The latest security update from Redmond is a big one. Microsoft patches for July 2025 address 130 vulnerabilities across a wide range of products from Windows and SQL Server to Office, Hyper-V, and BitLocker. While none are currently exploited in the wild, one flaw was publicly disclosed, and another has the hallmarks of a potential worm.
Microsoft patches critical SPNEGO remote code execution flaw
Topping the list is CVE‑2025‑47981, a remote code execution bug tied to SPNEGO Extended Negotiation. With a CVSS score of 9.8, this heap-based buffer overflow doesn’t require authentication and can be triggered remotely. It only affects Windows 10 version 1607 and later, where a specific group policy setting allows online identity negotiation.
Security researchers warn this bug could be wormable, meaning it could spread across systems without user interaction, similar to past high-impact threats like WannaCry. Microsoft notes exploitation is “more likely,” making this one of the month’s highest-priority fixes.
Publicly known SQL Server flaw poses data exposure risk
CVE‑2025‑49719, rated at 7.5, is an information disclosure bug in Microsoft SQL Server. Though it requires no authentication, the exploit’s success depends on accessing uninitialized memory, possibly revealing sensitive fragments like credentials or encryption keys. It affects both the database engine and applications using OLE DB drivers.
Microsoft patches fix major Windows and Office bugs
This month’s breakdown shows a heavy focus on core Windows features:
- 53 privilege escalation flaws
- 42 remote code execution bugs
- 17 information disclosures
- 8 security feature bypasses
Other high-risk entries include a pre-auth RCE in KDC Proxy (CVE‑2025‑49735), a flaw in Hyper-V (CVE‑2025‑48822), and multiple remote code execution vulnerabilities in Office apps, all with CVSS scores above 8.0.
BitLocker bypass flaws draw concern
Five separate vulnerabilities in BitLocker were also patched. These allowed attackers with physical access to a device to bypass encryption by injecting a malicious file while the OS volume is unlocked. The flaws could expose credentials or allow tampering with system integrity, especially dangerous for lost or stolen devices.
Microsoft patches come as support ends for SQL Server 2012
Alongside the security rollout, Microsoft officially ended support for SQL Server 2012. That means no more patches, even for organizations under the Extended Security Updates program. For anyone still running legacy environments, now is the time to migrate or risk going completely unprotected.
This update isn’t flashy, but it’s urgent
There may not be any active zero-days this time, but the risk is still high. Between a wormable network bug and a public SQL exploit, Microsoft’s July patch cycle demands immediate attention. Quiet months like this are when smart teams patch hardest because the real threats always follow silence.
{{user}} {{datetime}}
{{text}}