Microsoft Addresses 130 Vulnerabilities, Including Critical Issues in SPNEGO and SQL Server

July 9, 2025
Endpoint Security / Vulnerability

In its first Patch Tuesday update of 2025, Microsoft has rolled out fixes for 130 vulnerabilities, marking a shift as no exploited security flaws were included in this batch. Notably, one flaw addressed had already been publicly disclosed. The update also tackles 10 additional non-Microsoft CVEs impacting Visual Studio, AMD, and the Chromium-based Edge browser. Among the patched vulnerabilities, 10 are classified as Critical, while the remainder are deemed Important. “This marks the end of an 11-month streak of fixing at least one zero-day exploitation,” noted Satnam Narang, Senior Staff Research Engineer at Tenable. The vulnerabilities include 53 related to privilege escalation, 42 for remote code execution, 17 for information disclosure, and 8 for security feature bypasses. Furthermore, the update builds on two other flaws previously fixed in the Edge browser since the last month’s Patch Tuesday.

Microsoft Addresses 130 Vulnerabilities, Highlighting Critical Flaws in SPNEGO and SQL Server

On July 9, 2025, Microsoft released its Patch Tuesday updates, addressing a total of 130 vulnerabilities, including critical security flaws within the SPNEGO protocol and SQL Server. Notably, this month’s updates marked the first time in 2025 that Microsoft did not include fixes for any actively exploited vulnerabilities; however, one of the flaws mitigated had already been publicly disclosed prior to the patch issuance.

Among the vulnerabilities addressed, ten have been categorized as Critical, while the remaining are classified as Important. These patches also extend to 10 non-Microsoft CVEs impacting various platforms such as Visual Studio, AMD products, and Microsoft’s Chromium-based Edge browser. According to Satnam Narang, Senior Staff Research Engineer at Tenable, this release ended an 11-month run of patching at least one zero-day vulnerability that had been exploited in real-world attack scenarios.

A significant portion of the vulnerabilities—53—are considered privilege escalation flaws, which could potentially allow attackers to gain higher permissions within a compromised system. Additionally, 42 address remote code execution vulnerabilities that could enable malicious actors to execute arbitrary commands on affected devices. Other categories include 17 information disclosure issues and eight security feature bypasses, each presenting varying levels of risk to organizations utilizing the affected software.

The context of these vulnerabilities is critical for business owners who must remain aware of their potential implications. For instance, privilege escalation could be leveraged by an attacker to move laterally within a network, demonstrating the initial access and persistence tactics outlined in the MITRE ATT&CK framework. Such techniques are commonplace in cyber-attacks where adversaries strive to establish footholds within enterprise environments.

Furthermore, organizations utilizing Microsoft products, like SQL Server, should prioritize the implementation of these patches to mitigate the risk of potential exploitation. The vulnerabilities could serve as gateways for cybercriminals to execute remote code or divulge sensitive information, resulting in severe consequences for both operations and customer trust.

The recent updates also follow two additional vulnerabilities in the Edge browser that were addressed last month, indicating an ongoing commitment from Microsoft to bolster security across their platforms. It serves as a reminder of the evolving threat landscape where vigilance and prompt action are vital for safeguard practices.

In conclusion, Microsoft’s extensive patch rollout this month underscores the necessity for businesses to maintain proactive cybersecurity measures. The insights gleaned from the MITRE ATT&CK framework illustrate the tactics that could potentially be employed by malicious actors, making it imperative for organizations to understand and address the vulnerabilities inherent in their systems.

Source link

Related Posts

Severe Sudo Vulnerabilities Allow Local Users to Escalate to Root Access on Major Linux Distributions

July 4, 2025
By Cybersecurity Insights

Cybersecurity researchers have identified two critical vulnerabilities in the Sudo command-line utility for Linux and Unix-like systems, enabling local attackers to elevate their privileges to root on affected machines. Here’s a summary of the vulnerabilities:

  • CVE-2025-32462 (CVSS Score: 2.8): In versions prior to 1.9.17p1, Sudo, when configured with a sudoers file specifying a host that is neither the current host nor ALL, permits listed users to execute commands on unintended machines.

  • CVE-2025-32463 (CVSS Score: 9.3): In Sudo versions before 1.9.17p1, local users can gain root access as a result of the /etc/nsswitch.conf file being utilized from a user-controlled directory in conjunction with the –chroot option.

Sudo is a command-line tool designed to allow low-privileged users to execute commands as another user, typically the superuser, thereby implementing the principle of least privilege for administrative tasks.

Warning: Exposed JDWP Interfaces are Being Exploited for Crypto Mining; Hpingbot Targets SSH for DDoS

Date: July 5, 2025
Category: Vulnerability / Botnet

Cybercriminals are exploiting exposed Java Debug Wire Protocol (JDWP) interfaces to gain code execution access and deploy cryptocurrency miners on compromised systems. According to Wiz researchers Yaara Shriki and Gili Tikochinski, “The attacker utilized a modified version of XMRig with a hard-coded configuration, allowing them to evade detection from suspicious command-line arguments that security measures often flag.” They added that the mining payload employed proxies to obscure the cryptocurrency wallet address, complicating investigations. The cloud security firm, recently acquired by Google Cloud, reported observing this activity on its honeypot servers running TeamCity, a well-known continuous integration and delivery (CI/CD) tool. JDWP, a debugging communication protocol for Java, enables users to manage Java applications in separate processes.

CISA Adds Four High-Risk Vulnerabilities to KEV Catalog Amid Ongoing Exploitation

July 8, 2025
Cyber Attacks / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included four critical vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The identified vulnerabilities are as follows:

  • CVE-2014-3931 (CVSS score: 9.8): A buffer overflow flaw in Multi-Router Looking Glass (MRLG) allowing remote attackers to perform arbitrary memory writes and cause memory corruption.
  • CVE-2016-10033 (CVSS score: 9.8): A command injection vulnerability in PHPMailer enabling attackers to execute arbitrary code within the application or trigger a denial-of-service (DoS) condition.
  • CVE-2019-5418 (CVSS score: 7.5): A path traversal vulnerability in Ruby on Rails’ Action View that may expose the contents of arbitrary files on the target system’s filesystem.
  • CVE-2019-9621 (CVSS score: 7.5): A Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite that could…

AMD Alerts Users to New Transient Scheduler Vulnerabilities Affecting Various CPU Models

Date: July 10, 2025
Category: Vulnerability / Hardware Security

AMD has issued a warning regarding a fresh wave of vulnerabilities impacting a wide array of chipsets, posing risks of data exposure. These vulnerabilities, known as Transient Scheduler Attacks (TSA), exploit speculative execution timing under certain microarchitectural conditions, creating a potential side channel in the CPUs. “In some instances, attackers could leverage this timing data to extract information from different contexts, leading to data leaks,” AMD stated in its advisory. The vulnerabilities were identified through research conducted by Microsoft and ETH Zurich, which tested modern CPUs against speculative execution threats like Meltdown and Foreshadow by examining isolation among security domains, including virtual machines, kernels, and processes. Following responsible disclosure in June 2024, the vulnerabilities have been assigned the following CVE identifiers: CVE-2024-36350 (CVSS score: 5.6).