Microsoft has released its July 2025 Patch Tuesday updates, addressing a total of 137 security flaws, including a publicly disclosed zero-day vulnerability in Microsoft SQL Server and 14 rated as critical.
Zero-Day Vulnerability in SQL Server
The most notable fix is for a zero-day vulnerability tracked as CVE-2025-49719. This flaw in Microsoft SQL Server could allow an unauthenticated remote attacker to access data from uninitialized memory due to improper input validation.
According to Microsoft, the issue allows information disclosure over a network. To mitigate the risk, administrators should update to the latest version of SQL Server and install either the Microsoft OLE DB Driver 18 or 19. The flaw was discovered by Vladimir Aleksic at Microsoft. Microsoft did not disclose how the vulnerability became public.
Critical Vulnerabilities
Among the 14 critical vulnerabilities, 10 are remote code execution (RCE) flaws. Several of these affect Microsoft Office and can be exploited simply by opening a specially crafted document or viewing it through the preview pane. Patches for Microsoft Office LTSC for Mac 2021 and 2024 are not yet available but are expected to be released soon.
Another major critical flaw, tracked as CVE-2025-49704, affects Microsoft SharePoint. This RCE vulnerability can be exploited remotely over the internet if the attacker has a valid SharePoint account.
Breakdown of Vulnerability Categories
- 53 Elevation of Privilege vulnerabilities
- 8 Security Feature Bypass vulnerabilities
- 41 Remote Code Execution vulnerabilities
- 18 Information Disclosure vulnerabilities
- 6 Denial of Service vulnerabilities
- 4 Spoofing vulnerabilities
These counts do not include four Mariner and three Microsoft Edge issues that were patched earlier this month.
For details on non-security fixes released today, Microsoft has provided information on the following updates:
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
- Windows 11: KB5062553 and KB5062552
- Windows 10: KB5062554
System administrators are strongly encouraged to review and apply these updates as soon as possible to ensure system security.
