CVE-2025-33053 Internet Shortcut Files Remote Code Execution Vulnerability
Corrected the CVE description and title. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053
Corrected the CVE description and title. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053
CVE-2025-47963 Microsoft Edge (Chromium-based) Spoofing Vulnerability
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47963
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47963
Chromium: CVE-2025-6557 Insufficient data validation in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6557
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6557
Chromium: CVE-2025-6556 Insufficient policy enforcement in Loader
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6556
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6556
CVE-2025-47964 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47964
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47964
Chromium: CVE-2025-6555 Use after free in Animation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6555
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6555
CVE-2025-47182 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47182
Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47182
Chromium: CVE-2025-6554 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information. Google is aware that an exploit for CVE-2025-6554 exists in the wild.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6554
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information. Google is aware that an exploit for CVE-2025-6554 exists in the wild.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6554
CVE-2025-49741 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49741
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49741
CVE-2025-49713 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49713
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49713
CVE-2025-32726 Visual Studio Code Elevation of Privilege Vulnerability
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32726
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32726
CVE-2022-23278 Microsoft Defender for Endpoint Spoofing Vulnerability
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23278
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23278
CVE-2022-33637 Microsoft Defender for Endpoint Tampering Vulnerability
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33637
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33637
CVE-2024-43614 Microsoft Defender for Endpoint for Linux Spoofing Vulnerability
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43614
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43614
CVE-2024-49000 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49000 re-released to address a regression introduced in the original updates to both Security update for SQL 2016 Azure Connect Feature Pack and Security update for SQL Server 2016 SP3 RTM+GDR. Customers affected by the regression should install the security updates released on July 8, 2025. See the updated information in the Security Updates table.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000
CVE-2024-49000 re-released to address a regression introduced in the original updates to both Security update for SQL 2016 Azure Connect Feature Pack and Security update for SQL Server 2016 SP3 RTM+GDR. Customers affected by the regression should install the security updates released on July 8, 2025. See the updated information in the Security Updates table.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000
CVE-2025-47161 Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47161
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47161
CVE-2025-26684 Microsoft Defender Elevation of Privilege Vulnerability
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26684
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26684
CVE-2025-33069 Windows App Control for Business Security Feature Bypass Vulnerability
Added acknowledgements. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33069
Added acknowledgements. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33069
CVE-2024-21302 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Microsoft has released July 8, 2025 security updates for Windows 10 1507, Windows 10, version 1607, Windows 10, version 1809, and Windows Server 2016 and Windows Server 2018 that provide mitigations to protect these versions of Windows from this vulnerability. This ensures that mitigations are available to protect all supported versions of Windows 10 and Windows 11 from this vulnerability. See the available mitigations and deployment guidelines described in [KB5042562: Guidance for blocking rollback of virtualization-based security related updates](https://support.microsoft.com/help/5042562).
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302
Microsoft has released July 8, 2025 security updates for Windows 10 1507, Windows 10, version 1607, Windows 10, version 1809, and Windows Server 2016 and Windows Server 2018 that provide mitigations to protect these versions of Windows from this vulnerability. This ensures that mitigations are available to protect all supported versions of Windows 10 and Windows 11 from this vulnerability. See the available mitigations and deployment guidelines described in [KB5042562: Guidance for blocking rollback of virtualization-based security related updates](https://support.microsoft.com/help/5042562).
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302
CVE-2023-24932 Secure Boot Security Feature Bypass Vulnerability
Microsoft has released July 8, 2025 security updates for all supported versions of Windows that provide new mitigations to protect against this vulnerability; however, these mitigations are not enabled by default. After you have installed the updates, follow the steps outlined in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://support.microsoft.com/help/5025885) to enable these protections.All Windows devices should have the the July 8, 2025 security updates installed regardless of your plan to enable the mitigations.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932
Microsoft has released July 8, 2025 security updates for all supported versions of Windows that provide new mitigations to protect against this vulnerability; however, these mitigations are not enabled by default. After you have installed the updates, follow the steps outlined in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://support.microsoft.com/help/5025885) to enable these protections.All Windows devices should have the the July 8, 2025 security updates installed regardless of your plan to enable the mitigations.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932
CVE-2025-49718 Microsoft SQL Server Information Disclosure Vulnerability
Updated FAQ information. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49718
Updated FAQ information. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49718