Microsoft has released its November 2025 Patch Tuesday update, fixing 63 security vulnerabilities across its products.
One of the most serious issues is a zero-day vulnerability in the Windows Kernel (CVE-2025-62215). This flaw is already being actively exploited and allows attackers to gain higher system privileges. Because of this, system administrators should install this update immediately.
Critical Vulnerabilities Fixed
The update also includes patches for five Critical vulnerabilities, most of which could allow attackers to run code on a victim’s system (Remote Code Execution).
Five vulnerabilities are rated Critical, and many could allow Remote Code Execution (RCE):
| CVE ID | Component / Product | Issue Type | Impact |
|---|---|---|---|
| CVE-2025-62199 | Microsoft Office | Use-after-free | Allows attacker to execute code locally |
| CVE-2025-60724 | Microsoft Graphics Component (GDI+) | Heap-based buffer overflow | Allows unauthenticated RCE over a network |
| CVE-2025-62214 | Visual Studio | Command injection | Lets attacker execute commands/code |
| CVE-2025-60716 | DirectX Graphics Kernel | Use-after-free | Enables local privilege escalation |
| CVE-2025-30398 | Nuance PowerScribe 360 | Information disclosure | Missing authorization check |
Vulnerability Breakdown – November 2025 Patch Tuesday
Microsoft released patches for 63 vulnerabilities affecting Windows, Office, Azure, Visual Studio, Dynamics 365, and other Microsoft components.
✅ Breakdown by Impact
| Impact Type | Count |
|---|---|
| Elevation of Privilege | 29 |
| Remote Code Execution | 16 |
| Information Disclosure | 11 |
| Denial of Service | 3 |
| Spoofing | 2 |
| Security Feature Bypass | 2 |
➡️ 57 out of 63 are rated Important.
➡️ Some are tagged as “Exploitation More Likely”, including:
- CVE-2025-59512 (CEIP – Elevation of Privilege)
- CVE-2025-60705 (Client-Side Caching – Elevation of Privilege)
- Multiple WinSock driver vulnerabilities:
- CVE-2025-60719
- CVE-2025-62217
- CVE-2025-62213
Detailed Vulnerability List
| CVE ID | Product / Component | Description | Impact |
|---|---|---|---|
| CVE-2025-62199 | Microsoft Office | Use-after-free allows attacker to execute code locally. | Remote Code Execution |
| CVE-2025-60716 | DirectX Graphics Kernel | Use-after-free allows privilege escalation. | Elevation of Privilege |
| CVE-2025-60724 | GDI+ | Heap-based buffer overflow allows attacker to execute code over a network. | Remote Code Execution |
| CVE-2025-62214 | Visual Studio | Command injection allows attacker to execute code locally. | Remote Code Execution |
| CVE-2025-30398 | Nuance PowerScribe 360 | Missing authorization allows information disclosure over a network. | Information Disclosure |
| CVE-2025-59504 | Azure Monitor Agent | Heap overflow enables local code execution. | Remote Code Execution |
| CVE-2025-59505 | Windows Smart Card Reader | Double-free allows privilege escalation. | Elevation of Privilege |
| CVE-2025-59506 | DirectX Graphics Kernel | Race condition allows privilege escalation. | Elevation of Privilege |
| CVE-2025-59507 | Windows Speech Runtime | Race condition allows privilege escalation. | Elevation of Privilege |
| CVE-2025-59508 | Windows Speech Recognition | Race condition allows privilege escalation. | Elevation of Privilege |
| CVE-2025-59509 | Windows Speech Recognition | Sensitive data exposure. | Information Disclosure |
| CVE-2025-59510 | Windows RRAS | Improper link resolution allows denial of service. | Denial of Service |
| CVE-2025-59511 | Windows WLAN Service | External control of file path allows privilege escalation. | Elevation of Privilege |
| CVE-2025-59512 | CEIP | Improper access control allows privilege escalation. | Elevation of Privilege |
| CVE-2025-59513 | Bluetooth RFCOM Driver | Out-of-bounds read discloses information. | Information Disclosure |
| CVE-2025-60703 | Windows RDP | Untrusted pointer dereference → privilege escalation. | Elevation of Privilege |
| CVE-2025-60704 | Windows Kerberos | Missing cryptographic step allows privilege escalation over network. | Elevation of Privilege |
| CVE-2025-60705 | Windows Client-Side Caching | Improper access control → privilege escalation. | Elevation of Privilege |
| CVE-2025-60706 | Windows Hyper-V | Out-of-bounds read discloses information. | Information Disclosure |
| CVE-2025-60707 | MMCSS Driver | Use-after-free allows privilege escalation. | Elevation of Privilege |
| CVE-2025-60708 | Storvsp.sys | Untrusted pointer dereference causes DoS. | Denial of Service |
