Microsoft November 2025 Patch Tuesday

Posted on By CWS

Microsoft rolled out its November 2025 Patch Tuesday safety updates right this moment, addressing 63 vulnerabilities throughout its product and repair ecosystem.

Amongst these, one zero-day flaw has already been exploited within the wild, underscoring the urgency for organizations and customers to use patches promptly to mitigate potential threats.

The updates cowl Home windows, Workplace, Azure, Visible Studio, and different elements, with a deal with distant code execution (RCE) and elevation of privilege (EoP) points that would enable attackers to compromise techniques.

ImpactCountElevation of Privilege29​Distant Code Execution16​Data Disclosure11​Denial of Service3​Spoofing2​Safety Function Bypass2​

The important thing concern is CVE-2025-62215, a Home windows Kernel Elevation of Privilege vulnerability rated as Vital, with confirmed exploitation.

This race situation flaw allows a certified native attacker to escalate privileges by exploiting improper synchronization in shared sources.

Microsoft notes that exploitation is extra possible attributable to its lively use, probably permitting menace actors to achieve increased entry on affected Home windows techniques. No workaround exists past putting in the replace, and specialists advocate instant deployment on all supported variations, together with Home windows 10, 11, and Server editions.

Essential vulnerabilities dominate the discharge, with 5 rated as such. Main the pack is CVE-2025-62199, a use-after-free bug in Microsoft Workplace resulting in RCE, the place an unauthorized attacker might execute code regionally through malicious paperwork.

Exploitation is deemed much less possible, however its vital severity warrants precedence patching for Workplace customers. Equally, CVE-2025-60716 in Home windows DirectX entails a use-after-free error, permitting native privilege escalation to vital ranges.

One other high-impact challenge, CVE-2025-60724, is a heap-based buffer overflow in GDI+ that allows distant code execution over networks, posing dangers to graphics-dependent functions.

CVE-2025-62214 impacts Visible Studio with command injection for native RCE, whereas CVE-2025-30398 in Nuance PowerScribe 360 exposes delicate info through lacking authorization, all launched on November 11, 2025.

The majority of the patches, 57, rated Vital goal elevation of privilege flaws, which comprised over half the vulnerabilities. Notable examples embrace CVE-2025-59505 (double free in Home windows Good Card), CVE-2025-60704 (lacking crypto in Kerberos for network-based EoP), and CVE-2025-60719 (untrusted pointer in WinSock driver).

Data disclosure points, like CVE-2025-59509 in Home windows Speech Recognition, and denial-of-service bugs, similar to CVE-2025-59510 in RRAS, spherical out the record.

Azure elements aren’t spared, with CVE-2025-59504 providing native RCE within the Monitor Agent through buffer overflow. Dynamics 365 sees spoofing through XSS in CVE-2025-62210 and CVE-2025-62211.

