You are currently viewing Microsoft Tackles 1 Zero-Day and 63 Fixes in November 2025 Patch Tuesday

Microsoft Tackles 1 Zero-Day and 63 Fixes in November 2025 Patch Tuesday

  • Post author:
  • Reading time:4 mins read

It’s that time again – Patch Tuesday is here. This November, Microsoft rolled out fixes for 63 security flaws, featuring one actively exploited zero-day and four Critical vulnerabilities.

Today also marks the release of the first Extended Security Update (ESU) for Windows 10. Organizations still using this unsupported operating system are strongly encouraged to upgrade to Windows 11 or participate in the ESU program to continue receiving security updates.

Once again, Elevation of Privilege (EoP) vulnerabilities top the list, closely followed by Remote Code Execution (RCE) flaws.

Summary Overview

CategoryNumber of Flaws
Total Vulnerabilities63
Zero-Days1 (actively exploited)
Critical4
Elevation of Privilege29
Remote Code Execution16
Information Disclosure11
Denial of Service3
Security Feature Bypass2
Spoofing2

Key takeaway: Local privilege escalations remain the most common vulnerability type, but several RCE and information disclosure issues elevate this month’s risk profile.

Vulnerability Highlights

CVE-2025-62215: Windows Kernel Elevation of Privilege (Zero-Day)

This zero-day vulnerability in the Windows Kernel allows authenticated local attackers to gain SYSTEM privileges by exploiting a race condition in a shared resource.
The issue has been given a CVSS rating of Important, and Microsoft confirms that the flaw was actively exploited in the wild before the patch was released. Affected systems include various Windows versions (Kernel component). Because the attacker must already have some local access, this is a post-compromise privilege escalation scenario.

CVE-2025-62199: Microsoft Office Remote Code Execution Vulnerability (Critical)

A use-after-free vulnerability in Microsoft Office that may allow an attacker to execute arbitrary code remotely when a user opens or previews a malicious file.

CVE-2025-30398: Nuance PowerScribe 360 Information Disclosure Vulnerability (Critical)

An information disclosure vulnerability in Nuance PowerScribe 360 that allows an unauthenticated attacker to access sensitive data via a network API endpoint missing proper authorization.

CVE-2025-62214: Visual Studio Remote Code Execution Vulnerability (Critical)

A command-injection flaw in Microsoft Visual Studio’s AI/agent capabilities that may permit code execution when an attacker crafts malicious prompt/input for the AI agent and triggers a build.

CVE-2025-60716: DirectX Graphics Kernel Elevation of Privilege (Critical)

This is a kernel e-privilege vulnerability in Windows DirectX graphics subsystem (use-after-free) that allows local, authenticated attackers to elevate to SYSTEM via a race condition.

Affected Products and Solutions

The full list of affected products is as follows:

  • Azure Monitor Agent
  • Customer Experience Improvement Program (CEIP)
  • Dynamics 365 Field Service (online)
  • GitHub Copilot and Visual Studio Code
  • Host Process for Windows Tasks
  • Microsoft Configuration Manager
  • Microsoft Dynamics 365 (on-premises)
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft Streaming Service
  • Microsoft Wireless Provisioning System
  • Multimedia Class Scheduler Service (MMCSS)
  • Nuance PowerScribe
  • OneDrive for Android
  • Role: Windows Hyper-V
  • SQL Server
  • Storvsp.sys Driver
  • Visual Studio
  • Visual Studio Code CoPilot Chat Extension
  • Windows Administrator Protection
  • Windows Ancillary Function Driver for WinSock
  • Windows Bluetooth RFCOM Protocol Driver
  • Windows Broadcast DVR User Service
  • Windows Client-Side Caching (CSC) Service
  • Windows Common Log File System Driver
  • Windows DirectX
  • Windows Kerberos
  • Windows Kernel
  • Windows License Manager
  • Windows OLE
  • Windows Remote Desktop
  • Windows Routing and Remote Access Service (RRAS)
  • Windows Smart Card
  • Windows Speech
  • Windows Subsystem for Linux GUI
  • Windows TDX.sys
  • Windows WLAN Service

Remediation:

Microsoft has provided fixes for all of these products. It is recommended that users apply these updates as soon as possible.

Instantly Fix Risks with Saner Patch Management

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.