
CVE Number | CVE Name | Base Score | Reference |
|---|---|---|---|
CVE-2025-47981 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | 9.8 | https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-47981 |
CVE-2025-49704 | Microsoft SharePoint Remote Code Execution Vulnerability | 8.8 | https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-49704 |
CVE-2025-48822 | Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability | 8.6 | https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-48822 |
CVE-2025-49717 | Microsoft SQL Server Remote Code Execution Vulnerability | 8.5 | https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-49717 |
CVE-2025-49697 | Microsoft Office Remote Code Execution Vulnerability | 8.4 | https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-49697 |
CVE-2025-49696 | Microsoft Office Remote Code Execution Vulnerability | 8.4 | https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-49696 |
CVE-2025-49695 | Microsoft Office Remote Code Execution Vulnerability | 8.4 | https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-49695 |
CVE-2025-49735 | Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability | 8.1 | https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-49735 |
CVE-2025-49703 | Microsoft Word Remote Code Execution Vulnerability | 7.8 | https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-49703 |
CVE-2025-49698 | Microsoft Word Remote Code Execution Vulnerability | 7.8 | https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-49698 |
CVE-2025-49702 | Microsoft Office Remote Code Execution Vulnerability | 7.8 | https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-49702 |
CVE-2025-47980 | Windows Imaging Component Information Disclosure Vulnerability | 6.2 | https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-47980 |
CVE-2025-36357 | AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue | 5.6 | https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-36357 |
CVE-2025-36350 | AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue | 5.6 | https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2025-36350 |