Microsoft November 2025 Patch Tuesday: Key Highlights

Microsoft has released its November 2025 Patch Tuesday update from Redmond, Washington, addressing 63 security flaws across its software lineup. This update, issued on November 11, includes fixes for five critical vulnerabilities.

Zero-Day Vulnerability in Windows Kernel

The most prominent update is a patch for an actively exploited zero-day vulnerability in the Windows Kernel, tracked as CVE-2025-62215. This Elevation of Privilege (EoP) flaw allowed attackers to gain full SYSTEM-level access to compromised machines. The issue stems from a race condition, where improper synchronization of a shared kernel resource can lead to memory corruption via a double-free scenario during kernel allocation. To exploit this flaw, an attacker must successfully manipulate the timing-based race condition.

While specific attack details remain undisclosed, Microsoft’s Threat Intelligence Center confirmed the vulnerability was being exploited in the wild prior to the patch. Security experts caution that such flaws, when combined with other exploits, can lead to complete system compromise, making patching CVE-2025-62215 a top priority for Windows administrators.

Critical Vulnerabilities Overview

Beyond the zero-day, the November update addresses five critical vulnerabilities, each posing significant risks:

1. CVE-2025-60724: A Remote Code Execution (RCE) vulnerability in the Windows GDI+ graphics component, with a CVSS score of 9.8. Exploitation can occur via specially crafted documents, potentially impacting web services that parse malicious metafiles, allowing RCE without user interaction.
2. CVE-2025-62199: An RCE vulnerability in Microsoft Office caused by a use-after-free bug. Exploitation is possible when a user opens or previews a malicious document, including through the Outlook Preview Pane.
3. CVE-2025-62214: A complex RCE vulnerability in Visual Studio requiring prompt injection and user interaction with the Copilot Agent. This highlights vulnerabilities in AI-assisted development tools.
4. CVE-2025-60716: An Elevation of Privilege vulnerability in the DirectX Graphics Kernel. Exploitation involves winning a challenging race condition to gain higher privileges.
5. CVE-2025-30398: An information disclosure vulnerability in Nuance PowerScribe 360, allowing unauthenticated attackers to access sensitive personally identifiable information (PII) through API calls over the network.

Summary of Addressed Vulnerabilities

In total, the November update resolves 63 vulnerabilities, down from the previous month’s higher volume. This includes:

• 29 Elevation of Privilege vulnerabilities
• 16 Remote Code Execution vulnerabilities
• 11 Information Disclosure vulnerabilities
• 3 Denial of Service vulnerabilities
• 2 Security Feature Bypass vulnerabilities

Microsoft also flagged five ‘Important’ vulnerabilities as ‘exploitation more likely’, helping IT teams prioritize their patching efforts. Notably, the total number of Common Vulnerabilities and Exposures (CVEs) addressed by Microsoft in 2025 now stands at 1,084.

Focus Areas for Administrators

This month’s update underscores Microsoft’s focus on vulnerabilities that allow for privilege escalation and remote code execution. Administrators must prioritize patching CVE-2025-62215, the actively exploited zero-day, while also addressing the five critical vulnerabilities to prevent severe system compromise.

Organizations are advised to implement these updates promptly to protect against ongoing and potential cyberattacks, ensuring the integrity of their systems and sensitive data.