Article Details

Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws. Today is Microsoft's July 2025 Patch Tuesday, which includes security updates for 137 flaws, including one publicly disclosed zero-day vulnerability in Microsoft SQL Server. This Patch Tuesday also fixes fourteen "Critical" vulnerabilities, ten of which are remote code execution vulnerabilities, one is an information disclosure, and two are AMD side channel attack flaws. The number of bugs in each vulnerability category is listed below: These counts do not include four Mariner and three Microsoft Edge issues fixed earlier this month. One zero-day This month's Patch Tuesday fixes one publicly disclosed zero-day in Microsoft SQL Server. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available. The publicly disclosed zero-day is: CVE-2025-49719 - Microsoft SQL Server Information Disclosure Vulnerability Microsoft fixes a flaw in Microsoft SQL Server that could allow a remote, unauthenticated attacker to access data from uninitialized memory. "Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network," explains Microsoft. Admins can fix the flaw by installing the latest version of Microsoft SQL Server and by installing the Microsoft OLE DB Driver 18 or 19. Microsoft attributes the discovery of this flaw to Vladimir Aleksic with Microsoft and does not provide details regarding how it was publicly disclosed. While there was only one zero-day in this Patch Tuesday, Microsoft fixed numerous, critical remote code execution flaws in Microsoft Office that can be exploited simply by opening a specially crafted document or when viewed through the preview pane. Microsoft states that the security updates for these flaws are not yet available for Microsoft Office LTSC for Mac 2021 and 2024 and will be released shortly. The company also fixed another critical RCE in Microsoft SharePoint tracked as CVE-2025-49704 that can be exploited remotely over the Internet as long as they have an account on the platform. Recent updates from other companies Other vendors who released updates or advisories in July 2025 include: The July 2025 Patch Tuesday Security Updates Below is the complete list of resolved vulnerabilities in the July 2025 Patch Tuesday updates. To access the full description of each vulnerability and the systems it affects, you can view the full report here. 8 Common Threats in 2025 While cloud attacks may be growing more sophisticated, attackers still succeed with surprisingly simple techniques. Drawing from Wiz's detections across thousands of organizations, this report reveals 8 key techniques used by cloud-fluent threat actors.