Ethical Hacking News
Microsoft Patch Tuesday security updates for July 2025 have fixed a total of 130 vulnerabilities in various products, including Windows and Office. The critical SQL Server zero-day flaw has been patched, while another severe vulnerability was found in Windows SPNEGO NEGOEX. Microsoft is urging users to apply the latest patches as soon as possible.
Microsoft released Patch Tuesday security updates for July 2025 to bolster Windows and related software applications' security posture.A total of 130 vulnerabilities were patched, including one critical zero-day flaw in Microsoft SQL Server (CVE-2025-49719) rated CVSS score 7.5.A critical flaw was identified in Windows SPNEGO NEGOEX (CVE-2025-47981) with a CVSS score of 9.8, allowing remote code execution with elevated privileges.Four similar Microsoft Office RCE vulnerabilities were patched via the Preview Pane, including one rated as critical.
In a move aimed at bolstering the security posture of Windows and related software applications, Microsoft released its Patch Tuesday security updates for July 2025. This month's batch of patches addressed a total of 130 vulnerabilities in various Microsoft products, including Windows, Office, .NET, Visual Studio, Azure, Teams, Hyper-V, Windows BitLocker, and Microsoft Edge (Chromium-based). Among these vulnerabilities, one critical zero-day flaw in Microsoft SQL Server was identified and patched.
The SQL Server vulnerability, tracked as CVE-2025-49719, has been rated with a CVSS score of 7.5. This rating signifies the severity of the issue, with a lower score indicating less severe consequences. The flaw allows remote, unauthenticated attackers to access uninitialized memory due to improper input validation in Microsoft SQL Server. In order to fix this vulnerability, Microsoft recommends updating SQL Server and installing OLE DB Driver 18 or 19.
In addition to the SQL Server vulnerability, another critical flaw was identified in Windows SPNEGO NEGOEX. The vulnerability, tracked as CVE-2025-47981, has a CVSS score of 9.8, indicating it is one of the most severe vulnerabilities addressed in this month's patch cycle. This flaw allows remote attackers to execute code via a malicious message with no user interaction required. Furthermore, the vulnerability involves a heap-based buffer overflow and runs with elevated privileges, posing a significant threat to system security.
Moreover, Microsoft has also patched four similar Microsoft Office RCE (Remote Code Execution) vulnerabilities that are exploitable via the Preview Pane. Among these, one of them has been rated as critical. The fact that Mac users remain unprotected due to the absence of patches for Office LTSC 2021 and 2024 is a concern, as disabling the Preview Pane is recommended until Microsoft resolves these ongoing issues.
Microsoft's release of this month's patch cycle can be seen as an effort to mitigate various security risks associated with its products. With a focus on addressing critical vulnerabilities, the company has made it clear that cybersecurity is a top priority.
The full list of vulnerabilities addressed by Microsoft in July 2025 is available here.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsoft-Patch-Tuesday-Security-Updates-for-July-2025-Address-Critical-Zero-Day-Flaws-ehn.shtml
https://securityaffairs.com/179738/security/microsoft-patch-tuesday-security-updates-for-july-2025-fixed-a-zero-day.html
https://nvd.nist.gov/vuln/detail/CVE-2025-49719
https://www.cvedetails.com/cve/CVE-2025-49719/
https://nvd.nist.gov/vuln/detail/CVE-2025-47981
https://www.cvedetails.com/cve/CVE-2025-47981/
Published: Tue Jul 8 16:33:57 2025 by llama3.2 3B Q4_K_M
