July 2025 Microsoft Updates

This update fixes security issues in your Windows operating system.

[Graphics] Fixed: This issue only occurs if the June 2025 non-security update KB5060829 is installed. When the game resolution does not match the desktop resolution, game content may lose synchronization with the cursor position when switching from certain games running in full-screen exclusive mode using ALT + Tab.

[Multimedia] Fixed: This update fixes an issue where notification sounds were not playing. Affected sounds included on-screen alerts, volume adjustments, and login sounds.

[Windows Firewall] Fixed: This update addresses an issue that appears as Event 2042 in Event Viewer for Windows Firewall with Advanced Security. The event appears as "Configuration Read Failed" with the message "More data available."

Known issues in this update

Azure VM with Trusted Boot disabled
A small subset of Generation 2 Azure Virtual Machines (VMs) with Trusted Boot disabled and Virtualization Based Security (VBS) applied via registry key may fail to boot after installing this update.
To check if your virtual machine is affected:

• Check if your VM was created as “Standard”.
• Check if VBS is enabled. Open System Information (msinfo32.exe) and confirm that Virtualization-based security is running and the Hyper-V role is not installed on the VM.

Windows 11, version 24H2 -July 13, 2025—KB5064489 (OS Build 26100.4656) Out-of-band

This Out-of-Band (OOB) update includes quality improvements. This update is cumulative and includes the security fixes and improvements in the July 8, 2025 security update KB5062553 plus the following:
[Fix for Azure Virtual Machines with Trusted Boot disabled] This update addresses an issue that prevents some virtual machines (VMs) from starting when Virtualization-Based Security (VBS) is enabled. This issue affected VMs running version 8.0 (a non-default version) where VBS was provided by the host. In Azure, this applies to standard (non-Trusted Boot) General Enterprise (GE) VMs running on older VM SKUs. The issue is due to a secure kernel initialization issue.

Windows 11, version 23H2 -July 8, 2025—KB5062552 (OS Builds 22621.5624 and 22631.5624)

This update fixes security issues in your Windows operating system.

Windows 11, version 23H2

This security update includes quality improvements.

• This version includes all the improvements in Windows 11 version 22H2.
• There are no additional issues documented in this release.

Windows 11, version 22H2

This security update includes improvements that were a part of update KB5060826 (released June 25, 2025).
[Graphics] Fixed: This update addresses a fix from a previous release that could cause black screen issues during display changes, such as connecting or disconnecting a monitor.

Windows 10 (initial version released July 2015) update history - July 8, 2025—KB5062561 (OS Build 10240.21073)

This security update includes quality improvements.
[ Built-in Windows OS ] This update includes several security improvements to built-in Windows OS functionality. No specific issues have been documented for this release.
Support for Windows 10 will end in October 2025
Microsoft will no longer provide free software updates, technical support, or security fixes for Windows 10 through Windows Update after October 14, 2025.

Windows 10, version 1809, Windows Server, version 1809, and Windows Server 2019 - July 8, 2025—KB5062557 (OS Build 17763.7558)

This security update includes quality improvements.

Windows 10, version 1809

• [Introduction and Creation] Fixed: An issue affecting the complete removal of unused language packs and Feature on Demand (FOD) packs. This issue caused unnecessary storage usage and increased Windows update installation time.

Windows Server 2019

• [Network Security and Containers] Fixed: An issue in the CharNextW function that caused incorrect character generation for GB18030-2022 compliance. The function has been deprecated and replaced with a modern ICU-based solution to ensure GB18030-2022 requirements are correctly met.
• [DHCP Server (known issue)] Fixed: An issue where the DHCP Server service may intermittently stop responding, affecting IP renewal for clients.
• [Microsoft RPC Netlogon protocol] This update includes a security-hardening change to the Microsoft RPC Netlogon protocol. This change improves security by tightening access controls for a number of remote procedure call (RPC) requests. After installing this update, Active Directory domain controllers will no longer allow anonymous clients to invoke certain RPC requests through the Netlogon RPC server. These requests are typically related to the domain controller's location. Certain file and print service software, including Samba, may be affected.
• [Stability issue] Fixed: This update addresses an issue that was observed in rare cases after the installation of the May 2025 security update and later updates, causing stability issues on devices. Some devices became unresponsive and stopped responding in certain situations.

