For July 2025 Patch Tuesday, Microsoft has released patches for 130 vulnerabilities, among them one that’s publicly disclosed (CVE-2025-49719) and a wormable RCE bug on Windows and Windows Server (CVE-2025-47981). CVE-2025-49719 and CVE-2025-49717, in Microsoft SQL Server CVE-2025-49719 is an uninitialized memory disclosure vulnerability affecting Microsoft SQL Server, which can be remotely triggered by unauthorized attackers. Microsoft says that exploit code for it is “unproven” – i.e., not publicly available or simply theoretical – and … More

The post Microsoft fixes critical wormable Windows flaw (CVE-2025-47981) appeared first on Help Net Security.