Patch Tuesday, the unofficial term for Microsoft's scheduled security fix release on every second Tuesday of a month, has been a constant topic of discussion ever since its inception.
Patches
Vulnerabilities
Articles
Impacts
Critical Vulnerabilities
Zero-day vulnerabilities
Microsoft Windows
Microsoft
Microsoft .NET
Others| Vulnerable Component | Impact | CVE ID |
|---|---|---|
| Windows KDC Proxy Service (KPSSVC) | Remote Code Execution | CVE-2025-49735 |
| Microsoft SQL Server | Remote Code Execution | CVE-2025-49717 |
| Microsoft SharePoint | Remote Code Execution | CVE-2025-49704 |
| Microsoft Word | Remote Code Execution | CVE-2025-49703 |
| Microsoft Office | Remote Code Execution | CVE-2025-49702 |
| Microsoft Word | Remote Code Execution | CVE-2025-49698 |
| Microsoft Office | Remote Code Execution | CVE-2025-49697 |
| Microsoft Office | Remote Code Execution | CVE-2025-49696 |
| Microsoft Office | Remote Code Execution | CVE-2025-49695 |
| Windows Hyper-V Discrete Device Assignment (DDA) | Remote Code Execution | CVE-2025-48822 |
| SPNEGO Extended Negotiation (NEGOEX) Security Mechanism | Remote Code Execution | CVE-2025-47981 |
| Windows Imaging Component | Information Disclosure | CVE-2025-47980 |
| AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue | Information Disclosure | CVE-2025-36357 |
| AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue | Information Disclosure | CVE-2025-36350 |
| Vulnerable Component | Impact | CVE ID |
|---|---|---|
| Microsoft SQL Server | Information Disclosure | CVE-2025-49719 |
| CVE ID | Severity | Impact |
|---|---|---|
| CVE-2025-49727 | Important | Elevation of Privilege |
| CVE-2025-49726 | Important | Elevation of Privilege |
| CVE-2025-49725 | Important | Elevation of Privilege |
| CVE-2025-49724 | Important | Remote Code Execution |
| CVE-2025-49723 | Important | Tampering |
| CVE-2025-49722 | Important | Denial of Service |
| CVE-2025-49721 | Important | Elevation of Privilege |
| CVE-2025-49753 | Important | Remote Code Execution |
| CVE-2025-49716 | Important | Denial of Service |
| CVE-2025-49713 | Important | Remote Code Execution |
| CVE-2025-49744 | Important | Elevation of Privilege |
| CVE-2025-49742 | Important | Remote Code Execution |
| CVE-2025-49740 | Important | Security Feature Bypass |
| CVE-2025-49738 | Important | Elevation of Privilege |
| CVE-2025-49694 | Important | Elevation of Privilege |
| CVE-2025-49693 | Important | Elevation of Privilege |
| CVE-2025-49691 | Important | Remote Code Execution |
| CVE-2025-49688 | Important | Remote Code Execution |
| CVE-2025-49687 | Important | Elevation of Privilege |
| CVE-2025-49686 | Important | Elevation of Privilege |
| CVE-2025-49685 | Important | Elevation of Privilege |
| CVE-2025-49684 | Important | Information Disclosure |
| CVE-2025-49682 | Important | Elevation of Privilege |
| CVE-2025-49681 | Important | Information Disclosure |
| CVE-2025-49680 | Important | Denial of Service |
| CVE-2025-49679 | Important | Elevation of Privilege |
| CVE-2025-49678 | Important | Elevation of Privilege |
| CVE-2025-49677 | Important | Elevation of Privilege |
| CVE-2025-49676 | Important | Remote Code Execution |
| CVE-2025-49674 | Important | Remote Code Execution |
| CVE-2025-49673 | Important | Remote Code Execution |
| CVE-2025-49672 | Important | Remote Code Execution |
| CVE-2025-49671 | Important | Information Disclosure |
| CVE-2025-49670 | Important | Remote Code Execution |
| CVE-2025-49669 | Important | Remote Code Execution |
| CVE-2025-49668 | Important | Remote Code Execution |
| CVE-2025-49667 | Important | Elevation of Privilege |
| CVE-2025-49666 | Important | Remote Code Execution |
| CVE-2025-49664 | Important | Information Disclosure |
| CVE-2025-49663 | Important | Remote Code Execution |
| CVE-2025-49661 | Important | Elevation of Privilege |
| CVE-2025-49660 | Important | Elevation of Privilege |
| CVE-2025-49659 | Important | Elevation of Privilege |
| CVE-2025-49658 | Important | Information Disclosure |
| CVE-2025-49657 | Important | Remote Code Execution |
| CVE-2025-48824 | Important | Remote Code Execution |
| CVE-2025-48823 | Important | Information Disclosure |
| CVE-2025-49733 | Important | Elevation of Privilege |
| CVE-2025-48821 | Important | Elevation of Privilege |
| CVE-2025-48820 | Important | Elevation of Privilege |
| CVE-2025-48819 | Important | Elevation of Privilege |
| CVE-2025-48818 | Important | Security Feature Bypass |
| CVE-2025-48815 | Important | Elevation of Privilege |
| CVE-2025-48814 | Important | Security Feature Bypass |
| CVE-2025-48811 | Important | Elevation of Privilege |
| CVE-2025-48810 | Important | Information Disclosure |
| CVE-2025-48809 | Important | Information Disclosure |
| CVE-2025-48808 | Important | Information Disclosure |
| CVE-2025-48806 | Important | Remote Code Execution |
| CVE-2025-48805 | Important | Remote Code Execution |
| CVE-2025-48804 | Important | Security Feature Bypass |
| CVE-2025-48803 | Important | Elevation of Privilege |
| CVE-2025-48802 | Important | Spoofing |
| CVE-2025-48800 | Important | Security Feature Bypass |
| CVE-2025-48799 | Important | Elevation of Privilege |
| CVE-2025-48003 | Important | Security Feature Bypass |
| CVE-2025-48002 | Important | Information Disclosure |
| CVE-2025-48001 | Important | Security Feature Bypass |
| CVE-2025-48000 | Important | Elevation of Privilege |
| CVE-2025-47999 | Important | Denial of Service |
| CVE-2025-47998 | Important | Remote Code Execution |
| CVE-2025-47996 | Important | Elevation of Privilege |
| CVE-2025-47993 | Important | Elevation of Privilege |
| CVE-2025-47991 | Important | Elevation of Privilege |
| CVE-2025-47987 | Important | Elevation of Privilege |
| CVE-2025-47985 | Important | Elevation of Privilege |
| CVE-2025-47984 | Important | Information Disclosure |
| CVE-2025-47982 | Important | Elevation of Privilege |
| CVE-2025-49732 | Important | Elevation of Privilege |
| CVE-2025-47978 | Important | Denial of Service |
| CVE-2025-47976 | Important | Elevation of Privilege |
| CVE-2025-47975 | Important | Elevation of Privilege |
| CVE-2025-47972 | Important | Elevation of Privilege |
| CVE-2025-47178 | Important | Remote Code Execution |
| CVE-2025-47161 | Important | Elevation of Privilege |
| CVE-2025-47159 | Important | Elevation of Privilege |
| CVE-2025-49730 | Important | Elevation of Privilege |
| CVE-2025-49729 | Important | Remote Code Execution |
| CVE-2025-26684 | Important | Elevation of Privilege |
| CVE-2025-26636 | Important | Information Disclosure |
| CVE-2024-43614 | Important | Spoofing |
| CVE-2022-33637 | Important | Tampering |
| CVE-2022-23278 | Important | Spoofing |
| CVE-2025-49760 | Moderate | Spoofing |
| CVE ID | Severity | Impact |
|---|---|---|
| CVE-2025-49718 | Important | Information Disclosure |
| CVE-2025-49711 | Important | Remote Code Execution |
| CVE-2025-49706 | Important | Spoofing |
| CVE-2025-49705 | Important | Remote Code Execution |
| CVE-2025-49701 | Important | Remote Code Execution |
| CVE-2025-49700 | Important | Remote Code Execution |
