The February 2025 Patch Tuesday updates by Microsoft addressed 130 vulnerabilities, including 10 non-Microsoft CVEs affecting Visual Studio, AMD, and Edge. This month marked the end of an 11-month streak of patching zero-day vulnerabilities exploited in the wild. Among the vulnerabilities, 53 were classified as privilege escalation, 42 as remote code execution, 17 as information disclosure, and 8 for security feature bypasses. One notable flaw, CVE-2025-49719, is an information disclosure vulnerability in SQL Server that could allow attackers to leak sensitive data.
The patches resolve a whopping 130 vulnerabilities, along with 10 other non-Microsoft CVEs that affect Visual Studio, AMD, and its Chromium-based Edge browser.
An attacker might well learn nothing of any value, but with luck, persistence, or some very crafty massaging of the exploit, the prize could be cryptographic key material or other crown jewels from the SQL Server.
The most critical flaw patched by Microsoft as part of this month's updates concerns a case of remote code execution.
Fifty-three of these shortcomings are classified as privilege escalation bugs followed by 42 as remote code execution, 17 as information disclosure, and 8 as security feature bypasses.
Collection
[
|
...
]