CyberSecurityBoard
Sponsor Register Login

Microsoft Patch Tuesday July 2025: 130 Vulnerabilities Fixed Including 41 RCE

Out of 130 vulnerabilities, Microsoft fixes 41 Remote Code Execution, 53 Elevation of Privilege, 18 Information Disclosure, 5 Denial of Service, 4 Spoofing, 1 Data Tampering vulnerability, and 8 Security Feature Bypass issues. These vulnerabilities span various Microsoft products and services, including Windows Kernel, Remote Desktop Client, Microsoft Office, Windows BitLocker, and Windows Routing and Remote Access Service (RRAS). Remote Code Execution (RCE) Vulnerabilities A significant portion of the vulnerabilities—55 CVEs—could potentially lead to remote code execution, allowing attackers to run arbitrary code on affected systems. Microsoft released patch Tuesday June 2025 as a monthly security update, addressing a total of 130 Microsoft Common Vulnerabilities and Exposures (CVEs) and republishing 10 non-Microsoft CVEs. The update covers a wide range of products and services, including Windows, Microsoft Office, SQL Server, Microsoft Edge (Chromium-based), and Visual Studio, among others. This release includes critical and important vulnerabilities, with several allowing remote code execution (RCE). CVE-2025-49717 (SQL Server, CVSS 8.5): This vulnerability could allow attackers to execute code remotely with significant impact on affected systems. Actively Exploited or Zero-Day Vulnerabilities Microsoft confirmed that no vulnerabilities in this update are actively exploited or classified as zero-day vulnerabilities.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 08 Jul 2025 17:25:16 +0000


Cyber News related to Microsoft Patch Tuesday July 2025: 130 Vulnerabilities Fixed Including 41 RCE

