Microsoft has commenced the rollout of its November 2025 Patch Tuesday updates for Windows 11, addressing a total of 63 vulnerabilities across various platforms, including Windows, Office, Microsoft Edge, Azure Monitor Agent, Dynamics 365, Hyper-V, and SQL Server. This comprehensive update is designed to enhance both security and user experience.
Among the notable changes, the update introduces a redesigned Start Menu and taskbar, alongside improvements to battery performance and new features for devices equipped with Copilot+. The enhancements aim to streamline user interaction and elevate the overall functionality of Windows 11 versions 25H2 and 24H2.
63 vulnerabilities fixed in the November 2025 Patch Tuesday updates
This month’s patch addresses 63 vulnerabilities, with four classified as “Critical” and 59 as “Important.” Notably, one of these vulnerabilities is currently being exploited in the wild. Here are some key vulnerabilities that have been resolved:
- CVE-2025-62215: A privilege escalation vulnerability in the Windows Kernel that could allow attackers to gain administrative rights on affected devices.
- CVE-2025-60724: A critical heap-based buffer overflow in the Microsoft Graphics Component (GDI+) enabling remote code execution without authentication, rated with a CVSS score of 9.8.
- CVE-2025-60704: A high-severity vulnerability in Windows Kerberos affecting organizations using Active Directory, with a CVSS score of 7.5.
- CVE-2025-62220: A heap-based buffer overflow in the Windows Subsystem for Linux GUI (WSLg) that could allow arbitrary code execution remotely, rated at 8.8.
- CVE-2025-60719: An untrusted pointer dereference in the Windows Ancillary Function Driver for WinSock, potentially allowing local attackers to escalate privileges.
For a complete overview of the vulnerabilities addressed, Microsoft has provided a detailed list of CVEs associated with this month’s updates.
Quality and experience updates
The KB5068861 patch enhances various features for Windows 11 versions 25H2 and 24H2, improving Click to Do, File Explorer, Voice Access, and Windows Search for Copilot+ devices. The taskbar has also received several updates, including a new battery icon that visually indicates the battery’s status, whether it is charging, in good health, or critically low.
Additionally, the Start Menu has been revamped to include a scrollable All section with category and grid views, ensuring a responsive layout adaptable to any screen size. Integration with Phone Link is now accessible through a collapsible side panel located next to the search box.
In a move to bolster system security, Microsoft has introduced a preview of the Administrator Protection feature. This feature utilizes User Account Control (UAC) and security policies to prevent unauthorized changes by requiring admin approval for system-level actions. It can be enabled through Windows Security, Microsoft Intune, or Group Policy.
Furthermore, Microsoft has released KB5068781, marking the first Windows 10 Extended Security Update following the end-of-support announcement. This update rectifies an incorrect “end of support” message and includes security fixes for the 63 vulnerabilities identified in the November Patch Tuesday, specifically for devices enrolled in the Windows 10 Extended Security Updates (ESU) program.
Windows Update testing and best practices
Organizations planning to deploy this month’s patches are advised to conduct thorough testing prior to widespread implementation on production systems. While timely application of patches is crucial to mitigate risks, it is equally important to avoid unnecessary delays, as cybercriminals often seek to exploit newly disclosed vulnerabilities.
Best practices recommend backing up systems before applying updates. Users frequently encounter issues post-update, which can lead to system boot failures, compatibility problems with applications and hardware, or even data loss in severe cases. Windows and Windows Server offer built-in backup tools that can restore systems if a patch causes complications, allowing for either full system recovery or granular restoration of specific files and folders.
