Microsoft Today updates were issued to fix at least 137 security weaknesses Stretch Operating system and supported software. None of the weaknesses addressed in this month is known to exploit actively, but 14 Falls earned the most dyer “significant” ratings of Microsoft, which means that they can be exploited to seize control on weak Windows PCs with much or no help from users.
While not listed as important, Cve-2025-49719 A publicly disclosed information disclosure is stretching, with all versions back as far as SQL Server 2016 To get a patch. Microsoft CVE-2025-49719 is less likely to be exploited, but the availability of proof-off-concept code for this defect means that its patch must priority for probably affected enterprises.
Mike WaltersCo-founder of Action1The said that the CVE-2025-49719 can be exploited without certification, and that many third-party applications depend on SQL servers and affected drivers-an introduction of a supply-series risk that extends beyond the direct SQL server users.
“Possible risk of sensitive information This concerns a high-purpose for organizations that handle valuable or regulated data,” the Walters said. “The broader nature of the affected versions, many SQL servers release from 2016 to 2022, by 2022, SQL servers indicate a fundamental issue in how the SQL server manage and input verification handles.”
Adam barnet But Rapid7 Note that is the end of the road for today SQL Server 2012Which means that even future security patch will not be there for important weaknesses, even if you are ready to pay Microsoft for privilege.
Barnet also paid attention Cve-2025-47981A vulnerability with the CVSS score of 9.8 (being the worst), the way a distance code in Windows servers and clients interact to searching for the discovery of the authentically supported authenticated authenticated authenticated authentication mechanisms. This pre-priced vulnerability affects running any Windows client machine Windows 10 1607 Or above, and all current versions of Windows serverMicrosoft assumes that the attackers will take advantage of this defect.
Microsoft also patches at least four important, distance code execution defects Office ,Cve-2025-49695, Cve-2025-49696, Cve-2025-49697, Cve-2025-49702The first two are rated as more likely to exploit both by Microsoft, do not require user interaction, and the preview can be triggered through the pane.
Two and high severity are included in insects Cve-2025-49740 (CVSS 8.8) and Cve-2025-47178 (CVSS 8.0); Former is a weakness that can allow malicious files to bypass screening Microsoft defender smartscreenAn underlying feature of Windows that tries to block incredible downloads and block malicious sites.
CVE-2025-47178 includes a distance code execution defect Microsoft Configuration ManagerAn enterprise tool to manage, deploy and secure computers, servers and equipment in a network. Ben hopkins But Emarsiv Labs Said that this bug requires very few privileges to exploit, and that it is possible for the user or attacker to take advantage of it only to take advantage of it.
Hopkins said, “By exploiting this vulnerability, an attacker allows arbitrary SQL questions as a privileged SMS service account in Microsoft Configuration Manager,” Hopkins said. “This access can be used to manipulate deployment, manipulate malicious software or script to all managed devices, replace configurations, steal sensitive data, and possibly increase for complete operating system code execution throughout the enterprise, which gives comprehensive control over the entire IT environment.”
separately, Adobe Is Mated security update For a wide range of software, including After effect, Adobe Audition, Illustrator, frame makerAnd cold Fusion,
Sans Internet Storm Center Is Each individual patchesAcquisited by severity. If you are responsible for administering many Windows systems, it may be worth keeping an eye on Askwood Considering any possible winner updates for the lower (addressing a large number of weaknesses and Windows components this month).
If you are a Windows Home user, please consider backing your data and/or drive before installing any patch, and if you face any problem with these updates, leave a note in the comments.