Support for Windows 10 will end in October 2025

Microsoft will no longer provide free software updates, technical support, or security fixes for Windows 10 through Windows Update after October 14, 2025.

Windows 10, version 22H2 - July 8, 2025—KB5062554 (OS Builds 19044.6093 and 19045.6093)

This list of security issues and quality improvements is included in this security update.

Windows 10, version 21H2

Applies to: Windows 10 Enterprise LTSC 2021 and Windows 10 IoT Enterprise LTSC 2021

This security update includes fixes and quality improvements that were part of the following updates:

• June 10, 2025—KB5060533 (OS Builds 19044.5965 and 19045.5965)
• June 24, 2025—KB5061087 (OS Build 19045.6034) Preview

[ Built-in Windows OS ] This update includes several security improvements to built-in Windows OS functionality. No specific issues have been documented for this release.

Windows 10,version 22H2

Applies to: Windows 10, version 22H2 (All versions)

This security update includes fixes and quality improvements that were part of the following updates:

• June 10, 2025—KB5060533 (OS Builds 19044.5965 and 19045.5965)
• June 16, 2025—KB5063159 (OS Build 19045.5968) Out-of-band
• June 24, 2025—KB5061087 (OS Build 19045.6034) Preview

[ Built-in Windows OS ] This update includes several security improvements to built-in Windows OS functionality. No specific issues have been documented for this release.

Known issues in this update

There are reports of blurry or unclear CJK (Chinese, Japanese, Korean) text when viewed at 96 DPI (100% scaling) in Chromium-based browsers such as Microsoft Edge and Google Chrome. The March 2025 Preview Update introduced Noto fonts in collaboration with Google for CJK languages to improve text rendering when websites or apps don't specify appropriate fonts. The issue is due to the limited pixel density at 96 DPI, which can reduce the clarity and alignment of CJK characters. Increasing the display scaling improves text rendering, increasing clarity.

Windows 10, version 1607 and Windows Server 2016 - July 8, 2025—KB5062560 (OS Build 14393.8246)

This security update includes the fixes and quality improvements that were part of the following update:

• June 10, 2025—KB5061010 (OS Build 14393.8148)

[DHCP Server (known issue)] Fixed: An issue where the DHCP Server service may intermittently stop responding, affecting IP renewal for clients.

[Microsoft RPC Netlogon protocol] This update includes a security-hardening change to the Microsoft RPC Netlogon protocol. This change improves security by tightening access controls for a number of remote procedure call (RPC) requests. After installing this update, Active Directory domain controllers will no longer allow anonymous clients to invoke certain RPC requests through the Netlogon RPC server. These requests are typically related to the domain controller's location. Certain file and print service software, including Samba, may be affected.

[Stability issue] Fixed: This update addresses an issue that was observed in rare cases after the installation of the May 2025 security update and later updates, causing stability issues on devices. Some devices became unresponsive and stopped responding in certain situations.

Windows Server 2025 - July 8, 2025—KB5062553 (OS Build 26100.4652)

[Application installation] Fixed: https://learn.microsoft.com/en-us/windows/win32/api/msi/nf-msi-msiclosehandle

[Authentication]Fixed: Kerberos authentication would stop responding in certain scenarios when RC4 was used for encryption.

Fixed: When a device is Joined to a Hybrid Domain, FIDO Cached Credentials Sign-in may stop responding in certain situations.

Fixed: If the account lockout policy was enabled, opening certain applications after a password change could cause an unexpected crash.

[Boot menu] Fixed: If an update stops responding and then reverts, an unnecessary and dysfunctional boot menu entry may occur. This fix prevents devices from experiencing this issue in the future. If you've encountered this issue before, you can manage additional boot entries from the Boot section of System Configuration (msconfig).

