Microsoft Patch Tuesday July 2025: Critical Fixes and Urgent Updates

Understand the critical fixes in Microsoft’s July 2025 Patch Tuesday release and download our essential checklist to protect your systems.

Patch Tuesday Updates July 2025

Table of contents

Dive deeper in our Resource Library
Find the latest white papers, research reports, webinars on demand and much more - all by industry-leading experts.

Microsoft’s July Patch Tuesday: 132 Fixes, Including Critical and Public Aware Threats

The release consists of:

  • 13 Critical and 119 Important fixes
  • Coverage across Windows, Microsoft Office, SharePoint, Power Automate, WebDAV, Windows Routing and Remote Access Service (RRAS), and more
  • A combined CVSS score of 869.2, with an average severity of 6.6
  • No vulnerabilities were marked as both Weaponized and Publicly Known this month

Robert Brown, Senior Director of Professional Services at Absolute, emphasizes the importance of prioritization in vulnerability management.

Patch Tuesday Review: Top 5 Vulnerabilities You Need to Know

As always, Patch Tuesday brings critical updates and security fixes to keep your systems protected. Here’s a breakdown of the most significant issues and why you should prioritize addressing them immediately.

CVE-2025-49704: Microsoft SharePoint Remote Code Execution Vulnerability

Improper control of generation of code (code injection) in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Not Weaponized, Not Publicly Known

  • Severity: Critical | CVSS Score: 8.8
  • Attack Vector: Network | Privileges Required: Low
  • User Interaction: None | Complexity: Low

This vulnerability allows an authenticated attacker to inject and execute arbitrary code remotely within a SharePoint environment. If exploited, it could allow system compromise, data exfiltration, or malware deployment.

CVE-2025-49735: Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

Not Weaponized, Not Publicly Known

  • Severity: Critical | CVSS Score: 8.1
  • Attack Vector: Network | Privileges Required: None
  • User Interaction: None | Complexity: High

This vulnerability could be exploited to run arbitrary code in the context of the KDC Proxy Service, which may enable lateral movement or domain-level access in Kerberos environments.

CVE-2025-47981: SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation (NEGOEX) Security Mechanism allows an attacker to execute code over a network.

Not Weaponized, Not Publicly Known

  • Severity: Critical | CVSS Score: 9.8
  • Attack Vector: Network | Privileges Required: None
  • User Interaction: None | Complexity: Low

A critical heap overflow vulnerability that could allow attackers to remotely execute code within the security negotiation layer, posing a significant risk to authentication infrastructure.

CVE-2025-49696: Microsoft Office Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

Not Weaponized, Not Publicly Known

  • Severity: Critical | CVSS Score: 8.4
  • Attack Vector: Local | Privileges Required: None
  • User Interaction: None | Complexity: Low

This vulnerability may allow malicious Office documents to trigger memory read issues and escalate to remote code execution if chained with additional flaws.  The Preview Pane is an attack vector.

CVE-2025-49695: Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Not Weaponized, Not Publicly Known

  • Severity: Critical | CVSS Score: 8.4
  • Attack Vector: Local | Privileges Required: None
  • User Interaction: None | Complexity: Low

A use-after-free vulnerability in Microsoft Office that may lead to full compromise of the host system through crafted documents or malformed input.  The Preview Pane is an attack vector.

Final Thoughts

This month’s updates reinforce the importance of a resilient patching strategy.  While no vulnerabilities this month were flagged as both Weaponized and Publicly Known, the top risks identified using Absolute’s Risk Scoring methodology show high CVSS values, critical impact types, and exploitation potential.

  1. Prioritize remote code execution flaws
  2. Monitor authentication-related vulnerabilities like NEGOEX and KPSSVC
  3. Patch Office and SharePoint exposures before they’re chained with future exploits

Stay vigilant, patch smart, and ensure your endpoints are protected — without overwhelming your IT teams.

See the July, 2025 Patch Tuesday Chart (PDF).