CVE IDProduct/ComponentDescriptionImpactCVE-2025-62199Microsoft OfficeUse after free in Microsoft Workplace permits an unauthorized attacker to execute code regionally.Distant Code ExecutionCVE-2025-60716DirectX Graphics KernelUse after free in Home windows DirectX permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-60724GDI+Heap-based buffer overflow in Microsoft Graphics Part permits an unauthorized attacker to execute code over a community.Distant Code ExecutionCVE-2025-62214Visual StudioImproper neutralization of particular components utilized in a command (‘command injection’) in Visible Studio permits a certified attacker to execute code regionally.Distant Code ExecutionCVE-2025-30398Nuance PowerScribe 360Missing authorization in Nuance PowerScribe permits an unauthorized attacker to reveal info over a community.Data DisclosureCVE-2025-59504Azure Monitor AgentHeap-based buffer overflow in Azure Monitor Agent permits an unauthorized attacker to execute code regionally.Distant Code ExecutionCVE-2025-59505Windows Good Card ReaderDouble free in Home windows Good Card permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-59506DirectX Graphics KernelConcurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Home windows DirectX permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-59507Windows Speech RuntimeConcurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Home windows Speech permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-59508Windows Speech RecognitionConcurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Home windows Speech permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-59509Windows Speech RecognitionInsertion of delicate info into despatched knowledge in Home windows Speech permits a certified attacker to reveal info regionally.Data DisclosureCVE-2025-59510Windows Routing and Distant Entry Service (RRAS)Improper hyperlink decision earlier than file entry (‘hyperlink following’) in Home windows Routing and Distant Entry Service (RRAS) permits a certified attacker to disclaim service regionally.Denial of ServiceCVE-2025-59511Windows WLAN ServiceExternal management of file identify or path in Home windows WLAN Service permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-59512Customer Expertise Enchancment Program (CEIP)Improper entry management in Buyer Expertise Enchancment Program (CEIP) permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-59513Windows Bluetooth RFCOM Protocol DriverAn out-of-bounds learn within the Home windows Bluetooth RFCOMM Protocol Driver permits a certified attacker to reveal native info.Data DisclosureCVE-2025-60703Windows Distant Desktop ServicesUntrusted pointer dereference in Home windows Distant Desktop permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-60704Windows KerberosMissing cryptographic step in Home windows Kerberos permits an unauthorized attacker to raise privileges over a community.Elevation of PrivilegeCVE-2025-60705Windows Consumer-Facet CachingImproper entry management in Home windows Consumer-Facet Caching (CSC) Service permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-60706Windows Hyper-VOut-of-bounds learn in Home windows Hyper-V permits a certified attacker to reveal info regionally.Data DisclosureCVE-2025-60707Multimedia Class Scheduler Service (MMCSS) DriverUse after free in Multimedia Class Scheduler Service (MMCSS) permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-60708Storvsp.sys DriverUntrusted pointer dereference in Storvsp.sys Driver permits a certified attacker to disclaim service regionally.Denial of ServiceCVE-2025-60709Windows Widespread Log File System DriverOut-of-bounds learn in Home windows Widespread Log File System Driver permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-60710Host Course of for Home windows TasksImproper hyperlink decision earlier than file entry (‘hyperlink following’) in Host Course of for Home windows Duties permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-60726Microsoft ExcelOut-of-bounds learn in Microsoft Workplace Excel permits an unauthorized attacker to reveal info regionally.Data DisclosureCVE-2025-60727Microsoft ExcelOut-of-bounds learn in Microsoft Workplace Excel permits an unauthorized attacker to execute code regionally.Distant Code ExecutionCVE-2025-60728Microsoft ExcelUntrusted pointer dereference in Microsoft Workplace Excel permits an unauthorized attacker to reveal info over a community.Data DisclosureCVE-2025-62206Microsoft Dynamics 365 (On-Premises)Publicity of delicate info to an unauthorized actor in Microsoft Dynamics 365 (on-premises) permits an unauthorized attacker to reveal info over a community.Data DisclosureCVE-2025-62210Dynamics 365 Area Service (on-line)Improper neutralization of enter throughout net web page technology (‘cross-site scripting’) in Dynamics 365 Area Service (on-line) permits a certified attacker to carry out spoofing over a community.SpoofingCVE-2025-62216Microsoft OfficeUse-after-free in Home windows Broadcast DVR Consumer Service permits a certified attacker to raise privileges regionally.Distant Code ExecutionCVE-2025-60719Windows Ancillary Operate Driver for WinSockUntrusted pointer dereference in Home windows Ancillary Operate Driver for WinSock permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-60722Microsoft OneDrive for AndroidImproper limitation of a pathname to a restricted listing (‘path traversal’) in OneDrive for Android permits a certified attacker to raise privileges over a community.Elevation of PrivilegeCVE-2025-62217Windows Ancillary Operate Driver for WinSockConcurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Home windows Ancillary Operate Driver for WinSock permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-62218Microsoft Wi-fi Provisioning SystemConcurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Microsoft Wi-fi Provisioning System permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-62219Microsoft Wi-fi Provisioning SystemDouble free in Microsoft Wi-fi Provisioning System permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-62220Windows Subsystem for Linux GUIHeap-based buffer overflow in Home windows Subsystem for Linux GUI permits an unauthorized attacker to execute code over a community.Distant Code ExecutionCVE-2025-62452Windows Routing and Distant Entry Service (RRAS)Heap-based buffer overflow in Home windows Routing and Distant Entry Service (RRAS) permits a certified attacker to execute code over a community.Distant Code ExecutionCVE-2025-59240Microsoft ExcelExposure of delicate info to an unauthorized actor in Microsoft Workplace Excel permits an unauthorized attacker to reveal info regionally.Data DisclosureCVE-2025-47179Configuration ManagerImproper entry management in Microsoft Configuration Supervisor permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-59514Microsoft Streaming Service ProxyUse-after-free in Home windows Broadcast DVR Consumer Service permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-59515Windows Broadcast DVR Consumer ServiceImproper privilege administration within the Microsoft Streaming Service permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-60713Windows Routing and Distant Entry Service (RRAS)Untrusted pointer dereference in Home windows Routing and Distant Entry Service (RRAS) permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-60714Windows OLEHeap-based buffer overflow in Home windows OLE permits an unauthorized attacker to execute code regionally.Distant Code ExecutionCVE-2025-60715Windows Routing and Distant Entry Service (RRAS)Heap-based buffer overflow in Home windows Routing and Distant Entry Service (RRAS) permits a certified attacker to execute code over a community.Distant Code ExecutionCVE-2025-60717Windows Broadcast DVR Consumer ServiceUse-after-free in Microsoft Workplace Phrase permits an unauthorized attacker to execute code regionally.Elevation of PrivilegeCVE-2025-60718Windows Administrator ProtectionUntrusted search path in Home windows Administrator Safety permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-60720Windows Transport Driver Interface (TDI) Translation DriverBuffer over-read in Home windows TDX.sys permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-60723DirectX Graphics KernelConcurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Home windows DirectX permits a certified attacker to disclaim service over a community.Denial of ServiceCVE-2025-62200Microsoft ExcelUntrusted pointer dereference in Microsoft Workplace Excel permits an unauthorized attacker to execute code regionally.Distant Code ExecutionCVE-2025-62201Microsoft ExcelHeap-based buffer overflow in Microsoft Workplace Excel permits an unauthorized attacker to execute code regionally.Distant Code ExecutionCVE-2025-62202Microsoft ExcelOut-of-bounds learn in Microsoft Workplace Excel permits an unauthorized attacker to reveal info regionally.Data DisclosureCVE-2025-62203Microsoft ExcelUse-after-free in Microsoft Workplace permits an unauthorized attacker to execute code regionally.Distant Code ExecutionCVE-2025-62204Microsoft SharePointDeserialization of untrusted knowledge in Microsoft Workplace SharePoint permits a certified attacker to execute code over a community.Distant Code ExecutionCVE-2025-62205Microsoft OfficeAn out-of-bounds learn within the Home windows Bluetooth RFCOMM Protocol Driver permits a certified attacker to reveal native info.Distant Code ExecutionCVE-2025-62208Windows License ManagerInsertion of delicate info into log file in Home windows License Supervisor permits a certified attacker to reveal info regionally.Data DisclosureCVE-2025-62209Windows License ManagerInsertion of delicate info into log file in Home windows License Supervisor permits a certified attacker to reveal info regionally.Data DisclosureCVE-2025-59499Microsoft SQL ServerImproper neutralization of particular components utilized in an sql command (‘sql injection’) in SQL Server permits a certified attacker to raise privileges over a community.Elevation of PrivilegeCVE-2025-62211Dynamics 365 Area Service (on-line)Improper neutralization of enter throughout net web page technology (‘cross-site scripting’) in Dynamics 365 Area Service (on-line) permits a certified attacker to carry out spoofing over a community.SpoofingCVE-2025-62215Windows KernelConcurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Home windows Kernel permits a certified attacker to raise privileges regionally. (Zero-day, exploited)Elevation of PrivilegeCVE-2025-62213Windows Ancillary Operate Driver for WinSockUse-after-free in Microsoft Workplace Excel permits an unauthorized attacker to execute code regionally.Elevation of PrivilegeCVE-2025-62222Agentic AI and Visible Studio CodeImproper neutralization of particular components utilized in a command (‘command injection’) in Visible Studio Code CoPilot Chat Extension permits an unauthorized attacker to execute code over a community.Distant Code ExecutionCVE-2025-62449Microsoft Visible Studio Code CoPilot Chat ExtensionImproper limitation of a pathname to a restricted listing (‘path traversal’) in Visible Studio Code CoPilot Chat Extension permits a certified attacker to bypass a safety characteristic regionally.Safety Function BypassCVE-2025-60721Windows Administrator ProtectionPrivilege context switching error in Home windows Administrator Safety permits a certified attacker to raise privileges regionally.Elevation of PrivilegeCVE-2025-62453GitHub Copilot and Visible Studio CodeImproper validation of generative ai output in GitHub Copilot and Visible Studio Code permits a certified attacker to bypass a safety characteristic regionally.Safety Function Bypass

