Today is the monthly 'Windows Update' day.
The monthly Windows Update, which delivers security updates and bug fixes for Windows, has been released. The July 8, 2025 Windows Update includes security updates for 137 flaws, including one zero-day vulnerability in Microsoft SQL Server.
July 2025 Security Updates (Monthly) | MSRC Blog | Microsoft Security Response Center
https://msrc.microsoft.com/blog/2025/07/202507-security-update/
July 2025 Security Updates - Release Notes - Security Update Guide - Microsoft
https://msrc.microsoft.com/update-guide/releaseNote/2025-Jul
We have released the July 2025 monthly security update. By default, updates are performed automatically. For corporate organizations that manage updates, we have published an overview on our blog. Please refer to it and deploy updates as soon as possible. https://t.co/9v5ESZbQxu pic.twitter.com/7r89M67kX3
— Microsoft Security Team (@JSECTEAM) July 9, 2025
The security updates for July 2025 are as follows:
| Target products | maximum severity | The biggest impact | Related knowledge base article or support webpage |
|---|---|---|---|
| Windows 11 v24H2, v23H2 | emergency | Remote code execution possible | v24H2 5062553 v23H2 5062552 |
| Windows 10 v22H2 | emergency | Remote code execution possible | 5062554 |
| Windows Server 2025 (including Server Core installation) | emergency | Remote code execution possible | 5062553 |
| Windows Server 2022, 23H2 (including Server Core installation) | emergency | Remote code execution possible | Windows Server 2022, 5062572 Windows Server 23H2, 5062570 |
| Windows Server 2019, 2016 (including Server Core installation) | emergency | Remote code execution possible | Windows Server 2019, 5062557 Windows Server 2016, 5062560 |
| Remote Desktop client for Windows Desktop | emergency | Remote code execution possible | https://learn.microsoft.com/previous-versions/remote-desktop-client |
| Microsoft Office | emergency | Remote code execution possible | https://learn.microsoft.com/officeupdates |
| Microsoft SharePoint | emergency | Remote code execution possible | https://learn.microsoft.com/officeupdates/sharepoint-updates |
| Microsoft SQL Server | emergency | Remote code execution possible | https://learn.microsoft.com/dotnet |
| Microsoft Visual Studio | important | Elevation of privilege | https://learn.microsoft.com/visualstudio |
| Microsoft Azure | important | Remote code execution possible | https://learn.microsoft.com/azure |
Among the vulnerabilities fixed in the July 2025 security update, ' CVE-2025-47981 ' has a high CVSS base score of 9.8 and is a vulnerability that can be exploited without authentication or user interaction. Microsoft states, 'Given the characteristics of the vulnerability, we recommend that enterprise organizations immediately assess the risk and apply security updates.'
One zero-day vulnerability was disclosed in July 2025, CVE-2025-49719 , an information disclosure vulnerability in Microsoft SQL Server. This vulnerability could allow an unauthenticated, remote attacker to access data from uninitialized memory and is fixed by installing the latest version of Microsoft SQL Server and installing Microsoft OLE DB Driver for SQL Server version 18 or 19. In addition, a vulnerability that allows remote attacks in Microsoft SharePoint, tracked as CVE-2025-49704 , has also been fixed.
Windows Update is released on the second Tuesday of every month in the United States, and the next update is scheduled to be provided on Wednesday, August 13, 2025, Japan time.
Related Posts:
