Microsoft’s July Patch Tuesday: 132 Fixes, Including Critical and Public Aware Threats
The release consists of:
- 13 Critical and 119 Important fixes
- Coverage across Windows, Microsoft Office, SharePoint, Power Automate, WebDAV, Windows Routing and Remote Access Service (RRAS), and more
- A combined CVSS score of 869.2, with an average severity of 6.6
- No vulnerabilities were marked as both Weaponized and Publicly Known this month
Robert Brown, Senior Director of Professional Services at Absolute, emphasizes the importance of prioritization in vulnerability management.
Watch now: Patch Tuesday July 2025 Webinar
Patch Tuesday Review: Top 5 Vulnerabilities You Need to Know
As always, Patch Tuesday brings critical updates and security fixes to keep your systems protected. Here’s a breakdown of the most significant issues and why you should prioritize addressing them immediately.
CVE-2025-49704: Microsoft SharePoint Remote Code Execution Vulnerability
Improper control of generation of code (code injection) in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Not Weaponized, Not Publicly Known
- Severity: Critical | CVSS Score: 8.8
- Attack Vector: Network | Privileges Required: Low
- User Interaction: None | Complexity: Low
This vulnerability allows an authenticated attacker to inject and execute arbitrary code remotely within a SharePoint environment. If exploited, it could allow system compromise, data exfiltration, or malware deployment.
CVE-2025-49735: Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
Not Weaponized, Not Publicly Known
- Severity: Critical | CVSS Score: 8.1
- Attack Vector: Network | Privileges Required: None
- User Interaction: None | Complexity: High
This vulnerability could be exploited to run arbitrary code in the context of the KDC Proxy Service, which may enable lateral movement or domain-level access in Kerberos environments.
CVE-2025-47981: SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation (NEGOEX) Security Mechanism allows an attacker to execute code over a network.
Not Weaponized, Not Publicly Known
- Severity: Critical | CVSS Score: 9.8
- Attack Vector: Network | Privileges Required: None
- User Interaction: None | Complexity: Low
A critical heap overflow vulnerability that could allow attackers to remotely execute code within the security negotiation layer, posing a significant risk to authentication infrastructure.
CVE-2025-49696: Microsoft Office Remote Code Execution Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
Not Weaponized, Not Publicly Known
- Severity: Critical | CVSS Score: 8.4
- Attack Vector: Local | Privileges Required: None
- User Interaction: None | Complexity: Low
This vulnerability may allow malicious Office documents to trigger memory read issues and escalate to remote code execution if chained with additional flaws. The Preview Pane is an attack vector.
CVE-2025-49695: Microsoft Office Remote Code Execution Vulnerability
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Not Weaponized, Not Publicly Known
- Severity: Critical | CVSS Score: 8.4
- Attack Vector: Local | Privileges Required: None
- User Interaction: None | Complexity: Low
A use-after-free vulnerability in Microsoft Office that may lead to full compromise of the host system through crafted documents or malformed input. The Preview Pane is an attack vector.
Final Thoughts
This month’s updates reinforce the importance of a resilient patching strategy. While no vulnerabilities this month were flagged as both Weaponized and Publicly Known, the top risks identified using Absolute’s Risk Scoring methodology show high CVSS values, critical impact types, and exploitation potential.
- Prioritize remote code execution flaws
- Monitor authentication-related vulnerabilities like NEGOEX and KPSSVC
- Patch Office and SharePoint exposures before they’re chained with future exploits
Stay vigilant, patch smart, and ensure your endpoints are protected — without overwhelming your IT teams.
See the July, 2025 Patch Tuesday Chart (PDF).
