🔒 Microsoft Releases July 2025 Patch Tuesday Update — Fixes 130 Security Vulnerabilities Including Critical SQL Server Flaw

On July 9, 2025, Microsoft released this month’s Patch Tuesday update, addressing a total of 130 security vulnerabilities, including 10 rated as “Critical.” The updates span multiple key Microsoft products such as SQL Server, Windows, and Office (Word, PowerPoint, Excel).

Among the vulnerabilities, one is particularly relevant to PCI DSS compliance: CVE-2025-49719 (CVSS score: 7.5), an information disclosure vulnerability in Microsoft SQL Server. The flaw could potentially allow unauthorized attackers to read uninitialized memory, exposing sensitive data such as passwords or encryption keys.

According to Adam Barnett, Principal Software Engineer at Rapid7, while attackers might not immediately retrieve meaningful data, with skilled manipulation, it may be possible to extract critical information such as encryption keys.

Mike Walters, President of Action1, noted that the vulnerability may stem from insufficient input validation in SQL Server’s memory management, which allows access to uninitialized memory. This could lead to leakage of credentials, connection strings, or other sensitive information. Affected components include the SQL Server engine and applications using OLE DB drivers.

⚠️ Security experts strongly urge:

System administrators and IT teams should immediately deploy this update, especially for organizations running Microsoft SQL Server, to prevent the risk of widespread exploitation.

Source:

https://thehackernews.com/2025/07/microsoft-patches-130-vulnerabilities.html

https://krebsonsecurity.com/2025/07/microsoft-patch-tuesday-july-2025-edition/

#Microsoft #CyberSecurity #PatchTuesday #InfoSec #VulnerabilityManagement #PCI #SQLServer #WindowsSecurity