مایکروسافت اصلاحیههای امنیتی جولای ۲۰۲۵ را منتشر کرد که شامل بهروزرسانیهای امنیتی برای ۱۳۷ نقص، از جمله یک آسیبپذیری روز صفر افشا شده عمومی در مایکروسافت SQL Server میشود.
جزئیات آسیبپذیری
بهروزرسانیهای سهشنبه ماه جولای، همچنین چهارده آسیبپذیری «حیاتی» را برطرف میکند که ده مورد از آنها آسیبپذیریهای اجرای کد از راه دور، یک مورد افشای اطلاعات و دو مورد دیگر نقصهای حمله کانال جانبی AMD هستند.
تعداد باگها در هر رده از آسیبپذیریها به تفکیک به شرح زیر است:
- ۵۳ آسیبپذیری ارتقا سطح دسترسی
- ۸ آسیبپذیری عبور از راهکارهای امنیتی
- ۴۱ آسیبپذیری اجرای کد از راه دور
- ۱۸ آسیبپذیری افشای اطلاعات
- ۶ آسیبپذیری منع سرویس
- ۴ آسیبپذیری جعل
این تعداد شامل چهار آسیبپذیری Mariner و سه نقص امنیتی Microsoft Edge که اوایل این ماه برطرف شدند، نمیشود.
جهت کسب اطلاعات بیشتر و دریافت و نصب وصلههای امنیتی ماه جولای به سایت مایکروسافت مراجعه کنید.
آسیبپذیری روز صفر
آسیبپذیری روز صفری که به صورت عمومی افشا شده است، عبارت است از:
[CVE-2025-49719]
CVE-2025-49719 (امتیاز 7.5) آسیبپذیری افشای اطلاعات مایکروسافت SQL Server
مایکروسافت نقصی را در مایکروسافت SQL Server برطرف کرد که میتواند به نفوذگر از راه دور و بدون احراز هویت اجازه دهد تا به دادهها از حافظه مقداردهی نشده دسترسی پیدا کند. اعتبارسنجی نامناسب ورودی در SQL Server به نفوذگر غیر مجاز اجازه میدهد تا اطلاعات را از طریق شبکه افشا کند.
ادمینها میتوانند با نصب آخرین نسخه مایکروسافت SQL Server و با نصب درایور مایکروسافت OLE DB نسخه ۱۸ یا ۱۹، این نقص را برطرف کنند. اگرچه در این وصله سهشنبه فقط یک آسیبپذیری روز صفر وجود داشت، مایکروسافت نقصهای متعدد و حیاتی اجرای کد از راه دور را در مایکروسافت آفیس برطرف کرد که میتوانند به سادگی با باز کردن یک سند خاص یا هنگام مشاهده از طریق صفحه پیشنمایش اکسپلویت شود.
بهروزرسانیهای امنیتی برای این نقصهای امنیتی هنوز برای مایکروسافت آفیس LTSC برای مک 2021 و 2024 در دسترس نیستند و به زودی منتشر خواهند شد. مایکروسافت همچنین یک آسیبپذیری اجرای کد از راه دور حیاتی دیگر را در مایکروسافت SharePoint با شناسه CVE-2025-49704 (امتیاز 8.8) برطرف کرد که میتواند از راه دور و از طریق اینترنت مادامی که کاربر در پلتفرم حساب کاربری داشته باشد، اکسپلویت شود.
🟢 توصیه میشود در اسرع وقت وصلههای امنیتی ماه جولای را دانلود و نصب کنید.