[Color profile]Fixed:
Under Settings > System > Display > Color profile, go to Color management, the expected color profile list for the selected monitor may not be displayed.

Fixed: Color profile settings may not be applied after resuming from sleep mode.
[Cryptography] Fixed: This update addresses an issue affecting Credential Roaming that prevents certificates and keys from being migrated to Active Directory and made available on users' machines.
[Direct 3D Ecosystem] Fixed: This update fixes an issue where some third-party applications may stop responding in the graphics settings page.

[File Explorer] Fixed: In some cases, the See more menu in the File Explorer command bar opens in the wrong direction.

[General reliability] Fixed: An underlying issue might cause you to encounter the PDC_WATCHDOG_TIMEOUT error (blue screen) when your computer wakes from sleep mode.

[Graphics] Fixed: There was an issue that could cause the graphics settings page of some third-party applications to become unresponsive.

[Introduction] Fixed: Improved the reliability of ctfmon.exe by resolving a system reboot issue that could affect writing.

Fixed: ctfmon.exe could be restarted when copying data from certain applications.

[LAPS] This update addresses an issue with Windows LAPS. LAPS settings are not preserved after an in-place upgrade.

[Network] Fixed: The description of the virtual NIC is not displayed correctly in Network Connections (ncpa.cpl) and shows invalid characters.

[OOBE] Fixed: Fixed an issue that prevented ESP from working every time a new user logged in to the device, even if configured by policy.

[PowerShell] Fixed: This update resolves an issue where critical PowerShell modules required for device configuration are not running under Windows Defender Application Control (WDAC) policies.

[Remote Desktop] Fixed: Remote Desktop does not use UDP, only TCP.

[Screen orientation] Fixed: The screen could unexpectedly change orientation when resuming from sleep mode on 2 in 1 devices.

[Task Manager] Task Manager will now calculate CPU utilization differently for the Processes, Performance, and Users pages. It will use standard metrics to consistently display CPU workload across all pages and align with industry standards and third-party tools. To ensure backward compatibility, an optional column (hidden by default) called CPU Utility is available on the Details tab that displays the previous CPU value from the Processes page.

[DHCP Server (known issue)] Fixed: An issue where the DHCP Server service may intermittently stop responding, affecting IP renewal for clients.

Known issues in this update

Azure VM with Trusted Boot disabled

A small subset of Generation 2 Azure Virtual Machines (VMs) with Trusted Boot disabled and Virtualization Based Security (VBS) applied via registry key may fail to boot after installing this update.

To check if your virtual machine is affected:

• Check if your VM was created as “Standard”.
• Check if VBS is enabled. Open System Information (msinfo32.exe) and confirm that Virtualization-based security is running and the Hyper-V role is not installed on the VM.

Microsoft Changjie Input Method Editor

After installing this update, you may experience issues when using the Microsoft Changjie IME (input method editor) for Traditional Chinese.

• Inability to form or select words after writing the entire composition (association sentence window).
• The spacebar or spacebar is not responding.
• Incorrect or corrupted word outputs.
• The conversion candidate window is not displayed properly.

Windows Server 2025 - July 13, 2025— KB5064489 (OS Build 26100.4656) Out-of-band

This Out-of-Band (OOB) update includes quality improvements. This update is cumulative and includes the security fixes and improvements in the July 8, 2025 security update ( KB5062553 ), plus the following:

[Fix for Azure Virtual Machines with Trusted Boot disabled] This update addresses an issue that prevents some virtual machines (VMs) from starting when Virtualization-Based Security (VBS) is enabled. This issue affected VMs running version 8.0 (a non-default version) where VBS was provided by the host. In Azure, this applies to standard (non-Trusted Boot) General Enterprise (GE) VMs running on older VM SKUs. The issue is due to a secure kernel initialization issue.

Windows Server, version 23H2 - July 8, 2025—KB5062570 (OS Build 25398.1732)

This security update includes improvements that were a part of updates KB5060118 (released June 10, 2025) and KB5063774 (released July 1, 2025).

