Microsoft’s Patch Tuesday 2025: 130 Fixes, But Zero-Day Vulnerability Streak Ends with a Bang!
Microsoft Patch Tuesday updates in 2025 resolved 130 vulnerabilities without bundling fixes for exploited security issues. The update marked the end of an 11-month zero-day patch streak. Among the flaws, a critical one in SPNEGO Extended Negotiation is deemed “wormable,” prompting urgent action from cybersecurity teams.
Hot Take:
**_Microsoft’s Patch Tuesday updates in 2025 decided to break tradition by not patching any zero-day vulnerabilities, but they sure made up for it with a buffet of 130 other vulnerabilities. It’s as if they said, ‘We’re taking a zero-day holiday, but here’s a patch party instead!’ Kudos to Microsoft for keeping us on our toes by reminding us that in the world of cybersecurity, there’s never a dull moment._**
Key Points:
– A total of 130 vulnerabilities were patched, including 10 non-Microsoft CVEs.
– No zero-day vulnerabilities were patched, breaking an 11-month streak.
– The most critical flaw is a remote code execution vulnerability in SPNEGO Extended Negotiation (CVE-2025-47981).
– An information disclosure flaw in Microsoft SQL Server (CVE-2025-49719) was publicly known prior to patching.
– Other vendors like AMD, HP, and SAP also released security updates.