| CVE-2025-49699 | Important | Remote Code Execution |
| CVE-2025-49737 | Important | Elevation of Privilege |
| CVE-2025-49756 | Important | Security Feature Bypass |
| CVE-2025-48812 | Important | Information Disclosure |
| CVE-2025-47994 | Important | Elevation of Privilege |
| CVE-2025-49731 | Important | Elevation of Privilege |
| CVE-2024-49000 | Important | Remote Code Execution |
| CVE ID | Severity | Impact |
|---|---|---|
| CVE-2025-49714 | Important | Remote Code Execution |
| CVE-2025-49739 | Important | Elevation of Privilege |
| CVE-2025-32726 | Important | Elevation of Privilege |
| CVE-2025-30399 | Important | Remote Code Execution |
| CVE-2024-29187 | Important | Elevation of Privilege |
| CVE ID | Severity | Impact |
|---|---|---|
| CVE-2025-47988 | Important | Remote Code Execution |
| Vulnerable Component | CVE ID | Severity | Impact |
|---|---|---|---|
| HID Class Driver | CVE-2025-48816 | Important | Elevation of Privilege |
| Microsoft Virtual Hard Disk | CVE-2025-49689 | Important | Elevation of Privilege |
| CVE-2025-49683 | Important | Remote Code Execution | |
| CVE-2025-47973 | Important | Elevation of Privilege | |
| CVE-2025-47971 | Important | Elevation of Privilege | |
| Universal Print Management Service | CVE-2025-47986 | Important | Elevation of Privilege |
| Remote Desktop Client | CVE-2025-48817 | Important | Remote Code Execution |
| Kernel Streaming WOW Thunk Service Driver | CVE-2025-49675 | Important | Elevation of Privilege |
| Azure Service Fabric Runtime | CVE-2025-21195 | Important | Elevation of Privilege |
| Remote Desktop | CVE-2025-33054 | Important | Spoofing |
| Workspace Broker | CVE-2025-49665 | Important | Elevation of Privilege |
| Capability Access Management Service (camsvc) | CVE-2025-49690 | Important | Elevation of Privilege |
Patch Tuesday or Update Tuesday is the common name for the second Tuesday of every month when Microsoft releases security updates for its operating system and other software. Coinciding with the Patch Tuesday, several other vendors such as Oracle, Mozilla, Adobe, and many others roll out updates for the third-party applications.
Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on July 8, 2025.
Patches are nothing but pieces of software code that are written to fix a bug in a software application, that might lead to a vulnerability. Such vulnerabilities in any application are loop holes for attackers to get their hands on business critical data and information. So it is highly crucial to keep all the applications in a network updated to its latest versions. Updating applications in mobile phones and laptops also work in the same manner by preventing theft of personal data, through security flaws.
Predominantly security patch updates of varying severity like Critical, Important, Moderate & Low are labeled and released. It is always a best practice to prioritize your patching based on the severity level mentioned.
CVE ID - Common Vulnerabilities and Exposure ID is a format in which each vulnerability is disclosed and cataloged in the National Vulnerability Database (NVD). You can look up for a detailed explanation of each vulnerability in the NVD with the help of CVE ID. In Patch Manager Plus you can make use of these CVE IDs to fetch the appropriate patches to deploy. You can find the CVE IDs here.
The upcoming Free Patch Tuesday webinar by ManageEngine is scheduled on -. You can make your registrations here.
Each CVE ID listed in the CVE Index section has been linked to its security advisory.
Read Blog 
Watch webinar 
Watch webinar