In its July 2025 Patch Tuesday release, Microsoft has addressed 130 vulnerabilities, including 10 critical flaws impacting key components like SQL Server and SPNEGO (NEGOEX). While no zero-day exploits were patched this time—a first in 11 months—experts stress that the urgency to apply these patches remains extremely high.
Total vulnerabilities patched: 130
Critical vulnerabilities: 10
Publicly disclosed vulnerabilities: 1
Exploited vulnerabilities in the wild: 0 (this month)
Top CVEs:
CVE-2025-47981 – SPNEGO RCE flaw (CVSS 9.8)
CVE-2025-49719 – SQL Server Info Disclosure (CVSS 7.5)
The most serious flaw addressed this month is a heap-based buffer overflow in Windows SPNEGO Extended Negotiation, which allows unauthenticated remote attackers to execute code over a network.
Severity: Critical (CVSS 9.8)
Impact: Remote Code Execution (RCE)
Affected systems: Windows 10 version 1607 and newer
Pre-requisites: No authentication required – only network access
Researchers: Anonymous & Yuki Chen
Warning: Experts say this flaw may be “wormable”, making it potentially as devastating as WannaCry. Admins are advised to patch immediately.
A serious information disclosure bug in Microsoft SQL Server was also patched. Although it’s not being actively exploited, it was publicly disclosed before this update, increasing the risk of future attacks.
Issue: Leak of uninitialized memory
Potential impact: Exposure of credentials, cryptographic material
Cause: Improper input validation in memory management
CVSS Score: 7.5
Affected services: SQL Server engine and OLE DB applications
Experts believe attackers could extract sensitive remnants like connection strings or cryptographic keys using this vulnerability.
CVE-2025-49735 – Windows KDC Proxy RCE
CVSS Score: 8.1
Impact: Pre-authentication remote compromise
Concern: Nation-state and APT actors
CVE-2025-48822 – Windows Hyper-V RCE
CVSS Score: 8.6
CVE-2025-49695–97 – Microsoft Office RCE flaws
CVSS Scores: Up to 8.4
Five vulnerabilities were found in BitLocker, Microsoft’s built-in disk encryption feature. These allow physical attackers to potentially access encrypted data under specific conditions using crafted WinRE.wim files.
CVEs: CVE-2025-48001, 48003, 48800, 48804, 48818
Risk: Physical access attacks during OS unlock
Researchers: Microsoft Offensive Research (MORSE)
As of July 8, 2025, Microsoft has officially ended support for SQL Server 2012. No future security updates will be provided, and organizations still using it are urged to upgrade immediately.
Microsoft wasn’t the only one busy this month. Vendors including Adobe, AMD, Cisco, Dell, Fortinet, GitLab, Google Chrome, HP, Jenkins, NVIDIA, SAP, WordPress, and over 50 others also released critical security patches.
Admins are advised to review updates from:
Linux Distributions (Red Hat, Ubuntu, Debian, etc.)
Networking Hardware (Juniper, Aruba, Ruckus)
Cloud Providers (Google Cloud, VMware)
Productivity Suites (Zoom, Zimbra, Atlassian)
Apply Microsoft’s July 2025 updates immediately, especially CVE-2025-47981.
Scan your environment for unpatched SQL Server deployments.
Retire SQL Server 2012 if still in use.
Check for firmware and software updates from other vendors.
Enable vulnerability scanning and patch automation to avoid missing future critical fixes.
For more cybersecurity news, insights, and patch alerts, follow [CCIE Academy] on [Twitter] and [LinkedIn].
📍 Location: Makkah Mall, 2nd Floor, Nawa Killi, Quetta, Pakistan
📞 Contact: +923108202561
🌐 Website: https://ccieacademy.org