This Patch Tuesday displays Microsoft’s ongoing efforts to bolster defenses amid rising menace landscapes, together with APT campaigns focusing on enterprise software program.

Affected merchandise span consumer OS, servers, productiveness instruments, and cloud providers, emphasizing the necessity for complete patch administration. Safety groups ought to scan environments utilizing instruments like Microsoft Replace or WSUS, prioritizing internet-facing and privileged techniques.

Vulnerability researchers spotlight that whereas no extra zero-days had been publicly disclosed, the exploited CVE-2025-62215 aligns with tendencies in kernel-level assaults.

Different Patch Tuesday Vulnerabilities

Firefox Releases Safety Replace to Repair A number of Vulnerabilities Permitting Arbitrary Code Execution

Ivanti Endpoint Supervisor Vulnerabilities Let Attackers Write Arbitrary Recordsdata to Disk

Synology BeeStation 0-Day Vulnerability Let Distant Attackers Execute Arbitrary Code

Zoom Vulnerabilities Let Attackers Bypass Entry Controls to Entry Session Information

SAP Safety Replace – Patch for Essential Vulnerabilities Permitting Code Execution and Injection Assaults

Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , ,

Related Posts

New EDR-Redir Tool Breaks EDR Exploiting Bind Filter and Cloud Filter Driver Cyber Security News
40,000+ Cyberattacks Targeting API Environments To Inject Malicious Code Cyber Security News
BK Technologies Data Breach – Hackers Compromise IT Systems and Exfiltrate Data Cyber Security News
New Cryptojacking Attack Exploits Redis Servers to Install Miners and Disable Defenses Cyber Security News
Hackers Exploiting Libraesva Email Security Gateway Vulnerability to Inject Malicious Commands Cyber Security News
Threat Actors Weaponizing Facebook Ads to Deliver Malware and Stealing Wallet Passwords Cyber Security News