Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server

For the first time in 2025, Microsoft's Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but the company acknowledged one of the addressed flaws had been publicly known. The patches resolve a whopping 130 vulnerabilities, along with 10 other non-Microsoft CVEs th...

Microsoft Patch Tuesday, July 2025 Edition

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire "critical" rating, meaning they...

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. A malicious party could exploit the vulnerabilities to execute arbitrary code or gain access to sensitive data. Of the vulnerability with reference CVE-2025-49719, Microsoft says it has information that it has the attention of researchers on clos...

CVE-2025-49719

Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network...

CVE-2025-49718

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network...

CVE-2025-49719

Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network...

CVE-2025-49717

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network...

CVE-2025-49718

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network...

CVE-2025-49718 Microsoft SQL Server Information Disclosure Vulnerability

...

CVE-2025-49718 Microsoft SQL Server Information Disclosure Vulnerability

...

CVE-2025-49718

CVE-2025-49718 is a Microsoft SQL Server information-disclosure vulnerability described as “Use of uninitialized resource in SQL Server” that could allow an attacker to disclose information over the network. Connected sources confirm this CVE is addressed by Microsoft security updates and fixes i...

CVE-2025-49719 Microsoft SQL Server Information Disclosure Vulnerability

...

CVE-2025-49719 Microsoft SQL Server Information Disclosure Vulnerability

...

CVE-2025-49719

CVE-2025-49719 is an information-disclosure vulnerability in Microsoft SQL Server reported as an information disclosure due to improper input validation. Public sources indicate it affects SQL Server versions dating back to 2016 and is being addressed by Microsoft with security updates; specific ...

CVE-2025-49717 Microsoft SQL Server Remote Code Execution Vulnerability

...

CVE-2025-49717 Microsoft SQL Server Remote Code Execution Vulnerability

...

CVE-2025-49717

CVE-2025-49717 is a Microsoft SQL Server remote code execution vulnerability caused by a heap-based buffer overflow in SQL Server. The impact is network-exploitable with authenticated attacker privileges (low) and no user interaction, under changed scope, per the CVSS data. Public disclosures and...

Microsoft SQL Server Information Disclosure Vulnerability

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network...

Microsoft SQL Server Remote Code Execution Vulnerability

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network...

Microsoft SQL Server Information Disclosure Vulnerability

Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network...