Microsoft Patch Tuesday addresses 130 vulnerabilities, none actively exploited | CyberScoop<\/title> <meta name=\"description\" content=\"Researchers are especially concerned about a high-severity defect in SQL Server and a critical vulnerability in SPNEGO, a foundational protocol.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-july-2025\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Microsoft Patch Tuesday addresses 130 vulnerabilities, none actively exploited\"> <meta property=\"og:description\" content=\"Researchers are especially concerned about a high-severity defect in SQL Server and a critical vulnerability in SPNEGO, a foundational protocol.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-july-2025\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-07-08T21:45:53+00:00\"> <meta property=\"article:modified_time\" content=\"2025-07-08T21:45:55+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-patch-tuesday-addresses-130-vulnerabilities-none-actively-exploited-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1750115417g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1748220166g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/85111\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=85111\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-patch-tuesday-july-2025%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-patch-tuesday-july-2025%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-85111 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-july-2025\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.95444191344\">\n<div class=\"single-article__header-content\" readability=\"35.473300970874\">\n<p> Researchers are especially concerned about a high-severity defect in SQL Server and a critical vulnerability in SPNEGO, a foundational protocol. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/85111\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-patch-tuesday-addresses-130-vulnerabilities-none-actively-exploited.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Microsoft\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-patch-tuesday-addresses-130-vulnerabilities-none-actively-exploited-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-patch-tuesday-addresses-130-vulnerabilities-none-actively-exploited-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-patch-tuesday-addresses-130-vulnerabilities-none-actively-exploited-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-patch-tuesday-addresses-130-vulnerabilities-none-actively-exploited-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-patch-tuesday-addresses-130-vulnerabilities-none-actively-exploited-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-patch-tuesday-addresses-130-vulnerabilities-none-actively-exploited-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-patch-tuesday-addresses-130-vulnerabilities-none-actively-exploited-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-patch-tuesday-addresses-130-vulnerabilities-none-actively-exploited-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-patch-tuesday-addresses-130-vulnerabilities-none-actively-exploited-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-patch-tuesday-addresses-130-vulnerabilities-none-actively-exploited-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> (Jeenah Moon\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"32.101123595506\"><body readability=\"65.651491365777\"><\/p>\n<p>Microsoft addressed 130 vulnerabilities across its products and underlying Windows systems, but none have been actively exploited in the wild, the company said in its <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2025-Jul\">latest security update<\/a> Tuesday.<\/p>\n<p>A proof-of-concept exploit for a high-severity defect in SQL Server \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-49719\">CVE-2025-49719<\/a> \u2014 has been shared publicly, researchers said. The information disclosure vulnerability, which has a CVSS score of 7.5, was publicly disclosed before it was patched, but Microsoft said exploitation is less likely.<\/p>\n<p>\u201cThis vulnerability likely stems from improper input validation in SQL Server\u2019s memory management, allowing access to uninitialized memory. As a result, attackers could retrieve remnants of sensitive data, such as credentials or connection strings,\u201d Mike Walters, president and co-founder of Action1, said in an email.<\/p>\n<p>Walters said the defect is especially concerning because authentication isn\u2019t required, databases hold vast amounts of sensitive data and affected versions span releases from 2016 through 2022. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cAlthough rated as \u2018exploitation less likely,\u2019 the public disclosure suggests technical details may already be circulating, which could lead to increased exploitation over time,\u201d he added. \u201cThis vulnerability can be exploited in advanced attack scenarios.\u201d<\/p>\n<p>The most critical vulnerability in this month\u2019s security update \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-47981\">CVE-2025-47981<\/a> \u2014 is a remote code execution vulnerability in Windows SPNEGO Extended Negotiation with a CVSS score of 9.8. The foundational protocol negotiates authentication on critical services.<\/p>\n<p>\u201cThis vulnerability enables unauthenticated, pre-authentication remote code execution with no user interaction and low attack complexity, making it a high-value target for adversaries seeking lateral movement or initial access in enterprise networks,\u201d Ben McCarthy, lead cyber security engineer at Immersive Labs, said in an email.<\/p>\n<p>Ben Harris, CEO at watchTowr, encouraged defenders to patch CVE-2025-47981 quickly and hunt down exposed systems. <\/p>\n<p>\u201cWe shouldn\u2019t fool ourselves,\u201d Harris said. \u201cIf the private industry has noticed this vulnerability, it is certainly already on the radar of every attacker with an ounce of malice.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Microsoft\u2019s batch of CVE disclosures includes 16 vulnerabilities that affect Microsoft Office and standalone Office products, including four defects the company described as more likely to be exploited.<\/p>\n<p>The full list of vulnerabilities addressed this month is available in <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2025-Jul\">Microsoft\u2019s Security Response Center<\/a>.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.7358490566038\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-patch-tuesday-addresses-130-vulnerabilities-none-actively-exploited-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-july-2025\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Patch Tuesday addresses 130 vulnerabilities, none actively exploited |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78,625,2660,256,310,288,643,2281,703,212],"tags":[86,630,2662,262,311,294,645,2283,705,214],"class_list":["post-7788","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-microsoft","category-patch-tuesday","category-research","category-technology","category-threats","category-vulnerabilities","category-vulnerability","category-vulnerability-disclosure","category-windows","tag-cybersecurity","tag-microsoft","tag-patch-tuesday","tag-research","tag-technology","tag-threats","tag-vulnerabilities","tag-vulnerability","tag-vulnerability-disclosure","tag-windows"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/patch-tuesday\/\" rel=\"category tag\">Patch Tuesday<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-disclosure\/\" rel=\"category tag\">vulnerability disclosure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/windows\/\" rel=\"category tag\">Windows<\/a>","tag_info":"Windows","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7788","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7788"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7788\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7788"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7788"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7788"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7788,"date":"2025-07-08T16:45:53","date_gmt":"2025-07-08T21:45:53","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=85111"},"modified":"2025-07-08T16:45:53","modified_gmt":"2025-07-08T21:45:53","slug":"microsoft-patch-tuesday-addresses-130-vulnerabilities-none-actively-exploited","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/07\/08\/microsoft-patch-tuesday-addresses-130-vulnerabilities-none-actively-exploited\/","title":{"rendered":"Microsoft Patch Tuesday addresses 130 vulnerabilities, none actively exploited"},"content":{"rendered":"