CVE-2024-26588 - In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218] CPU 0 Unable to handle kernel paging request at ...
1 year ago Tenable.com
CVE-2022-49753 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
15 Best Patch Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive patch management for various operating systems, applications, and third-party software.It is complex for new users and requires time and training to utilize its functionalities fully.Advanced analytics ...
10 months ago Cybersecuritynews.com
Microsoft Patch Tuesday July 2025: 130 Vulnerabilities Fixed Including 41 RCE - Out of 130 vulnerabilities, Microsoft fixes 41 Remote Code Execution, 53 Elevation of Privilege, 18 Information Disclosure, 5 Denial of Service, 4 Spoofing, 1 Data Tampering vulnerability, and 8 Security Feature Bypass issues. These vulnerabilities ...
6 months ago Cybersecuritynews.com CVE-2025-49717
Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws - While there was only one zero-day in this Patch Tuesday, Microsoft fixed numerous, critical remote code execution flaws in Microsoft Office that can be exploited simply by opening a specially crafted document or when viewed through the preview pane. ...
6 months ago Bleepingcomputer.com CVE-2025-49704
Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs - Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution ...
1 year ago Bleepingcomputer.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
2 years ago Microsoft.com
January 2024 Patch Tuesday forecast: A Focus on Printing - This article aims to provide a quick summary of some of the latest trends, announcements, and changes associated with IT patch operations while looking at the upcoming Patch Tuesday and what software updates to expect. December 2023 Patch Tuesday ...
2 years ago Helpnetsecurity.com
KB5062554 - Microsoft Releases Cumulative Update for Windows 10 With July Patch Tuesday 2025 - Microsoft’s released this update along with July 2025 Patch Tuesday addresses 130 vulnerabilities which Microsoft fixes 41 Remote Code Execution, 53 Elevation of Privilege, 18 Information Disclosure, 5 Denial of Service, 4 Spoofing, 1 Data ...
6 months ago Cybersecuritynews.com
Windows Security Updates: How to Stay Ahead of Vulnerabilities - In April 2025, cybersecurity teams were starkly reminded of the stakes involved in patch management when Microsoft disclosed CVE-2025-29824, a zero-day privilege escalation flaw in the Windows Common Log File System (CLFS) driver. In April 2025, ...
8 months ago Cybersecuritynews.com CVE-2025-29824
Microsoft's January 2024 Patch Tuesday Addresses 49 Vulnerabilities, Including Two Critical Vulnerabilities - Microsoft's first Patch Tuesday of 2024 has arrived, and it's a significant one. The tech giant has released fixes for a total of 49 vulnerabilities, including 12 remote code execution vulnerabilities and two critical vulnerabilities. These ...
2 years ago Securityboulevard.com
Microsoft Patch Tuesday 2024: 49 Vulnerabilities are fixed - Microsoft released its first patch on Tuesday, 2024, in which nearly 49 vulnerabilities have been fixed in Microsoft products and 5 vulnerabilities in non-Microsoft products. Among these 49 vulnerabilities, there were 12 remote code execution ...
2 years ago Cybersecuritynews.com CVE-2024-20674 CVE-2024-20700 CVE-2024-0057
CVE-2025-10703 - Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. ...
2 months ago
CVE-2025-10702 - Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. ...
2 months ago
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws - Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four ...
1 year ago Bleepingcomputer.com CVE-2024-30046
Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 Akira
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available - The Microsoft SharePoint zero-day attacks were first identified by Dutch cybersecurity firm Eye Security, which told BleepingComputer that over 75 companies have already been compromised by the attacks. In May, Viettel Cyber Security researchers ...
6 months ago Bleepingcomputer.com CVE-2025-49706
Windows Disk Cleanup Tool Vulnerability Exploited to Gain SYSTEM Privileges - Microsoft has addressed a critical vulnerability in the Windows Disk Cleanup Tool (cleanmgr.exe) in the February 2025 Patch Tuesday security updates. The Microsoft Security Response Center website has more information about the patch and the other ...
11 months ago Cybersecuritynews.com
Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security - In an advisory about the SharePoint security hole, a.k.a. CVE-2025-53770, Microsoft said it is aware of active attacks targeting on-premises SharePoint Server customers and exploiting vulnerabilities that were only partially addressed by the July 8, ...
6 months ago Krebsonsecurity.com CVE-2025-53770
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day - Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution bugs were fixed, Microsoft only rated three ...
2 years ago Bleepingcomputer.com CVE-2023-20588
Microsoft: Zero-day bug used in ransomware attacks on US real estate firms | The Record from Recorded Future News - Microsoft did not provide more information on the hackers behind the campaign, only referring to the threat actors as “Storm-2460.” CVE-2025-29824 was the only Patch Tuesday bug from Microsoft added to the Cybersecurity and Infrastructure ...
9 months ago Therecord.media CVE-2025-29824 RansomEXX
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws - Microsoft says that this remote code execution vulnerability is caused by an integer overflow or wraparound in Windows Fast FAT Driver that, when exploited, allows an attacker to execute code. Microsoft says that this remote code execution ...
10 months ago Bleepingcomputer.com
December 2023 Patch Tuesday forecast: 'Tis the season for vigilance - Many in the retail industry have placed our systems in 'lockdown' since before Thanksgiving to ensure we don't interrupt ongoing sales. They won't be able to update them until after the holidays, but that doesn't mean they can't respond to threats. ...
2 years ago Helpnetsecurity.com CVE-2023-36025 CVE-2021-3773
How Patch Management Software Solves the Update Problem - I've never met an IT leader who doesn't know how important patch management is. At Heimdal, we believe patch management software provides the solution to this problem. Patch management software is a technology that allows businesses to automate the ...
1 year ago Heimdalsecurity.com
Microsoft 365 Admin Center Outage Blocks Access for Admins Worldwide - Microsoft acknowledged the problem via its service health status page, advising affected users to check for updates outside the inaccessible portal. Microsoft recommends using alternative URLs, like the Microsoft 365 admin center direct links or the ...
5 months ago Cybersecuritynews.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)