November Patch Tuesday 2025: Microsoft Fixes 63 Flaws, Including an Exploited Windows Zero-Day
In its November Patch Tuesday release, Microsoft addressed 63 vulnerabilities, including a critical zero-day flaw that had already been exploited in the wild. This month’s patches span a broad spectrum of Windows components and Microsoft products — from the operating-system kernel to the Office suite and various cloud services.
According to the company, the most severe issue affected the Windows kernel and allowed attackers to obtain system-level privileges through a race-condition flaw. Indexed as CVE-2025-62215, the vulnerability enabled local privilege escalation by exploiting improper synchronization during shared-resource access. Evidence of its active exploitation was provided by Microsoft’s internal threat-intelligence team.
Among the remaining vulnerabilities, 29 involve privilege escalation, 16 permit remote code execution, 11 expose sensitive information, 3 can cause denial of service, 2 bypass security mechanisms, and 2 relate to data tampering. Four vulnerabilities were rated critical, primarily due to their potential to enable remote execution of arbitrary code.
Updates were released for both modern and legacy Windows versions. Notably, Windows 10 — now under extended support — received an update, including an out-of-band fix for an issue preventing users from registering for the ESU program. Microsoft also released KB5066835 and KB5066793 for Windows 11, and KB5068781 for Windows 10.
Several other vendors issued coordinated updates alongside Microsoft. Adobe patched flaws in InDesign, Illustrator, Photoshop, and other products. Cisco fixed vulnerabilities across multiple solutions — including ASA and identity systems — and warned of renewed exploitation of older bugs. A critical remote code execution flaw was eliminated in the expr-eval JavaScript library. Fortinet released patches for FortiOS to address a privilege-escalation issue. Google’s November Android bulletin closed two vulnerabilities. Ivanti, SAP, Samsung, and QNAP also issued their monthly updates; notably, QNAP patched seven zero-day vulnerabilities showcased at Pwn2Own Ireland 2025.
This month’s release gives particular weight to vulnerabilities in Microsoft Office, including Excel and Word, where Microsoft resolved issues ranging from information disclosure to execution of malicious code triggered simply by opening a document. Additional flaws were identified in Windows Kerberos, DirectX components, Bluetooth and Wi-Fi drivers, Remote Desktop, and the Windows Subsystem for Linux GUI. Some vulnerabilities also affected Visual Studio and CoPilot extensions, underscoring the exposure of developer tooling.
Microsoft has published the full list of patched vulnerabilities in its official documentation. Given active exploitation of several flaws, applying the latest updates without delay is strongly advised.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
