CVE-2025-26684 Microsoft Defender Elevation of Privilege Vulnerability
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26684
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26684
CVE-2025-33069 Windows App Control for Business Security Feature Bypass Vulnerability
Added acknowledgements. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33069
Added acknowledgements. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33069
CVE-2024-21302 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Microsoft has released July 8, 2025 security updates for Windows 10 1507, Windows 10, version 1607, Windows 10, version 1809, and Windows Server 2016 and Windows Server 2018 that provide mitigations to protect these versions of Windows from this vulnerability. This ensures that mitigations are available to protect all supported versions of Windows 10 and Windows 11 from this vulnerability. See the available mitigations and deployment guidelines described in [KB5042562: Guidance for blocking rollback of virtualization-based security related updates](https://support.microsoft.com/help/5042562).
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302
Microsoft has released July 8, 2025 security updates for Windows 10 1507, Windows 10, version 1607, Windows 10, version 1809, and Windows Server 2016 and Windows Server 2018 that provide mitigations to protect these versions of Windows from this vulnerability. This ensures that mitigations are available to protect all supported versions of Windows 10 and Windows 11 from this vulnerability. See the available mitigations and deployment guidelines described in [KB5042562: Guidance for blocking rollback of virtualization-based security related updates](https://support.microsoft.com/help/5042562).
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302
CVE-2023-24932 Secure Boot Security Feature Bypass Vulnerability
Microsoft has released July 8, 2025 security updates for all supported versions of Windows that provide new mitigations to protect against this vulnerability; however, these mitigations are not enabled by default. After you have installed the updates, follow the steps outlined in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://support.microsoft.com/help/5025885) to enable these protections.All Windows devices should have the the July 8, 2025 security updates installed regardless of your plan to enable the mitigations.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932
Microsoft has released July 8, 2025 security updates for all supported versions of Windows that provide new mitigations to protect against this vulnerability; however, these mitigations are not enabled by default. After you have installed the updates, follow the steps outlined in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://support.microsoft.com/help/5025885) to enable these protections.All Windows devices should have the the July 8, 2025 security updates installed regardless of your plan to enable the mitigations.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932
CVE-2025-49718 Microsoft SQL Server Information Disclosure Vulnerability
Updated FAQ information. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49718
Updated FAQ information. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49718
CVE-2024-49000 SQL Server Native Client Remote Code Execution Vulnerability
Updated CVE to correct information regarding the security update for SQL 2016 Azure Connect Feature Pack. This version was not affected by the regression. The original update information has been restored for SQL 2016 Azure Connect Feature Pack. Nevertheless, Microsoft recommends updating to the most recent version of all SQL server products.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000
Updated CVE to correct information regarding the security update for SQL 2016 Azure Connect Feature Pack. This version was not affected by the regression. The original update information has been restored for SQL 2016 Azure Connect Feature Pack. Nevertheless, Microsoft recommends updating to the most recent version of all SQL server products.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000
CVE-2025-47956 Windows Security App Spoofing Vulnerability
Corrected Article and Download entries in the Affected Products table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47956
Corrected Article and Download entries in the Affected Products table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47956
CVE-2025-49705 Microsoft PowerPoint Remote Code Execution Vulnerability
**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49705
**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49705
CVE-2025-49703 Microsoft Word Remote Code Execution Vulnerability
**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49703
**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49703
CVE-2025-49702 Microsoft Office Remote Code Execution Vulnerability
**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49702
**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49702
CVE-2025-49699 Microsoft Office Remote Code Execution Vulnerability
**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49699
**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49699
CVE-2025-49698 Microsoft Word Remote Code Execution Vulnerability
**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49698
**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49698
CVE-2025-49697 Microsoft Office Remote Code Execution Vulnerability
**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49697
**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49697
CVE-2025-49696 Microsoft Office Remote Code Execution Vulnerability
**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49696
**Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?**Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49696
CVE-2025-49695 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49695
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49695
CVE-2025-49735 Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
Corrected Download and Article links in the Security Updates table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49735
Corrected Download and Article links in the Security Updates table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49735
Chromium: CVE-2025-7656 Integer overflow in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-7656
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-7656
Chromium: CVE-2025-6558 Incorrect validation of untrusted input in ANGLE and GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information. Google is aware that an exploit for CVE-2025-6558 exists in the wild.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6558
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information. Google is aware that an exploit for CVE-2025-6558 exists in the wild.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6558
Chromium: CVE-2025-7657 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-7657
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-7657
CVE-2024-36350 AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue
Corrected CVE number. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-36350
Corrected CVE number. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-36350
CVE-2025-53762 Microsoft Purview Elevation of Privilege Vulnerability
Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53762
Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53762