With the information security industry’s two largest conferences (Black Hat Briefings and Def Con) set to happen in less than a month, Microsoft pulled out all the stops and, for July, nearly tripled the number of patches they released in June for problems discovered in Windows, Office, and software that runs under various server and cloud platforms.
The single product most prominently featured in the hot summer flood of fixes is Microsoft SQL Server. The Microsoft SQL Server Native Client component of this month’s update will fix 38 distinct remote code execution bugs in the OLE database driver. An attacker might invoke any of the bugs in the OLE DB driver by tricking an authenticated account into connecting to a malicious SQL Server database;
Read more…
Source: Sophos
Related:
- US Air Force admits SharePoint privacy issue as reports trickle out of possible breach
October 1, 2025
The US Air Force is reportedly investigating a potential data breach caused by a Microsoft SharePoint issue. A report from The Register revealed the Air Force Personnel Center Directorate of Technology and Information issued a data breach notification shared on social media. “This message is to inform you of a critical Personally Identifiable Information (PII) and ...
- Microsoft SharePoint Zero-Day Exploitation: What Public Sector Leaders Should Know
September 30, 2025
The Rapid7 September 2025 Threat Report highlights active exploitation of a critical Microsoft SharePoint vulnerability, CVE-2025-53770. This zero-day is being used by threat actors to gain initial access to victim networks, with exploitation observed in government as well as multiple other industries. SharePoint remains a widely deployed collaboration platform in federal, state, and local agencies, resulting ...
- Microsoft terminates services for Israeli military after investigation into mass surveillance of Palestinians
September 25, 2025
Microsoft has terminated a set of services for the Israeli military after an investigation suggested Israel was using the company’s cloud computing technology for mass surveillance of Palestinians. In a statement posted the company’s blog, Microsoft President Brad Smith said the company had “ceased and disabled a set of services to a unit within the Israel ...
- Serious Microsoft Entra flaw could have let hackers infiltrate any user – patch now
September 22, 2025
Security researchers have found a critical vulnerability in Microsoft Entra ID which could have allowed threat actors to gain Global Administrator access to virtually anyone’s tenant – without being detected in any way. The vulnerability consists of two things – a legacy service called “actor tokens”, and a critical Elevation of Privilege bug tracked as CVE-2025-55241. ...
- Disrupted phishing service was after Microsoft 365 credentials
September 18, 2025
Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation, known as RaccoonO365. The primary goal of RaccoonO365 (or Storm-2246 as Microsoft calls it) was to rent out a phishing toolkit that specialized in stealing Microsoft 365 credentials. They were successful in at least 5,000 cases, spanning 94 countries since July 2024. The operation provided the cybercriminals’ customers ...
- Patch Tuesday – September 2025
September 10, 2025
Microsoft is addressing 176 vulnerabilities today, which seems like a lot, and it is. Curiously, Microsoft’s own Security Update Guide (SUG) for September 2025 Patch Tuesday only lists 86 vulns, and that’s because the SUG doesn’t include a large number of open source software (OSS) fixes published today as part of updates for Azure Linux ...