[DNS Server] Fixed: This update addresses an issue where a full zone transfer from a Windows DNS Server to another DNS Server fails to complete when Extension Mechanisms are enabled for DNS.

[Language and character support] Fixed: An issue affecting some Chinese characters that caused a compatibility issue with GB18030. These characters were not displayed or accepted correctly when using extended Unicode. A modern ICU-based solution now properly supports GB18030-2022 requirements.

[Performance] Fixed: This update addresses an issue that prevented unused language packs and Optional Feature packs from being completely removed, which previously resulted in unnecessary storage usage and longer Windows Update installation times.

[Security]​​​​​​​​ This update upgrades the curl tool on Windows to version 8.13.0 to protect against potential security risks, including unauthorized access to data or service interruptions.

[Microsoft RPC Netlogon protocol] This update includes a security-hardening change to the Microsoft RPC Netlogon protocol. This change improves security by tightening access controls for a number of remote procedure call (RPC) requests. After installing this update, Active Directory domain controllers will no longer allow anonymous clients to invoke certain RPC requests through the Netlogon RPC server. These requests are typically related to the domain controller's location. Certain file and print service software, including Samba, may be affected.

Windows Server 2022 - July 8, 2025—KB 5062572 (OS Build 20348.3932)

This security update includes improvements that were a part of update KB5060526 (released June 10, 2025).

[DHCP Server (known issue)] Fixed: An issue where the DHCP Server service may intermittently stop responding, affecting IP renewal for clients.

[Language and character support] Fixed: An issue affecting some Chinese characters that caused compatibility issues with GB18030. These characters were not displayed or accepted correctly when using extended Unicode. A modern ICU-based solution now properly supports GB18030-2022 requirements.

[Performance] Fixed: This update addresses an issue that prevented unused language packs and Optional Feature packs from being completely removed, which previously led to unnecessary storage usage and longer Windows Update installation times.

[Microsoft RPC Netlogon protocol] This update includes a security-hardening change to the Microsoft RPC Netlogon protocol. This change improves security by tightening access controls for a number of remote procedure call (RPC) requests. After installing this update, Active Directory domain controllers will no longer allow anonymous clients to invoke certain RPC requests through the Netlogon RPC server. These requests are typically related to the domain controller's location. Certain file and print service software, including Samba, may be affected.

Windows Server 2012 - July 8, 2025—KB5062592 (Monthly Rollup)

[Microsoft RPC Netlogon protocol] This update includes a security-hardening change to the Microsoft RPC Netlogon protocol. This change improves security by tightening access controls for a number of remote procedure call (RPC) requests. After installing this update, Active Directory domain controllers will no longer allow anonymous clients to invoke certain RPC requests through the Netlogon RPC server. These requests are typically related to the domain controller's location. Certain file and print service software, including Samba, may be affected.

[Stability issue] Fixed: This update addresses an issue that was observed in rare cases after the installation of the May 2025 security update and later updates, causing stability issues on devices. Some devices became unresponsive and stopped responding in certain situations.

Windows 8.1 and Windows Server 2012 R2 - July 8, 2025—KB5062597 (Monthly Rollup)

[Microsoft RPC Netlogon protocol] This update includes a security-hardening change to the Microsoft RPC Netlogon protocol. This change improves security by tightening access controls for a number of remote procedure call (RPC) requests. After installing this update, Active Directory domain controllers will no longer allow anonymous clients to invoke certain RPC requests through the Netlogon RPC server. These requests are typically related to the domain controller's location. Certain file and print service software, including Samba, may be affected.

[Stability issue] Fixed: This update addresses an issue that was observed in rare cases after the installation of the May 2025 security update and later updates, causing stability issues on devices. Some devices became unresponsive and stopped responding in certain situations.

