Microsoft Patched 137 Vulnerabilities in July: One SQL Server Zero-Day Disclosed
As part of July's Patch Tuesday rollout, Microsoft addressed 137 security vulnerabilities across its product suite. While none of the flaws were known to be actively exploited in the wild, one zero-day vulnerability in Microsoft SQL Server (CVE-2025-49719) had been publicly disclosed prior to the patch, raising concerns over potential exposure.
Key Highlights
- 14 critical vulnerabilities patched, including:
- 10 remote code execution (RCE) flaws
- 1 information disclosure issue
- 2 side-channel vulnerabilities affecting AMD CPUs
The Zero-Day: CVE-2025-49719
The only zero-day this month affects Microsoft SQL Server and qualifies under Microsoft’s criteria because its details were publicly disclosed before a fix was available—even though it has not been exploited in the wild (as of publication).
- Type: Information disclosure
- Impact: Allows unauthenticated attackers to read uninitialized memory
- Root cause: Improper input validation in SQL Server
- Fix: Update to the latest version of Microsoft SQL Server and OLE DB Driver v18 or v19
Critical RCE Vulnerabilities in Microsoft Office & SharePoint
Several critical remote code execution bugs were addressed in Microsoft Office, primarily exploitable through:
- Malicious Office documents
- Preview pane attacks, which in some cases require no user interaction
⚠️ Note: Patches for Office LTSC for Mac 2021/2024 are still pending.
Additionally, Microsoft patched CVE-2025-49704, a critical SharePoint RCE vulnerability that can be exploited remotely with just a valid account.
Highest-Severity Bug: CVE-2025-47981 (CVSS 9.8)
The most severe vulnerability this month is a heap buffer overflow in the SPNEGO protocol, which is used for Windows authentication. Exploiting this flaw could allow attackers to execute remote code with high privileges.
NTFS Vulnerability: CVE-2025-49686 (CVSS 7.8)
Discovered by Marat Gayanov of Positive Technologies, this NTFS flaw lets attackers bypass Windows protections by convincing users to mount a malicious virtual disk.
- No privileges required
- Can crash the system and disrupt corporate access
Gayanov’s analysis:
“The flaw in NTFS drivers allowed malicious code execution via a corrupted pointer reference, leading to system crashes and potential operational downtime.”
Bottom Line: Patch Without Delay
Although no active exploitation has been observed so far, the sheer volume of critical vulnerabilities—particularly in widely used services like SQL Server, Office, and SharePoint—makes timely patching essential. Unpatched systems may remain vulnerable to future exploitation as public disclosure circulates.
Stay patched. Stay protected.
