Microsoft has released its July 2025 Patch Tuesday security updates, addressing more than 130 vulnerabilities across its products. Among the fixes is a patch for a previously disclosed vulnerability in Microsoft SQL Server.
The flaw, tracked as CVE-2025-49719, is an information disclosure flaw in SQL Server that could allow a remote, unauthenticated attacker to access sensitive data by reading uninitialized memory.
The issue is related to improper input validation, enabling unauthorized access to data over a network. Administrators are advised to install the latest version of Microsoft SQL Server along with either version 18 or 19 of the Microsoft OLE DB Driver.
July 2025 Patch Tuesday also fixes a number of high-risk vulnerabilities affecting Microsoft Excel and Office, Microsoft NEGOEX, Microsoft Visual Studio Code Python Extension, and other software products.
