Microsoft Patch Tuesday: 81 Bugs Squashed, But Two Zero-Days Loom Large
Microsoft’s Patch Tuesday rolled out fixes for 81 vulnerabilities, including two zero-day vulnerabilities. One zero-day involves SQL Server’s poor handling of JSON objects, while the other exploits Windows SMB for privilege escalation. While some flaws seem less menacing, they can impact essential services like hospitals or airports.
Hot Take:
Microsoft’s monthly Patch Tuesday is starting to feel like the cyber equivalent of Whac-A-Mole. With 81 vulnerabilities to patch, including two zero-days, it’s clear that hackers are having a field day in Microsoft’s garden. Brace yourselves, IT departments, because this patching game isn’t going away anytime soon. One wrong click and your SQL Server might just take a nap, and your SMB might suddenly get a case of identity crisis. At least Microsoft is trying to make it a fair fight by giving administrators a peek behind the curtain with some audit capabilities. You might want to keep a trusty cup of coffee by your side this month, it’s going to be a long one!
Key Points:
– Microsoft released updates for 81 vulnerabilities, including two zero-days.
– CVE-2024-21907 affects Newtonsoft.Json in SQL server, potentially causing denial of service.
– CVE-2025-55234 is a Windows SMB elevation of privilege vulnerability.
– Other notable vulnerabilities include CVE-2025-54110, CVE-2025-54093, and CVE-2025-54098.
– Microsoft provides audit capabilities to assess compatibility before enabling security features.