Patch Tuesday · July 2025

July 2025 Patch Tuesday: what UK businesses need to know.

July 2025's release covered Windows networking, SQL Server and the usual cadence of kernel and Office issues. SQL Server fixes in particular needed careful planning around database availability.

Executive summary

Mid-summer release with Windows networking and SQL Server fixes.

July 2025's release covered Windows networking, SQL Server and the usual cadence of kernel and Office issues. SQL Server fixes in particular needed careful planning around database availability.

  • Risk theme: Windows networking RCE
  • Risk theme: SQL Server vulnerability
  • Risk theme: Office EoP
  • Risk theme: Azure DevOps fix
Vulnerabilities remediated

The issues that move the needle this month.

We have focused on the categories with realistic exploitation paths for UK SMEs and regulated firms. Always cross-check with Microsoft's Security Update Guide and your own asset inventory before deployment.

Windows networking RCE

Critical, affecting internet-reachable Windows hosts. Patch first; segment second.

SQL Server vulnerability

Affects on-premises SQL Server. Requires database engine restart — coordinate with application owners.

Office elevation of privilege

Allows a local attacker to gain higher privileges via Office components.

Azure DevOps fix

Relevant for organisations with internal pipelines or self-hosted agents.

Affected systems

Where the risk lives.

  • Windows 10, 11 and Server
  • Microsoft SQL Server (on-premises supported versions)
  • Microsoft Office and Microsoft 365 Apps
  • Azure DevOps Server / self-hosted agents
Known deployment issues

What to watch for when rolling out.

  • SQL Server cumulative required a guarded engine restart — some replication jobs needed re-syncing.
  • Networking update interacted with a small number of third-party firewall drivers.
Pros of deploying
  • Locks down internet-facing Windows hosts.
  • Keeps SQL Server on a current cumulative — easier audit story.
Cons / trade-offs
  • Database downtime is high-impact and high-visibility.
  • Third-party network filter compatibility issues require vendor advisories.
Hints & tips for a successful deployment

How experienced teams roll these out without drama.

  • Plan SQL Server patching during a documented maintenance window — communicate twice.
  • Validate failover clusters before and after patching.
  • Check third-party network filter / EDR compatibility statements before rollout.
How Secure Chain helps

Advice, guidance, or full remediation — your call.

Whether you want a second pair of eyes on this month's release or you would rather hand the entire patching cycle to us, Secure Chain Technology Group can support at any level of involvement.

  • Advisory: a prioritised briefing mapped to your estate and risk appetite, with recommended rollout rings.
  • Guided deployment: we work alongside your IT team — test plans, rollback procedures and change-management evidence.
  • Fully managed remediation: we deploy, validate and report on every patch through our Vulnerability Management-as-a-Service (VMaaS) and Patch Management services.
  • Compliance evidence: reporting aligned to Cyber Essentials Plus, ISO 27001 and DSPT requirements.
Sample report
Request a sample vulnerability report
Assessment
Book a cyber security assessment
← All Patch Tuesday briefings

Always verify against the official Microsoft Security Update Guide and your own asset inventory before deployment.