جزئیات مربوط به آسیبپذیریهای برطرف شده در بهروزرسانیهای جولای ۲۰۲۵ در جدول زیر قابل مشاهده است:
| عنوان | شناسه آسیبپذیری (CVE ID) | عنوان آسیبپذیری ( CVE title) | شدت |
|---|---|---|---|
| AMD L1 Data Queue | CVE-2025-36357 | AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue | Critical |
| AMD Store Queue | CVE-2025-36350 | AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue | Critical |
| Azure Monitor Agent | CVE-2025-47988 | Azure Monitor Agent Remote Code Execution Vulnerability | Important |
| Capability Access Management Service (camsvc) | CVE-2025-49690 | Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability | Important |
| HID class driver | CVE-2025-48816 | HID Class Driver Elevation of Privilege Vulnerability | Important |
| Kernel Streaming WOW Thunk Service Driver | CVE-2025-49675 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-49677 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-49694 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-49693 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Configuration Manager | CVE-2025-47178 | Microsoft Configuration Manager Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-49732 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-49742 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-49744 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Input Method Editor (IME) | CVE-2025-49687 | Windows Input Method Editor (IME) Elevation of Privilege Vulnerability | Important |
| Microsoft Input Method Editor (IME) | CVE-2025-47991 | Windows Input Method Editor (IME) Elevation of Privilege Vulnerability | Important |
| Microsoft Input Method Editor (IME) | CVE-2025-47972 | Windows Input Method Editor (IME) Elevation of Privilege Vulnerability | Important |
| Microsoft MPEG-2 Video Extension | CVE-2025-48806 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | Important |
| Microsoft MPEG-2 Video Extension | CVE-2025-48805 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-47994 | Microsoft Office Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2025-49697 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-49695 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-49696 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-49699 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-49702 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Excel | CVE-2025-48812 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-49711 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office PowerPoint | CVE-2025-49705 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-49701 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-49704 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2025-49706 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2025-49703 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office Word | CVE-2025-49698 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office Word | CVE-2025-49700 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft PC Manager | CVE-2025-47993 | Microsoft PC Manager Elevation of Privilege Vulnerability | Important |
| Microsoft PC Manager | CVE-2025-49738 | Microsoft PC Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Teams | CVE-2025-49731 | Microsoft Teams Elevation of Privilege Vulnerability | Important |
| Microsoft Teams | CVE-2025-49737 | Microsoft Teams Elevation of Privilege Vulnerability | Important |
| Microsoft Windows QoS scheduler | CVE-2025-49730 | Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Windows Search Component | CVE-2025-49685 | Windows Search Service Elevation of Privilege Vulnerability | Important |
| Office Developer Platform | CVE-2025-49756 | Office Developer Platform Security Feature Bypass Vulnerability | Important |
| Remote Desktop Client | CVE-2025-48817 | Remote Desktop Client Remote Code Execution Vulnerability | Important |
| Remote Desktop Client | CVE-2025-33054 | Remote Desktop Spoofing Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-48822 | Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability | Critical |
| Role: Windows Hyper-V | CVE-2025-47999 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-48002 | Windows Hyper-V Information Disclosure Vulnerability | Important |
| Service Fabric | CVE-2025-21195 | Azure Service Fabric Runtime Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2025-49719 | Microsoft SQL Server Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2025-49718 | Microsoft SQL Server Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2025-49717 | Microsoft SQL Server Remote Code Execution Vulnerability | Critical |
| Storage Port Driver | CVE-2025-49684 | Windows Storage Port Driver Information Disclosure Vulnerability | Important |
| Universal Print Management Service | CVE-2025-47986 | Universal Print Management Service Elevation of Privilege Vulnerability | Important |
| Virtual Hard Disk (VHDX) | CVE-2025-47971 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important |
| Virtual Hard Disk (VHDX) | CVE-2025-49689 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important |
| Virtual Hard Disk (VHDX) | CVE-2025-49683 | Microsoft Virtual Hard Disk Remote Code Execution Vulnerability | Low |
| Virtual Hard Disk (VHDX) | CVE-2025-47973 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2025-49739 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2025-27614 | MITRE: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability | Unknown |
| Visual Studio | CVE-2025-27613 | MITRE: CVE-2025-27613 Gitk Arguments Vulnerability | Unknown |
| Visual Studio | CVE-2025-46334 | MITRE: CVE-2025-46334 Git Malicious Shell Vulnerability | Unknown |
| Visual Studio | CVE-2025-46835 | MITRE: CVE-2025-46835 Git File Overwrite Vulnerability | Unknown |
| Visual Studio | CVE-2025-48384 | MITRE: CVE-2025-48384 Git Symlink Vulnerability | Unknown |
| Visual Studio | CVE-2025-48386 | MITRE: CVE-2025-48386 Git Credential Helper Vulnerability | Unknown |
| Visual Studio | CVE-2025-48385 | MITRE: CVE-2025-48385 Git Protocol Injection Vulnerability | Unknown |
| Visual Studio Code – Python extension | CVE-2025-49714 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-49661 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows AppX Deployment Service | CVE-2025-48820 | Windows AppX Deployment Service Elevation of Privilege Vulnerability | Important |
