patching process Archives

Winsage

November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.

Winsage

October 22, 2025

Patching required for exploited Windows vulnerability

Microsoft is facing a significant security vulnerability in the Windows Server Message Block (SMB) client, which has been added to the US Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. Despite a patch being released, the flaw, designated as CVE-2025-33073 and rated with a CVSS score of 8.8, remains a target for exploitation. The vulnerability allows attackers to connect a Windows system to a malicious SMB server, enabling remote execution of plans with elevated access privileges. CISA has mandated that all federal agencies must install the update by November 10, 2025, and encourages private organizations to assess their patch status and consider temporary measures if immediate updates are not possible.