Overview

• Several wormable remote-code-execution flaws, including CVE-2025-47981 in Windows SPNEGO, are fixed to prevent exploits that need no user interaction.
• A SharePoint vulnerability uncovered at Pwn2Own Berlin (CVE-2025-49704) earned researchers a $100,000 prize and underscores the role of third-party disclosures.
• The publicly known SQL Server leak (CVE-2025-49719) is now patched to stop unauthenticated attackers from accessing protected data over the network.
• Updates harden Kerberos authentication to trust only NTAuth-signed certificates by default, while repairing a firewall bug, a broken update preview and the Windows Recovery Environment.
• Windows 11 gains smaller taskbar icons, an enriched share window, simplified browser default settings, a new PC migration tool and a Narrator “screen curtain.”