Windows Server 2008 Premium Assurance - July 8, 2025—KB5062624 (Monthly Rollup)

[Microsoft RPC Netlogon protocol] This update includes a security-hardening change to the Microsoft RPC Netlogon protocol. This change improves security by tightening access controls for a number of remote procedure call (RPC) requests. After installing this update, Active Directory domain controllers will no longer allow anonymous clients to invoke certain RPC requests through the Netlogon RPC server. These requests are typically related to the domain controller's location. Certain file and print service software, including Samba, may be affected.

Known issues in this update

After installing this update and restarting your device, you may receive the error "Failed to configure Windows updates. Reversing changes. Do not turn off your PC" and the update may appear as Failed in Update History.

Temporary solution

This is expected in the following cases:

• If you are installing this update on a device running an unsupported version of ESU.
• If your ESU MAK add-on key is not installed and active.

Windows Server 2008 Premium Assurance - July 8, 2025—KB5062618 (Security-only update)

This update only includes security improvements.

[Microsoft RPC Netlogon protocol] This update includes a security-hardening change to the Microsoft RPC Netlogon protocol. This change improves security by tightening access controls for a number of remote procedure call (RPC) requests. After installing this update, Active Directory domain controllers will no longer allow anonymous clients to invoke certain RPC requests through the Netlogon RPC server. These requests are typically related to the domain controller's location. Certain file and print service software, including Samba, may be affected.

Known issues in this update

After installing this update and restarting your device, you may receive the error "Failed to configure Windows updates. Reversing changes. Do not turn off your PC" and the update may appear as Failed in Update History.

Temporary solution

This is expected in the following cases:

• If you are installing this update on a device running an unsupported version of ESU.
• If your ESU MAK add-on key is not installed and active.

Windows Server 2008 R2 Premium Assurance - July 8, 2025—KB5062619 (Security-only update)

This update only includes security improvements.

[Microsoft RPC Netlogon protocol] This update includes a security-hardening change to the Microsoft RPC Netlogon protocol. This change improves security by tightening access controls for a number of remote procedure call (RPC) requests. After installing this update, Active Directory domain controllers will no longer allow anonymous clients to invoke certain RPC requests through the Netlogon RPC server. These requests are typically related to the domain controller's location. Certain file and print service software, including Samba, may be affected.

Windows Server 2008 R2 Premium Assurance - July 8, 2025—KB5062632 (Monthly Rollup)

This security update includes the fixes and quality improvements that were part of the following update:

• June 10, 2025—KB5061078 (Monthly Summary)

[Microsoft RPC Netlogon protocol] This update includes a security-hardening change to the Microsoft RPC Netlogon protocol. This change improves security by tightening access controls for a number of remote procedure call (RPC) requests. After installing this update, Active Directory domain controllers will no longer allow anonymous clients to invoke certain RPC requests through the Netlogon RPC server. These requests are typically related to the domain controller's location. Certain file and print service software, including Samba, may be affected.

Description of the security update for SharePoint Server 2019: July 8, 2025 (KB5002741)

This security update resolves the Microsoft SharePoint remote code execution vulnerability, the Microsoft SharePoint Server spoofing vulnerability, and the Microsoft Word remote code execution vulnerability. To learn more about the vulnerabilities, see the following security alerts:

• Microsoft Common Vulnerabilities and Exposures CVE-2025-49701
• Microsoft Common Vulnerabilities and Exposures CVE-2025-49703
• Microsoft Common Vulnerabilities and Exposures CVE-2025-49704
• Microsoft Common Vulnerabilities and Exposures CVE-2025-49706

Note:

• This is version 16.0.10417.20027 of the security update package.
• To apply this security update, you must have the release version of Microsoft SharePoint Server 2019 installed on your computer.

Description of the security update for SharePoint Server 2019 Language Pack: July 8, 2025 (KB5002739)

This security update resolves a Microsoft Word remote code execution vulnerability.

Note:

• This is version 16.0.10417.20027 of the security update package.
• To apply this security update, you must have the release version of Microsoft SharePoint Server 2019 installed on your computer.

Description of the security update for SharePoint Enterprise Server 2016: July 8, 2025 (KB5002744)

This security update resolves the Microsoft SharePoint remote code execution vulnerability, the Microsoft SharePoint Server spoofing vulnerability, and the Microsoft Word remote code execution vulnerability. To learn more about the vulnerabilities, see the following security alerts:

• Microsoft Common Vulnerabilities and Exposures CVE-2025-49701
• Microsoft Common Vulnerabilities and Exposures CVE-2025-49703
• Microsoft Common Vulnerabilities and Exposures CVE-2025-49704
• Microsoft Common Vulnerabilities and Exposures CVE-2025-49706

Note:

• This is version 16.0.5508.1000 of the security update package.
• To apply this security update, you must have the release version of Microsoft SharePoint Enterprise Server 2016 installed on your computer.

This public update introduces Feature Pack 2 for SharePoint Server 2016. Feature Pack 2 includes the following feature:

• SharePoint Framework (SPFx)

This public update also introduces all the features that are included in Feature Pack 1 for SharePoint Server 2016:

• Administrative Procedures Diary
• MinRole improvements
• SharePoint Custom Tiles
• Hybrid Taxonomy
• OneDrive API for SharePoint on-premises
• OneDrive for Business modern user experience (available to Software Assurance customers)

OneDrive for Business modern user experience requires an active Software Assurance agreement when activated, either through the installation of a public update or through manual activation. If you don't have an active Software Assurance agreement at the time of activation, you must turn off OneDrive for Business modern user experience.

Description of the security update for SharePoint Enterprise Server 2016 Language Pack: July 8, 2025 (KB5002743)

This security update resolves a Microsoft Word remote code execution vulnerability.

Note:

• This is version 16.0.5508.1000 of the security update package.
• To apply this security update, you must have the release version of Microsoft SharePoint Enterprise Server 2016 installed on your computer.

This public update introduces Feature Pack 2 for SharePoint Server 2016. Feature Pack 2 includes the following feature:

• SharePoint Framework (SPFx)

This public update delivers all the features that are included in Feature Pack 1 for SharePoint Server 2016, including:

• Administrative Procedures Diary
• MinRole improvements
• SharePoint Custom Tiles
• Hybrid Taxonomy.
• OneDrive API for SharePoint on-premises
• OneDrive for Business modern user experience (available to Software Assurance customers)

OneDrive for Business modern user experience requires an active Software Assurance agreement when activated, either through the installation of a public update or through manual activation. If you don't have an active Software Assurance agreement at the time of activation, you must turn off OneDrive for Business modern user experience.

Description of the security update for SharePoint Server Subscription Edition: July 8, 2025 (KB5002751)

This security update resolves a Microsoft SharePoint remote code execution vulnerability and a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerabilities, see the following security alerts:

• Microsoft Common Vulnerabilities and Exposures CVE-2025-49701
• Microsoft Common Vulnerabilities and Exposures CVE-2025-49706

Note:

• This is version 16.0.18526.20424 of the security update package.
• To apply this security update, you must have the release version of Microsoft SharePoint Server Subscription Edition installed on your computer.

Improvements and fixes

This security update includes improvements and fixes for the following non-security issues in SharePoint Server Subscription Edition:

• Enables flight for the new Hybrid Search feature on the standard edition ring.
• Fixes an issue where the SharePoint search topology was not resilient during extended server shutdowns, particularly when the Browser components were active.
• Fixes an issue where RSS Feed pages may not load properly after upgrading to .NET Framework 4.8.

