Cyber999 Advisories

Overview Contact Advisories Incident Statistics
Share this page :
11 July 2025     Advisory

MA-1362.072025: MyCERT Advisory - Security Updates July - Microsoft

1.0 Introduction
Recently, Microsoft has released security updates to address multiple vulnerabilities in its products including a publicly disclosed zero-day vulnerability.

2.0 Impact
A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products
Zero-Day Vulnerability: 

  • CVE-2025-49719 – Microsoft SQL Server Information Disclosure
    • Type: Information Disclosure
    • Impact: Unauthorized disclosure of data via uninitialized memory
    • Attack Vector: Remote, unauthenticated attacker
    • Fix: Install latest SQL Server updates and Microsoft OLE DB Driver 18 or 19

Critical Vulnerabilities:

  • Windows SPNEGO
    • CVE-2025-47981 – Critical – SPNEGO Extended Negotiation (NEGOEX) RCE – CVSS 9.8 
  • Microsoft Office & SharePoint
    • CVE-2025-49704 – Critical – Microsoft SharePoint RCE – CVSS 8.8
    • CVE-2025-49695 – Critical – Microsoft Office RCE – CVSS 8.4
    • CVE-2025-49696 – Critical – Microsoft Office RCE – CVSS 8.4
    • CVE-2025-49697 – Critical – Microsoft Office RCE – CVSS 8.4
    • CVE-2025-49698 – Critical – Microsoft Word RCE – CVSS 7.8
    • CVE-2025-49702 – Critical – Microsoft Office RCE – CVSS 7.8
    • CVE-2025-49703 – Critical – Microsoft Word RCE – CVSS 7.8 Windows Hyper-V
    • CVE-2025-48822 – Critical – Hyper-V DDA RCE – CVSS 8.6
    • CVE-2025-29828 – Critical – Hyper-V DDA RCE – CVSS 8.1 Microsoft SQL Server
    • CVE-2025-49717 – Critical – SQL Server RCE – CVSS 8.5 Windows KPSSVC (Kerberos KDC Proxy)
    • CVE-2025-49735 – Critical – KPSSVC RCE – CVSS 8.1
  • Microsoft Imaging Component
    • CVE-2025-47980 – Critical – Imaging Component Info Disclosure – CVSS 6.2 AMD CPU Vulnerabilities
    • CVE-2025-36350 – Critical – AMD Store Queue Info Disclosure – CVSS 5.6
    • CVE-2025-36357 – Critical – AMD L1 Data Queue Info Disclosure – CVSS 5.6


4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the  Microsoft MSRC Security Update Guide  and apply the necessary updates.

Kindly refer to the following URL:  https://msrc.microsoft.com/update-guide/releaseNote/2025-Jul

Generally, we advise users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 08:30 -17:30 MYT 
Web:  https://www.cybersecurity.my

5.0 References

Search
Type
Archives
logo
CyberSecurity Malaysia is the national cyber security specialist agency under the purview of the Ministry of Digital (KD)
 
Select User Category
Contact Us

  • CyberSecurity Malaysia,
    Level 7 Tower 1, Menara Cyber Axis, Jalan Impact,
    63000 Cyberjaya, Selangor Darul Ehsan, Malaysia.

  • enquiry@cybersecurity.my

  • +603 - 8800 7999

  • +603 - 8008 7000

COPYRIGHT © CYBERSECURITY MALAYSIA

CONTACT US | DISCLAIMER | PERSONAL DATA PROTECTION NOTICE | SITEMAP

TOP
ASK Byte
Chatbot Portal

Hi, I am ASK Byte. Please submit your questions about the portal and I will try to get answers from online knowledge stores.

Hi, Saya Admin Chatbot. Saya sedia chat dengan anda secara terus. Bagaimana saya boleh membantu anda?

Click the button below to interact with the CSM chatbot

Proceed