Microsoft has released fixes for the 137 security flaws, including one Zero-Day vulnerability and 14 critical flaws for Windows, as part of its July 2025 Patch Tuesday release. Out of the 14 critical flaws, the company identified and fixed 10 remote code execution flaws, one information disclosure issue, and two AMD side channel attack flaws. In its June 2025 Patch Tuesday Release, the US-based tech giant had fixed 67 security flaws, including two Zero-Day vulnerabilities.
Microsoft Fixes Zero-Day Flaw in the SQL Server
Microsoft, in the release notes, revealed that the company July 2025 security update fixes 137 Windows security vulnerabilities. This included one publicly disclosed Zero-Day flaw that affects the SQL Server. The company acknowledged, “Improper input validation in SQL Server allows an unauthorised attacker to disclose information over a network.”
According to Microsoft’s website, zero-day vulnerabilites are software flaws that don’t have any official patch or update yet. Most times, even the software publisher has no idea that the vulnerability exists. Such flaws are usually exploited by bad actors and are highly severe.
The tech giant said that the vulnerabilities were discovered by Vladimir Aleksic with Microsoft. However, the company failed to disclose details regarding how the Zero-Day vulnerability became publicly known.
Microsoft also fixed 14 critical vulnerabilities, including 10 remote code execution flaws, one information disclosure flaw, and two AMD side channel attack vulnerabilities. In its July 2025 Patch Tuesday update Microsoft also patched 53 elevation of privilege vulnerabilities, eight security feature bypass vulnerabilities, 41 remote code execution vulnerabilities, 18 information disclosure vulnerabilities, six denial of service vulnerabilities, and four spoofing flaws.
For context, in its June 2025 Patch Tuesday update, Microsoft rolled out fixes for 67 security flaws that affected various products and services. The US-based company fixed 14 vulnerabilities that could have led to an escalation of privilege, 26 remote code execution vulnerabilities, and 17 other issues that could have led to information disclosure.
