MS Family July 2025 Routine Security Update Advisory

Jul 09 2025

Overview

Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.

Affected Products

Apps family

Microsoft PC Manager

Azure Family

Azure Monitor Agent

Azure Service Fabric

Developer Tools suite

Microsoft Visual Studio 2015 Update 3

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8)

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10)

Microsoft Visual Studio 2022 version 17.10

Microsoft Visual Studio 2022 version 17.12

Microsoft Visual Studio 2022 version 17.14

Microsoft Visual Studio 2022 version 17.8

Python extension for Visual Studio Code

ESU Family

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Microsoft Office Suite

Microsoft 365 Apps for Enterprise for 32-bit Systems

Microsoft 365 Apps for Enterprise for 64-bit Systems

Microsoft Excel 2016 (32-bit edition)

Microsoft Excel 2016 (64-bit edition)

Microsoft Office 2016 (32-bit edition)

Microsoft Office 2016 (64-bit edition)

Microsoft Office 2019 for 32-bit editions

Microsoft Office 2019 for 64-bit editions

Microsoft Office LTSC 2021 for 32-bit editions

Microsoft Office LTSC 2021 for 64-bit editions

Microsoft Office LTSC 2024 for 32-bit editions

Microsoft Office LTSC 2024 for 64-bit editions

Microsoft Office LTSC for Mac 2021

Microsoft Office LTSC for Mac 2024

Microsoft Office for Android

Microsoft Outlook 2016 (32-bit edition)

Microsoft Outlook 2016 (64-bit edition)

Microsoft PowerPoint 2016 (32-bit edition)

Microsoft PowerPoint 2016 (64-bit edition)

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Server Subscription Edition

Microsoft Teams for Android

Microsoft Teams for Desktop

Microsoft Teams for Mac

Microsoft Teams for iOS

Microsoft Word 2016 (32-bit edition)

Microsoft Word 2016 (64-bit edition)

Office Online Server

SQL Server Family

Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)

Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack

Microsoft SQL Server 2017 for x64-based Systems (CU 31)

Microsoft SQL Server 2017 for x64-based Systems (GDR)

Microsoft SQL Server 2019 for x64-based Systems (CU 32)

Microsoft SQL Server 2019 for x64-based Systems (GDR)

Microsoft SQL Server 2022 for x64-based Systems (CU 19)

Microsoft SQL Server 2022 for x64-based Systems (GDR)

System Center Suite

Microsoft Configuration Manager 2503

Windows Suite

Remote Desktop client for Windows Desktop

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows 11 Version 24H2 for ARM64-based Systems

Windows 11 Version 24H2 for x64-based Systems

Windows App Client for Windows Desktop

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022, 23H2 Edition (Server Core installation)

Windows Server 2025

Windows Server 2025 (Server Core installation)

Resolved Vulnerabilities

14 vulnerabilities rated Critical and 114 rated Important were found.

Apps Suite

Critical elevation of privilege vulnerability in Microsoft PC Manager (CVE-2025-49738)

Azure family

Critical remote code execution vulnerability in Azure Monitor Agent (CVE-2025-47988)

Critical elevation of privilege vulnerability in Service Fabric (CVE-2025-21195)

Developer Tools suite

Visual Studio Code – Critical remote code execution vulnerability in the Python extension (CVE-2025-49714)

Critical elevation of privilege vulnerability in Visual Studio (CVE-2025-49739)

Microsoft Office Suite

Critical remote code execution vulnerability in Microsoft Office Excel (CVE-2025-49711)

Critical information disclosure vulnerability in Microsoft Office Excel (CVE-2025-48812)

Critical remote code execution vulnerability in Microsoft Office PowerPoint (CVE-2025-49705)

Critical remote code execution vulnerability in Microsoft Office SharePoint (CVE-2025-49704)

Critical-grade spoofing vulnerability in Microsoft Office SharePoint (CVE-2025-49706)

Critical remote code execution vulnerability in Microsoft Office SharePoint (CVE-2025-49701)

Critical remote code execution vulnerability in Microsoft Office Word (CVE-2025-49698, CVE-2025-49703)

Critical-grade remote code execution vulnerability in Microsoft Office Word (CVE-2025-49700)

Urgent-grade remote code execution vulnerabilities in Microsoft Office (CVE-2025-49695, CVE-2025-49696, CVE-2025-49697, CVE-2025-49702)

Critical elevation of privilege vulnerability in Microsoft Office (CVE-2025-47994)

Critical remote code execution vulnerability in Microsoft Office (CVE-2025-49699)

Critical elevation of privilege vulnerabilities in Microsoft Teams (CVE-2025-49731, CVE-2025-49737)

Critical security feature bypass vulnerability in Office Developer Platform (CVE-2025-49756)

SQL Server Family

Critical remote code execution vulnerability in SQL Server (CVE-2025-49717)

Critical Information Disclosure Vulnerability in SQL Server (CVE-2025-49719, CVE-2025-49718)

System Center Suite

Critical-grade remote code execution vulnerability in Microsoft Configuration Manager (CVE-2025-47178)

Windows Family

Critical Information Disclosure Vulnerability in AMD L1 Data Queue (CVE-2025-36357)

Critical information disclosure vulnerability in AMD Store Queue (CVE-2025-36350)

Critical elevation of privilege vulnerability in Capability Access Management Service (camsvc) (CVE-2025-49690)

Critical elevation of privilege vulnerability in HID class driver (CVE-2025-48816)

Critical elevation of privilege vulnerability in the Kernel Streaming WOW Thunk Service Driver (CVE-2025-49675)

Critical elevation of privilege vulnerabilities in the Microsoft Brokering File System (CVE-2025-49677, CVE-2025-49694, CVE-2025-49693)

Critical elevation of privilege vulnerabilities in Microsoft Graphics Component (CVE-2025-49732, CVE-2025-49744)

Critical remote code execution vulnerability in Microsoft Graphics Component (CVE-2025-49742)

Critical elevation of privilege vulnerabilities in Microsoft Input Method Editor (IME) (CVE-2025-47972, CVE-2025-49687, CVE-2025-47991)

Critical remote code execution vulnerabilities in Microsoft MPEG-2 Video Extension (CVE-2025-48805, CVE-2025-48806)

Critical elevation of privilege vulnerability in Microsoft PC Manager (CVE-2025-47993)

Critical elevation of privilege vulnerability in Microsoft Windows QoS scheduler (CVE-2025-49730)

Critical elevation of privilege vulnerability in Microsoft Windows Search Component (CVE-2025-49685)

Critical spoofing vulnerability in Remote Desktop Client (CVE-2025-33054)

Critical remote code execution vulnerability in Remote Desktop Client (CVE-2025-48817)

Role: Critical Remote Code Execution Vulnerability in Windows Hyper-V (CVE-2025-48822)

Role: Critical-Grade Denial of Service Vulnerability in Windows Hyper-V (CVE-2025-47999)

Role: Critical Information Disclosure Vulnerability in Windows Hyper-V (CVE-2025-48002)

Critical information disclosure vulnerability in Storage Port Driver (CVE-2025-49684)

Critical elevation of privilege vulnerability in Universal Print Management Service (CVE-2025-47986)

Low-grade denial of service vulnerability in Virtual Hard Disk (VHDX) (CVE-2025-49683)

Critical elevation of privilege vulnerabilities in Virtual Hard Disk (VHDX) (CVE-2025-47971, CVE-2025-49689, CVE-2025-47973)

Critical elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock (CVE-2025-49661)

Critical elevation of privilege vulnerability in Windows AppX Deployment Service (CVE-2025-48820)

Critical Feature Bypass Vulnerabilities in Windows BitLocker (CVE-2025-48001, CVE-2025-48003, CVE-2025-48800, CVE-2025-48804, CVE-2025-48818)

Critical elevation of privilege vulnerability in Windows Connected Devices Platform Service (CVE-2025-48000)

Critical remote code execution vulnerability in Windows Connected Devices Platform Service (CVE-2025-49724)

Critical elevation of privilege vulnerability in Windows Cred SSProvider Protocol (CVE-2025-47987)

Critical information disclosure vulnerability in Windows Cryptographic Services (CVE-2025-48823)

Critical elevation of privilege vulnerabilities in Windows Event Tracing (CVE-2025-47985, CVE-2025-49660)

Critical elevation of privilege vulnerability in Windows Fast FAT Driver (CVE-2025-49721)

Critical information disclosure vulnerability in Windows GDI (CVE-2025-47984)

Critical information disclosure vulnerability in Windows Imaging Component (CVE-2025-47980)

Critical remote code execution vulnerability in Windows KDC Proxy Service (KPSSVC) (CVE-2025-49735)

Critical-grade denial-of-service vulnerability in Windows Kerberos (CVE-2025-47978)

Critical-grade remote code execution vulnerability in Windows Kernel (CVE-2025-49666)

Critical information disclosure vulnerabilities in the Windows Kernel (CVE-2025-26636, CVE-2025-48808, CVE-2025-48809)

Critical elevation of privilege vulnerability in the Windows MBT Transport driver (CVE-2025-47996)

Critical elevation of privilege vulnerability in Windows Media (CVE-2025-49682)

Critical remote code execution vulnerability in Windows Media (CVE-2025-49691)

Critical elevation of privilege vulnerability in Windows NTFS (CVE-2025-49678)

Critical denial of service vulnerability in Windows Netlogon (CVE-2025-49716)

Critical elevation of privilege vulnerability in Windows Notification (CVE-2025-49726, CVE-2025-49725)

Critical-grade denial-of-service vulnerability in Windows Performance Recorder (CVE-2025-49680)

Critical denial of service vulnerability in Windows Print Spooler Components (CVE-2025-49722)

Critical security feature bypass vulnerability in Windows Remote Desktop Licensing Service (CVE-2025-48814)

Critical remote code execution vulnerabilities in Windows Routing and Remote Access Service (RRAS) (CVE-2025-48824, CVE-2025-49657, CVE-2025-49670, CVE-2025-49672, CVE-2025-49674, CVE-2025-49676, CVE-2025-49688, CVE-2025-49753, CVE-2025-47998, CVE-2025-49663, CVE-2025-49668, CVE-2025-49669, CVE-2025-49673, CVE-2025-49729)

Critical information disclosure vulnerabilities in Windows Routing and Remote Access Service (RRAS) (CVE-2025-49671, CVE-2025-49681)

Critical-grade spoofing vulnerability in Windows SMB (CVE-2025-48802)

Critical remote code execution vulnerability in Windows SPNEGO Extended Negotiation (CVE-2025-47981)

Critical elevation of privilege vulnerabilities in Windows SSDP Service (CVE-2025-47976, CVE-2025-47975, CVE-2025-48815)

Critical information disclosure vulnerability in Windows Secure Kernel Mode (CVE-2025-48810)

Critical elevation of privilege vulnerability in Windows Shell (CVE-2025-49679)

Critical security feature bypass vulnerability in Windows SmartScreen (CVE-2025-49740)

Critical Tampering Vulnerability in the Windows StateRepository API (CVE-2025-49723)

Critical elevation of privilege vulnerability in the Windows Storage VSP Driver (CVE-2025-47982)

Moderate spoofing vulnerability in Windows Storage (CVE-2025-49760)

Critical elevation of privilege vulnerability in Windows TCP/IP (CVE-2025-49686)

Critical elevation of privilege vulnerability in Windows TDX.sys (CVE-2025-49659)

Critical information disclosure vulnerability in Windows TDX.sys (CVE-2025-49658)

Critical elevation of privilege vulnerabilities in Windows Universal Plug and Play (UPnP) Device Host (CVE-2025-48819, CVE-2025-48821)

Critical elevation of privilege vulnerability in Windows Update Service (CVE-2025-48799)

Critical information disclosure vulnerability in Windows User-Mode Driver Framework Host (CVE-2025-49664)

Critical elevation of privilege vulnerabilities in Windows Virtualization-Based Security (VBS) Enclave (CVE-2025-47159, CVE-2025-48803, CVE-2025-48811)

Windows Win32K – Critical elevation of privilege vulnerability in GRFX (CVE-2025-49727)

Windows Win32K – Critical elevation of privilege vulnerability in ICOMP (CVE-2025-49667, CVE-2025-49733)

Critical elevation of privilege vulnerability in Workspace Broker (CVE-2025-49665)

Vulnerability Patches

The following product-specific Vulnerability Patches were made available with the July 8, 2025 Update Please use Windows Update to install automatically or refer to the URLs in the product information below to download and install.

Azure Monitor Agent version

Azure Service Fabric version

https://msrc.microsoft.com/update-guide/

Microsoft 365 Apps for Enterprise version

https://msrc.microsoft.com/update-guide/

Microsoft Configuration Manager 2503 version

https://learn.microsoft.com/en-us/mem/configmgr/core/servers/manage/install-in-console-updates

Microsoft Excel 2016 version

https://www.microsoft.com/en-us/download/details.aspx?id=108251

Microsoft Office 2016 version

https://www.microsoft.com/en-us/download/details.aspx?id=108252

https://www.microsoft.com/en-us/download/details.aspx?id=108250

Microsoft Office 2019 versions

Microsoft Office LTSC 2021 editions

Microsoft Office LTSC 2024 editions

https://msrc.microsoft.com/update-guide/

Microsoft Office for Android editions

https://msrc.microsoft.com/update-guide/

Microsoft Outlook 2016 version

https://www.microsoft.com/en-us/download/details.aspx?id=108237

Microsoft PC Manager version

https://msrc.microsoft.com/update-guide/

Microsoft PowerPoint 2016 version

https://www.microsoft.com/en-us/download/details.aspx?id=108254

Microsoft SQL Server 2016 Service Pack 2 (GDR) version

https://www.microsoft.com/download/details.aspx?id=108275

Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack version

https://www.microsoft.com/download/details.aspx?id=108273

Microsoft SQL Server 2017 (CU 31) version

https://www.microsoft.com/download/details.aspx?id=108272

Microsoft SQL Server 2017 (GDR) version

https://www.microsoft.com/download/details.aspx?id=108271

Microsoft SQL Server 2019 (CU 32) editions

https://www.microsoft.com/download/details.aspx?id=108270

Microsoft SQL Server 2019 (GDR) editions

https://www.microsoft.com/download/details.aspx?id=108274

Microsoft SQL Server 2022 (CU 19) editions

https://www.microsoft.com/download/details.aspx?id=108269

Microsoft SQL Server 2022 (GDR) editions

https://www.microsoft.com/download/details.aspx?id=108268

Microsoft SharePoint Enterprise Server 2016 version

https://www.microsoft.com/en-us/download/details.aspx?id=108257

https://www.microsoft.com/en-us/download/details.aspx?id=108258

Microsoft SharePoint Server 2019 editions

https://www.microsoft.com/en-us/download/details.aspx?id=108259

https://www.microsoft.com/en-us/download/details.aspx?id=108261

Microsoft SharePoint Server Subscription Edition version

https://www.microsoft.com/en-us/download/details.aspx?id=108262

Microsoft Teams for Android version

Microsoft Teams for Desktop version

Microsoft Teams for Mac version

Microsoft Teams for iOS version

https://msrc.microsoft.com/update-guide/

Microsoft Visual Studio 2015 Update 3 version

https://aka.ms/vs/14/release/5063035

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) version

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) version

Microsoft Visual Studio 2022 version 17.10

Microsoft Visual Studio 2022 version 17.12

Microsoft Visual Studio 2022 version 17.14

Microsoft Visual Studio 2022 version 17.8

https://msrc.microsoft.com/update-guide/

Microsoft Word 2016 version

https://www.microsoft.com/en-us/download/details.aspx?id=108252

https://www.microsoft.com/en-us/download/details.aspx?id=108249

https://www.microsoft.com/en-us/download/details.aspx?id=108255

https://www.microsoft.com/en-us/download/details.aspx?id=108253

https://www.microsoft.com/en-us/download/details.aspx?id=108256

Office Online Server version

https://www.microsoft.com/en-us/download/details.aspx?id=108260

Python extension for Visual Studio Code version

Remote Desktop client for Windows Desktop version

https://msrc.microsoft.com/update-guide/

Windows 10 version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561

Windows 10 Version 1607 Version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560

Windows 10 Version 1809

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557

Windows 10 Version 21H2

Windows 10 Version 22H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554

Windows 11 Version 22H2

Windows 11 Version 23H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552

Windows 11 Version 24H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553

Windows App Client for Windows Desktop version

https://msrc.microsoft.com/update-guide/

Windows Server 2008 R2 Service Pack 1 Version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619

Windows Server 2008 Service Pack 2 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618

Windows Server 2012 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061059

Windows Server 2012 R2 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061018

Windows Server 2016 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061010

Windows Server 2019 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060998

Windows Server 2022 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526

Windows Server 2022, 23H2 Edition version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060999

Windows Server 2025 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060842

MS Family July 2025 Routine Security Update Advisory

Overview

Affected Products

Apps family

Azure Family

Developer Tools suite

ESU Family

Microsoft Office Suite

SQL Server Family

System Center Suite

Windows Suite

Resolved Vulnerabilities

Apps Suite

Azure family

Developer Tools suite

Microsoft Office Suite

SQL Server Family

System Center Suite

Windows Family

Vulnerability Patches

Vercel Product Security Update Advisory (CVE-2025-49826)

WordPress Product Security Update Advisory (CVE-2025-6463)

Overview

Affected Products

Apps family

Azure Family

Developer Tools suite

ESU Family

Microsoft Office Suite

SQL Server Family

System Center Suite

Windows Suite

Resolved Vulnerabilities

Apps Suite

Azure family

Developer Tools suite

Microsoft Office Suite

SQL Server Family

System Center Suite

Windows Family

Vulnerability Patches

Tags:

Vercel Product Security Update Advisory (CVE-2025-49826)

WordPress Product Security Update Advisory (CVE-2025-6463)