Full Report
Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire "critical" rating, meaning they could be exploited to seize control over vulnerable Windows PCs with little or no help from users.
Analysis Summary
# Vulnerability: Information Disclosure in SQL Server (CVE-2025-49719) & RCE in Windows Authentication (CVE-2025-47981)
## CVE Details
- CVE ID: CVE-2025-49719
- CVSS Score: Not specified (Information Disclosure, Publicly Disclosed)
- CWE: Not explicitly specified, but details suggest Input Validation/Memory Management issues.
- CVE ID: CVE-2025-47981
- CVSS Score: 9.8 (High)
- CWE: Not specified (Related to Authentication Negotiation)
## Affected Systems
- Products: SQL Server
- Versions: SQL Server 2016 through SQL Server 2022
- Configurations: All listed versions are potentially affected. Note: SQL Server 2012 support has ended.
- Products: Windows (Clients and Servers)
- Versions: Windows 10 version 1607 and above; All current versions of Windows Server.
- Configurations: Related to how machines negotiate authentication mechanisms.
## Vulnerability Description
**CVE-2025-49719 (Information Disclosure):** A vulnerability in SQL Server, spanning multiple major releases (2016–2022), related to memory management and input validation. Exploitation can lead to information disclosure without requiring authentication. The availability of PoC code increases risk, especially given the role of SQL Server in supply chains.
**CVE-2025-47981 (Remote Code Execution):** A pre-authentication RCE vulnerability in Windows servers and clients concerning the discovery mechanism for mutually supported authentication mechanisms.
## Exploitation
### CVE-2025-49719
- Status: Publicly disclosed, PoC available.
- Complexity: Low (Exploitable without authentication).
- Attack Vector: Not specified, but likely Network given context.
### CVE-2025-47981
- Status: Microsoft considers this flaw **more likely** to be exploited.
- Complexity: Not explicitly rated, implied low/medium given high CVSS and pre-authentication nature.
- Attack Vector: Network (Remote)
## Impact
### CVE-2025-49719
- Confidentiality: High (Potential exposure of sensitive information).
- Integrity: Unknown/Not primary impact.
- Availability: Unknown/Not primary impact.
### CVE-2025-47981
- Confidentiality: High (RCE often leads to full system compromise).
- Integrity: High (Arbitrary code execution).
- Availability: High (Arbitrary code execution can lead to denial of service).
## Remediation
### Patches
- Patches are available from Microsoft for **CVE-2025-49719** for SQL Server 2016 through 2022.
- Patches are available from Microsoft for **CVE-2025-47981** for affected Windows Clients (10 v1607+) and all Windows Servers.
- Microsoft also patched several critical RCE flaws in **Office** (CVE-2025-49695, CVE-2025-49696, CVE-2025-49697, CVE-2025-49702).
- Patches for CVE-2025-49740 (Defender SmartScreen Bypass) and CVE-2025-47178 (Configuration Manager RCE) are also available.
### Workarounds
- No specific workarounds were detailed for the primary vulnerabilities (CVE-2025-49719 or CVE-2025-47981).
- Users administering Windows systems are advised to apply updates and monitor AskWoody for potential update issues.
- Home users are advised to back up data before installing patches.
## Detection
- **CVE-2025-49719:** Monitor SQL Server auditing/activity for unexpected memory access or input anomalies. Detection efforts should focus on the potential exposure of sensitive data.
- **CVE-2025-47981:** Monitor network traffic, especially authentication negotiation attempts, for anomalies or signs of successful authentication bypasses followed by unexpected process execution.
- **CVE-2025-47178 (ConfigMgr):** Monitor the Configuration Manager environment for arbitrary SQL query execution originating from low-privilege roles, specifically looking for attempts to manipulate deployments or push malicious material.
## References
- Vendor Advisories: Microsoft Security Update Guide (Search specific CVEs).
- Relevant links:
- msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-49719
- msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-47981
- helpx.adobe.com/security/security-bulletin.html
- isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%2C%20July%202025/32088
- www.askwoody.com/