Today marks Microsoft’s November 2025 Patch Tuesday, a significant event in the tech calendar, as it brings essential security updates addressing a total of 63 vulnerabilities, including a zero-day flaw that is currently being exploited. Among the updates, four vulnerabilities have been classified as “Critical,” with two related to remote code execution, one concerning elevation of privileges, and the last being an information disclosure issue.
- 29 Elevation of Privilege Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 16 Remote Code Execution Vulnerabilities
- 11 Information Disclosure Vulnerabilities
- 3 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
It is noteworthy that the count of vulnerabilities reported today does not include those addressed in earlier updates for Microsoft Edge and Mariner. Additionally, this Patch Tuesday is particularly significant as it marks the first extended security update (ESU) for Windows 10. Users still operating on this unsupported system are strongly encouraged to upgrade to Windows 11 or enroll in the ESU program. For those encountering difficulties with enrollment, Microsoft has released an out-of-band update to resolve a bug hindering the process.
For further insights into non-security updates released today, interested parties can explore dedicated articles on the Windows 11 KB5066835 and KB5066793 updates, as well as the Windows 10 KB5068781 extended security update. Those experiencing delays or issues with Patch Tuesday updates are invited to join a webinar on December 2, hosted by Action1, which will delve into modern patch management strategies to expedite the patching process and mitigate risks.
1 actively exploited zero-day
This month’s Patch Tuesday addresses a critical zero-day vulnerability in the Windows Kernel. Microsoft defines a zero-day flaw as one that has been publicly disclosed or is actively exploited without an official fix available. The specific vulnerability being addressed is:
CVE-2025-62215 – Windows Kernel Elevation of Privilege Vulnerability
This vulnerability has been exploited to gain SYSTEM privileges on Windows devices. Microsoft describes the flaw as a result of concurrent execution using shared resources with improper synchronization, commonly referred to as a “race condition.” This allows an authorized attacker to elevate their privileges locally. While Microsoft has attributed the discovery of this flaw to its Threat Intelligence Center (MSTIC) and Security Response Center (MSRC), details on the exploitation method remain undisclosed.
Recent updates from other companies
In addition to Microsoft’s updates, several other vendors have also released security advisories in November 2025:
- Adobe has rolled out security updates for various products including InDesign, InCopy, Photoshop, Illustrator, Substance 3D, Pass, and Adobe Format.
- Cisco issued patches for multiple products, including Cisco ASA and Unified Contact Center, while also warning of new attacks exploiting older vulnerabilities.
- expr-eval developers have released patches to address a critical remote code execution vulnerability in their JavaScript library.
- Fortinet has provided a security update for a medium-severity elevation of privileges flaw in FortiOS.
- Google has published the November security bulletin for Android, fixing two vulnerabilities.
- Ivanti has also released security patches as part of its November 2025 Patch Tuesday updates.
- runC has issued updates to fix vulnerabilities that could allow attackers to escape Docker and Kubernetes containers.
- QNAP has released updates for seven zero-day vulnerabilities exploited during the Pwn2Own Ireland 2025 hacking contest.
- SAP has released November security updates for multiple products, including a fix for a critical hardcoded credentials flaw in SQL Anywhere Monitor.
- Samsung has issued its November security updates, addressing 25 vulnerabilities.