| CVE-2025-60709 | Windows Common Log File System | Out-of-bounds read → privilege escalation. | Elevation of Privilege |
| CVE-2025-60710 | Host Process for Windows Tasks | Improper link resolution → privilege escalation. | Elevation of Privilege |
| CVE-2025-60726 | Microsoft Excel | Out-of-bounds read → info disclosure. | Information Disclosure |
| CVE-2025-60727 | Microsoft Excel | Out-of-bounds read → code execution. | Remote Code Execution |
| CVE-2025-60728 | Microsoft Excel | Pointer issue → network info disclosure. | Information Disclosure |
| CVE-2025-62206 | Dynamics 365 On-Prem | Information exposure. | Information Disclosure |
| CVE-2025-62210 | Dynamics 365 Field Service | Cross-site scripting → spoofing. | Spoofing |
| CVE-2025-62216 | Microsoft Office | Use-after-free allows code execution. | Remote Code Execution |
| CVE-2025-60719 | WinSock Driver | Pointer dereference → privilege escalation. | Elevation of Privilege |
| CVE-2025-60722 | OneDrive for Android | Path traversal allows privilege escalation. | Elevation of Privilege |
| CVE-2025-62217 | WinSock Driver | Race condition → privilege escalation. | Elevation of Privilege |
| CVE-2025-62218 | Wireless Provisioning System | Race condition → privilege escalation. | Elevation of Privilege |
| CVE-2025-62219 | Wireless Provisioning System | Double-free → privilege escalation. | Elevation of Privilege |
| CVE-2025-62220 | Windows Subsystem for Linux GUI | Heap overflow → remote code execution. | Remote Code Execution |
| CVE-2025-62452 | Windows RRAS | Heap overflow → remote code execution. | Remote Code Execution |
| CVE-2025-59240 | Microsoft Excel | Information disclosure. | Information Disclosure |
| CVE-2025-47179 | Configuration Manager | Improper access control → privilege escalation. | Elevation of Privilege |
| CVE-2025-59514 | Streaming Service Proxy | Privilege management flaw. | Elevation of Privilege |
| CVE-2025-59515 | DVR User Service | Use-after-free → privilege escalation. | Elevation of Privilege |
| CVE-2025-60713 | Windows RRAS | Pointer dereference → privilege escalation. | Elevation of Privilege |
| CVE-2025-60714 | Windows OLE | Heap overflow → code execution. | Remote Code Execution |
| CVE-2025-60715 | Windows RRAS | Heap overflow → remote code execution. | Remote Code Execution |
| CVE-2025-60717 | Windows DVR User Service | Use-after-free → privilege escalation. | Elevation of Privilege |
| CVE-2025-60718 | Windows Administrator Protection | Untrusted search path → privilege escalation. | Elevation of Privilege |
| CVE-2025-60720 | Windows TDI Translation Driver | Buffer over-read → privilege escalation. | Elevation of Privilege |
| CVE-2025-60723 | DirectX Graphics Kernel | Race condition → DoS. | Denial of Service |
| CVE-2025-62200 | Microsoft Excel | Pointer dereference → local code execution. | Remote Code Execution |
| CVE-2025-62201 | Microsoft Excel | Heap overflow → local code execution. | Remote Code Execution |
| CVE-2025-62202 | Microsoft Excel | Out-of-bounds read → info disclosure. | Information Disclosure |
| CVE-2025-62203 | Microsoft Excel | Use-after-free → code execution. | Remote Code Execution |
| CVE-2025-62204 | Microsoft SharePoint | Deserialization flaw → remote code execution. | Remote Code Execution |
| CVE-2025-62205 | Microsoft Office Word | Use-after-free → code execution. | Remote Code Execution |
| CVE-2025-62208 | Windows License Manager | Sensitive info written to logs. | Information Disclosure |
| CVE-2025-62209 | Windows License Manager | Sensitive info written to logs. | Information Disclosure |
| CVE-2025-59499 | SQL Server | SQL injection → privilege escalation. | Elevation of Privilege |
| CVE-2025-62211 | Dynamics 365 Field Service | XSS → spoofing. | Spoofing |
| CVE-2025-62215 | Windows Kernel (Zero-Day) | Race condition allows privilege escalation. | Elevation of Privilege (Exploited in the wild) |
| CVE-2025-62213 | WinSock Driver | Use-after-free → privilege escalation. | Elevation of Privilege |
| CVE-2025-62222 | VS Code CoPilot Chat Extension | Command injection → remote code execution. | Remote Code Execution |
| CVE-2025-62449 | VS Code CoPilot Chat Extension | Path traversal → security feature bypass. | Security Feature Bypass |
| CVE-2025-60721 | Windows Administrator Protection | Privilege context switching issue. | Elevation of Privilege |
| CVE-2025-62453 | GitHub Copilot + VS Code | Improper validation → security feature bypass. | Security Feature Bypass |
Recommendation
- Install the update immediately, especially due to the actively exploited zero-day (CVE-2025-62215).
Leave A Comment