Microsoft Patches Critical Zero-Day and 63 Flaws

Microsoft’s November 2025 Patch Tuesday delivers vital security patches for 63 vulnerabilities, featuring one actively exploited zero-day and four critical issues. This monthly security release addresses a range of threats across Microsoft products, with two remote code execution flaws, one elevation of privilege, and one information disclosure vulnerability rated as critical. System administrators should prioritize deploying these updates to protect their networks from potential attacks.

The breakdown of vulnerabilities by category reveals 29 elevation of privilege flaws, 16 remote code execution risks, 11 information disclosure issues, 3 denial of service weaknesses, 2 security feature bypass problems, and 2 spoofing vulnerabilities. These figures represent only the security updates Microsoft released today and do not include earlier fixes for Microsoft Edge or Mariner vulnerabilities.

This month also marks the first extended security update (ESU) availability for Windows 10. Organizations continuing to use this unsupported operating system should either upgrade to Windows 11 or enroll in the ESU program immediately. For those experiencing enrollment difficulties, Microsoft has issued an out-of-band update specifically to resolve the enrollment blocking issue.

The actively exploited zero-day vulnerability, identified as CVE-2025-62215, affects the Windows Kernel and enables privilege escalation. Microsoft describes this as a race condition vulnerability where improper synchronization in concurrent execution allows authenticated attackers to elevate privileges locally. Successful exploitation requires the attacker to win the race condition, after which they gain SYSTEM privileges on affected Windows devices. While Microsoft’s Threat Intelligence Center and Security Response Center discovered this flaw, the company hasn’t disclosed specific details about how attackers are exploiting it in the wild.

Beyond the zero-day, this Patch Tuesday addresses numerous significant vulnerabilities across Microsoft’s product ecosystem. Critical remote code execution flaws affect Microsoft Office and Visual Studio, while critical information disclosure vulnerabilities impact Nuance PowerScribe. The updates also resolve multiple elevation of privilege vulnerabilities in Windows components including DirectX Graphics Kernel, Windows Administrator Protection, and various wireless provisioning services.

Remote code execution patches cover multiple products including Azure Monitor Agent, Microsoft Graphics Component, Office applications, SharePoint, Visual Studio, and Windows Routing and Remote Access Service. Information disclosure fixes address issues in Dynamics 365, Excel, Windows components, and various other services.

For comprehensive details about each vulnerability and affected systems, administrators should consult Microsoft’s full security update guide. Those managing large-scale deployments may benefit from additional resources about Windows 11 updates KB5066835 and KB5066793, plus Windows 10’s extended security update KB5068781.

Other technology vendors have also released security updates this month, though Microsoft’s Patch Tuesday remains the most significant regular security event for enterprise environments. The breadth of products affected, from operating system components to productivity software and development tools, underscores the importance of comprehensive patch management strategies.

Organizations struggling with patch deployment challenges, including delays or prioritization difficulties, should consider modern patch management solutions that can help accelerate update processes and reduce security risks across their infrastructure.

(Source: Bleeping Computer)