Microsoft’s April 2025 Patch Tuesday addresses 130 vulnerabilities, including a publicly known information disclosure flaw in SQL Server. Notably, the update fixes a critical remote code execution vulnerability in Windows SPNEGO that may be “wormable.” #MicrosoftSQLServer #SPNEGO
Keypoints
- Microsoft’s April 2025 updates fix 130 security vulnerabilities across various products.
- The publicly known flaw in SQL Server can leak uninitialized memory, risking sensitive data exposure.
- The most critical issue is a remote code execution in Windows SPNEGO, potentially “wormable” and highly exploitable.
- Additional patches address remote code execution in Windows KDC Proxy, Hyper-V, and Office applications.
- Five security feature bypasses in Bitlocker could allow attackers with physical access to decrypt data.
Read More: https://thehackernews.com/2025/07/microsoft-patches-130-vulnerabilities.html