The November 2025 Patch Tuesday Security Updates
Below is a comprehensive list of the resolved vulnerabilities in the November 2025 Patch Tuesday updates. For detailed descriptions of each vulnerability and the systems affected, please refer to the full report.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Azure Monitor Agent | CVE-2025-59504 | Azure Monitor Agent Remote Code Execution Vulnerability | Important |
| Customer Experience Improvement Program (CEIP) | CVE-2025-59512 | CEIP Elevation of Privilege Vulnerability | Important |
| Dynamics 365 Field Service (online) | CVE-2025-62211 | Dynamics 365 Field Service Spoofing Vulnerability | Important |
| Dynamics 365 Field Service (online) | CVE-2025-62210 | Dynamics 365 Field Service Spoofing Vulnerability | Important |
| GitHub Copilot and Visual Studio Code | CVE-2025-62453 | Security Feature Bypass Vulnerability | Important |
| Host Process for Windows Tasks | CVE-2025-60710 | Elevation of Privilege Vulnerability | Important |
| Microsoft Configuration Manager | CVE-2025-47179 | Elevation of Privilege Vulnerability | Important |
| Microsoft Dynamics 365 (on-premises) | CVE-2025-62206 | Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-60724 | GDI+ Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-62216 | Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-62199 | Remote Code Execution Vulnerability | Critical |
| Microsoft Office Excel | CVE-2025-62200 | Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62201 | Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-60726 | Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62203 | Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62202 | Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-60727 | Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-60728 | Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-59240 | Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-62204 | Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-62205 | Remote Code Execution Vulnerability | Important |
| Microsoft Streaming Service | CVE-2025-59514 | Proxy Elevation of Privilege Vulnerability | Important |
| Microsoft Wireless Provisioning System | CVE-2025-62218 | Elevation of Privilege Vulnerability | Important |
| Microsoft Wireless Provisioning System | CVE-2025-62219 | Elevation of Privilege Vulnerability | Important |
| Multimedia Class Scheduler Service (MMCSS) | CVE-2025-60707 | Driver Elevation of Privilege Vulnerability | Important |
| Nuance PowerScribe | CVE-2025-30398 | Information Disclosure Vulnerability | Critical |
| OneDrive for Android | CVE-2025-60722 | Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-60706 | Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2025-59499 | Elevation of Privilege Vulnerability | Important |
| Storvsp.sys Driver | CVE-2025-60708 | Denial of Service Vulnerability | Important |
| Visual Studio | CVE-2025-62214 | Remote Code Execution Vulnerability | Critical |
| Visual Studio Code CoPilot Chat Extension | CVE-2025-62449 | Security Feature Bypass Vulnerability | Important |
| Visual Studio Code CoPilot Chat Extension | CVE-2025-62222 | Remote Code Execution Vulnerability | Important |
| Windows Administrator Protection | CVE-2025-60721 | Elevation of Privilege Vulnerability | Important |
| Windows Administrator Protection | CVE-2025-60718 | Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-62217 | Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-60719 | Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-62213 | Elevation of Privilege Vulnerability | Important |
| Windows Bluetooth RFCOM Protocol Driver | CVE-2025-59513 | Information Disclosure Vulnerability | Important |
| Windows Broadcast DVR User Service | CVE-2025-59515 | Elevation of Privilege Vulnerability | Important |
| Windows Broadcast DVR User Service | CVE-2025-60717 | Elevation of Privilege Vulnerability | Important |
| Windows Client-Side Caching (CSC) Service | CVE-2025-60705 | Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2025-60709 | Elevation of Privilege Vulnerability | Important |
| Windows DirectX | CVE-2025-59506 | Graphics Kernel Elevation of Privilege Vulnerability | Important |
| Windows DirectX | CVE-2025-60716 | Graphics Kernel Elevation of Privilege Vulnerability | Critical |
| Windows DirectX | CVE-2025-60723 | Graphics Kernel Denial of Service Vulnerability | Important |
| Windows Kerberos | CVE-2025-60704 | Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2025-62215 | Elevation of Privilege Vulnerability | Important |
| Windows License Manager | CVE-2025-62208 | Information Disclosure Vulnerability | Important |
| Windows License Manager | CVE-2025-62209 | Information Disclosure Vulnerability | Important |
| Windows OLE | CVE-2025-60714 | Remote Code Execution Vulnerability | Important |
| Windows Remote Desktop | CVE-2025-60703 | Elevation of Privilege Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-62452 | Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-59510 | Denial of Service Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-60715 | Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-60713 | Elevation of Privilege Vulnerability | Important |
| Windows Smart Card | CVE-2025-59505 | Elevation of Privilege Vulnerability | Important |
| Windows Speech | CVE-2025-59507 | Elevation of Privilege Vulnerability | Important |
| Windows Speech | CVE-2025-59508 | Elevation of Privilege Vulnerability | Important |
| Windows Speech | CVE-2025-59509 | Information Disclosure Vulnerability | Important |
| Windows Subsystem for Linux GUI | CVE-2025-62220 | Remote Code Execution Vulnerability | Important |
| Windows TDX.sys | CVE-2025-60720 | Elevation of Privilege Vulnerability | Important |
| Windows WLAN Service | CVE-2025-59511 | Elevation of Privilege Vulnerability | Important |
