Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Microsoft Patches ‘Wormable’ Critical Flaw, Discloses ‘Whopping’ Number Of Bug Fixes

CRN by CRN
July 8, 2025
Home News
Share on FacebookShare on Twitter


The 130 CVEs (Common Vulnerabilities and Exposures) disclosed in Microsoft’s monthly release of security fixes includes a remote code execution flaw that ‘definitely’ should be prioritized for patching, writes Trend Micro’s Dustin Childs.

The huge quantity of CVEs (Common Vulnerabilities and Exposures) disclosed by Microsoft Tuesday includes a critical-severity remote code execution flaw that should be given a high priority for patching, according to a Trend Micro researcher.

The flaws received patches as part of Microsoft’s monthly release of software bug fixes, unofficially known as “Patch Tuesday.”

[Related: 5 Things To Know On The SafePay Ransomware Group]

Microsoft released fixes for a total of 130 CVEs on Tuesday, a “whopping” number of patches for a single month, wrote Dustin Childs, head of threat awareness for Trend Micro’s Zero Day Initiative, in a blog post.

As usual, the patches address vulnerabilities that affect numerous Microsoft product categories including Windows, Office, Azure, .NET, Visual Studio, Windows BitLocker, Windows Hyper-V and Microsoft Edge.

Among the highest-risk flaws is a Windows remote code execution vulnerability (tracked at CVE-2025-47981) that “many will be talking about” in the security community for a number of reasons, Childs wrote in the post.

That’s because the flaw “allows remote, unauthenticated attackers to execute code simply by sending a malicious message to an affected system,” he wrote. “Since there’s no user interaction, and since the code executes with elevated privileges, this bug falls into the wormable class of bugs.”

Additionally, Microsoft “gives this [flaw] its highest exploitability index rating, which means they expect attacks within 30 days,” Childs wrote. “Definitely test and deploy these patches quickly.”

The vulnerability has received a severity rating of 9.8 out of 10.0.

In total, 10 of the newly disclosed vulnerabilities patched in the software updates Tuesday are rated as “critical” issues in terms of severity, he noted.

Other critical vulnerabilities disclosed Tuesday include remote code execution flaws affecting Microsoft Office, SharePoint and SQL Server.

Those flaws include a SharePoint remote code execution vulnerability (tracked at CVE-2025-49704) with a severity rating of 8.8 of out 10.0, as well as a SQL Server remote code execution vulnerability (tracked at CVE-2025-49717) with a severity rating of 8.5 out of 10.0.



Source link

Tags: CybersecurityVulnerabilities
CRN

CRN

Next Post
20 Tech Companies Hiring In The IT Channel: July 2025

20 Tech Companies Hiring In The IT Channel: July 2025

Recommended.

Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild

Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild

December 2, 2025
Applied Digital CEO Wes Cummins Talks Nvidia, Liquid Cooling, And Finding Capacity Amid ‘This Big Infrastructure Revolution’

Applied Digital CEO Wes Cummins Talks Nvidia, Liquid Cooling, And Finding Capacity Amid ‘This Big Infrastructure Revolution’

January 18, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio