CVE-2025-49741 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49741

CVE-2025-49713 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49713

CVE-2025-32726 Visual Studio Code Elevation of Privilege Vulnerability

Added an acknowledgement. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32726

CVE-2022-23278 Microsoft Defender for Endpoint Spoofing Vulnerability

Updated links to security updates. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23278

CVE-2022-33637 Microsoft Defender for Endpoint Tampering Vulnerability

Updated links to security updates. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33637

CVE-2024-43614 Microsoft Defender for Endpoint for Linux Spoofing Vulnerability

Updated links to security updates. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43614

CVE-2024-49000 SQL Server Native Client Remote Code Execution Vulnerability

CVE-2024-49000 re-released to address a regression introduced in the original updates to both Security update for SQL 2016 Azure Connect Feature Pack and Security update for SQL Server 2016 SP3 RTM+GDR. Customers affected by the regression should install the security updates released on July 8, 2025. See the updated information in the Security Updates table.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000

CVE-2025-47161 Microsoft Defender for Endpoint Elevation of Privilege Vulnerability

Updated links to security updates. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47161

CVE-2025-26684 Microsoft Defender Elevation of Privilege Vulnerability

Updated links to security updates. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26684

CVE-2025-33069 Windows App Control for Business Security Feature Bypass Vulnerability

Added acknowledgements. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33069

CVE-2024-21302 Windows Secure Kernel Mode Elevation of Privilege Vulnerability

Microsoft has released July 8, 2025 security updates for Windows 10 1507, Windows 10, version 1607, Windows 10, version 1809, and Windows Server 2016 and Windows Server 2018 that provide mitigations to protect these versions of Windows from this vulnerability. This ensures that mitigations are available to protect all supported versions of Windows 10 and Windows 11 from this vulnerability. See the available mitigations and deployment guidelines described in [KB5042562: Guidance for blocking rollback of virtualization-based security related updates](https://support.microsoft.com/help/5042562).

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302

CVE-2023-24932 Secure Boot Security Feature Bypass Vulnerability

Microsoft has released July 8, 2025 security updates for all supported versions of Windows that provide new mitigations to protect against this vulnerability; however, these mitigations are not enabled by default. After you have installed the updates, follow the steps outlined in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://support.microsoft.com/help/5025885) to enable these protections.All Windows devices should have the the July 8, 2025 security updates installed regardless of your plan to enable the mitigations.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932

CVE-2025-49718 Microsoft SQL Server Information Disclosure Vulnerability

Updated FAQ information. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49718

CVE-2024-49000 SQL Server Native Client Remote Code Execution Vulnerability

Updated CVE to correct information regarding the security update for SQL 2016 Azure Connect Feature Pack. This version was not affected by the regression. The original update information has been restored for SQL 2016 Azure Connect Feature Pack. Nevertheless, Microsoft recommends updating to the most recent version of all SQL server products.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000

CVE-2025-47956 Windows Security App Spoofing Vulnerability

Corrected Article and Download entries in the Affected Products table. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47956

CVE-2025-49705 Microsoft PowerPoint Remote Code Execution Vulnerability

**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49705

CVE-2025-49703 Microsoft Word Remote Code Execution Vulnerability

**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49703

CVE-2025-49702 Microsoft Office Remote Code Execution Vulnerability

**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49702

CVE-2025-49699 Microsoft Office Remote Code Execution Vulnerability

**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49699

CVE-2025-49698 Microsoft Word Remote Code Execution Vulnerability

**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49698

CVE-2025-49697 Microsoft Office Remote Code Execution Vulnerability

**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49697