Description of the security update for Office 2016: July 8, 2025 (KB5002742)

This security update resolves the Microsoft Office privilege elevation vulnerability, the Microsoft Office remote code execution vulnerability, and the Microsoft Word remote code execution vulnerability. To learn more about the vulnerabilities, see the following security alerts:

• Microsoft Common Vulnerabilities and Exposures CVE-2025-47994
• Microsoft Common Vulnerabilities and Exposures CVE-2025-49695
• Microsoft Common Vulnerabilities and Exposures CVE-2025-49696
• Microsoft Common Vulnerabilities and Exposures CVE-2025-49697
• Microsoft Common Vulnerabilities and Exposures CVE-2025-49698
• Microsoft Common Vulnerabilities and Exposures CVE-2025-49700
• Microsoft Common Vulnerabilities and Exposures CVE-2025-49702

Description of the security update for PowerPoint 2016: Jul 8, 2025 (KB5002746)

This security update resolves the Microsoft PowerPoint remote code execution vulnerability and the Microsoft Office remote code execution vulnerability. To learn more about the vulnerabilities, see the following security alerts:

• Microsoft Common Vulnerabilities and Exposures CVE-2025-49699
• Microsoft Common Vulnerabilities and Exposures CVE-2025-49705

Description of the security update for Word 2016: July 8, 2025 (KB5002745)

This security update resolves a Microsoft Word remote code execution vulnerability.

Description of the security update for Excel 2016: July 8, 2025 (KB5002749)

This security update resolves the Microsoft Excel remote code execution vulnerability, the Microsoft Excel information disclosure vulnerability, and the Microsoft Office remote code execution vulnerability. To learn more about the vulnerabilities, see the following security alerts:

• Microsoft Common Vulnerabilities and Exposures CVE-2025-48812
• Microsoft Common Vulnerabilities and Exposures CVE-2025-49697
• Microsoft Common Vulnerabilities and Exposures CVE-2025-49711

KB5058722 - Description of the security update for SQL Server 2019 CU32: July 8, 2025

This security update contains fixes and addresses security vulnerabilities. To learn more about the vulnerabilities, see the following security alerts:

• CVE-2025-49719 - Microsoft SQL Server Information Disclosure Vulnerability
• CVE-2025-49718 - Microsoft SQL Server Information Disclosure Vulnerability
• CVE-2025-49717 - Microsoft SQL Server Remote Code Execution Vulnerability

In this security update, Microsoft SQL Server components have been updated to the following versions.

• SQL Server - Product version: 15.0.4435.7 , file version: 2019.150.4435.7

For more information; https://support.microsoft.com/en-us/topic/kb5058722-description-of-the-security-update-for-sql-server-2019-cu32-july-8-2025-09dc5da9-3a60-4462-a8ac-a8e782d088d5

KB5058721 - Description of the security update for SQL Server 2022 CU19: July 8, 2025

This security update contains fixes and addresses security vulnerabilities. To learn more about the vulnerabilities, see the following security alerts:

• CVE-2025-49719 - Microsoft SQL Server Information Disclosure Vulnerability
• CVE-2025-49718 - Microsoft SQL Server Information Disclosure Vulnerability
• CVE-2025-49717 - Microsoft SQL Server Remote Code Execution Vulnerability

In this security update, Microsoft SQL Server components have been updated to the following versions.

• SQL Server - Product version: 16.0.4200.1 , file version: 2022.160.4200.1

For more information; https://support.microsoft.com/en-us/topic/kb5058721-description-of-the-security-update-for-sql-server-2022-cu19-july-8-2025-fcf14446-c16b-46b1-a096-f1b775dd45be

KB5058713 - Description of the security update for SQL Server 2019 GDR: July 8, 2025

This security update contains fixes and addresses security vulnerabilities. To learn more about the vulnerabilities, see the following security alerts:

• CVE-2025-49719 - Microsoft SQL Server Information Disclosure Vulnerability
• CVE-2025-49718 - Microsoft SQL Server Information Disclosure Vulnerability
• CVE-2025-49717 - Microsoft SQL Server Remote Code Execution Vulnerability

In this security update, Microsoft SQL Server components have been updated to the following versions.

• SQL Server - Product version: 15.0.2135.5 , file version: 2019.150.2135.5

For more information; https://support.microsoft.com/en-us/topic/kb5058713-description-of-the-security-update-for-sql-server-2019-gdr-july-8-2025-002b1ab3-296f-4f6c-86d1-68ee829dd686