July Patch Tuesday offers 127 fixes

Microsoft on Tuesday released 127 patches affecting 14 product families. Nine of the addressed issues — four involving Windows, two involving 365 and Office, and one each involving SharePoint, SQL, and Word — are considered by Microsoft to be of Critical severity, and 34 have a CVSS base score of 8.0 or higher. None are known to be under active exploit in the wild, though one (CVE-2025-49719, an Important-severity SQL issue allowing information disclosure) is already publicly disclosed.

At patch time, 17 CVEs are judged more likely to be exploited in the next 30 days by the company’s estimation. Various of this month’s issues are amenable to direct detection by Sophos protections, and we include information on those in a table below.

In addition to these patches, 12 Adobe Reader fixes, four of them considered to be of Critical severity, are included in the release. The list of advisories this month has not only three already-patched Edge issues but seven with MITRE-assigned CVEs (usually an indication that the bugs involve products beyond Microsoft’s; in this case, GitK) concerning Visual Studio, plus two Critical-severity CVEs issued by AMD to cover issues in certain of their processors. The fixes for the two AMD information-disclosure issues (CVE-2025-36350, CVE-2025-36357) are addressed by applying a patch to Windows; though we don’t include those in our numbers this month, they appear in Appendix E for the convenience of those dealing with Windows Server updates.

To read the complete article see: July Patch Tuesday offers 127 fixes

---