| Windows BitLocker | CVE-2025-48818 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows BitLocker | CVE-2025-48001 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows BitLocker | CVE-2025-48804 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows BitLocker | CVE-2025-48003 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows BitLocker | CVE-2025-48800 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows Connected Devices Platform Service | CVE-2025-48000 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| Windows Connected Devices Platform Service | CVE-2025-49724 | Windows Connected Devices Platform Service Remote Code Execution Vulnerability | Important |
| Windows Cred SSProvider Protocol | CVE-2025-47987 | Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2025-48823 | Windows Cryptographic Services Information Disclosure Vulnerability | Important |
| Windows Event Tracing | CVE-2025-47985 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2025-49660 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Fast FAT Driver | CVE-2025-49721 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | Important |
| Windows GDI | CVE-2025-47984 | Windows GDI Information Disclosure Vulnerability | Important |
| Windows Imaging Component | CVE-2025-47980 | Windows Imaging Component Information Disclosure Vulnerability | Critical |
| Windows KDC Proxy Service (KPSSVC) | CVE-2025-49735 | Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability | Critical |
| Windows Kerberos | CVE-2025-47978 | Windows Kerberos Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2025-49666 | Windows Server Setup and Boot Event Collection Remote Code Execution Vulnerability | Important |
| Windows Kernel | CVE-2025-26636 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2025-48809 | Windows Secure Kernel Mode Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2025-48808 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows MBT Transport driver | CVE-2025-47996 | Windows MBT Transport Driver Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2025-49682 | Windows Media Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2025-49691 | Windows Miracast Wireless Display Remote Code Execution Vulnerability | Important |
| Windows Netlogon | CVE-2025-49716 | Windows Netlogon Denial of Service Vulnerability | Important |
| Windows Notification | CVE-2025-49726 | Windows Notification Elevation of Privilege Vulnerability | Important |
| Windows Notification | CVE-2025-49725 | Windows Notification Elevation of Privilege Vulnerability | Important |
| Windows NTFS | CVE-2025-49678 | NTFS Elevation of Privilege Vulnerability | Important |
| Windows Performance Recorder | CVE-2025-49680 | Windows Performance Recorder (WPR) Denial of Service Vulnerability | Important |
| Windows Print Spooler Components | CVE-2025-49722 | Windows Print Spooler Denial of Service Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2025-48814 | Remote Desktop Licensing Service Security Feature Bypass Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49688 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49676 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49672 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49670 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49671 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49753 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49729 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49673 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49674 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49669 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49663 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49668 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49681 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-49657 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-47998 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-48824 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Secure Kernel Mode | CVE-2025-48810 | Windows Secure Kernel Mode Information Disclosure Vulnerability | Important |
| Windows Shell | CVE-2025-49679 | Windows Shell Elevation of Privilege Vulnerability | Important |
| Windows SmartScreen | CVE-2025-49740 | Windows SmartScreen Security Feature Bypass Vulnerability | Important |
| Windows SMB | CVE-2025-48802 | Windows SMB Server Spoofing Vulnerability | Important |
| Windows SPNEGO Extended Negotiation | CVE-2025-47981 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | Critical |
| Windows SSDP Service | CVE-2025-47976 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Important |
| Windows SSDP Service | CVE-2025-47975 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Important |
| Windows SSDP Service | CVE-2025-48815 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | Important |
| Windows StateRepository API | CVE-2025-49723 | Windows StateRepository API Server file Tampering Vulnerability | Important |
| Windows Storage | CVE-2025-49760 | Windows Storage Spoofing Vulnerability | Moderate |
| Windows Storage VSP Driver | CVE-2025-47982 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2025-49686 | Windows TCP/IP Driver Elevation of Privilege Vulnerability | Important |
| Windows TDX.sys | CVE-2025-49658 | Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability | Important |
| Windows TDX.sys | CVE-2025-49659 | Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability | Important |
| Windows Universal Plug and Play (UPnP) Device Host | CVE-2025-48821 | Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability | Important |
| Windows Universal Plug and Play (UPnP) Device Host | CVE-2025-48819 | Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability | Important |
| Windows Update Service | CVE-2025-48799 | Windows Update Service Elevation of Privilege Vulnerability | Important |
| Windows User-Mode Driver Framework Host | CVE-2025-49664 | Windows User-Mode Driver Framework Host Information Disclosure Vulnerability | Important |
| Windows Virtualization-Based Security (VBS) Enclave | CVE-2025-47159 | Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability | Important |
| Windows Virtualization-Based Security (VBS) Enclave | CVE-2025-48811 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Important |
| Windows Virtualization-Based Security (VBS) Enclave | CVE-2025-48803 | Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2025-49727 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – ICOMP | CVE-2025-49733 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – ICOMP | CVE-2025-49667 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
| Workspace Broker | CVE-2025-49665 | Workspace Broker Elevation of Privilege Vulnerability | Important |
