Microsoft Tackles 1 Zero-Day and 63 Fixes in November 2025 Patch Tuesday

It’s that time again – Patch Tuesday is here. This November, Microsoft rolled out fixes for 63 security flaws, featuring one actively exploited zero-day and four Critical vulnerabilities.

Today also marks the release of the first Extended Security Update (ESU) for Windows 10. Organizations still using this unsupported operating system are strongly encouraged to upgrade to Windows 11 or participate in the ESU program to continue receiving security updates.

Once again, Elevation of Privilege (EoP) vulnerabilities top the list, closely followed by Remote Code Execution (RCE) flaws.

This zero-day vulnerability in the Windows Kernel allows authenticated local attackers to gain SYSTEM privileges by exploiting a race condition in a shared resource. The issue has been given a CVSS rating of Important, and Microsoft confirms that the flaw was actively exploited in the wild before the patch was released. Affected systems include various Windows versions (Kernel component). Because the attacker must already have some local access, this is a post-compromise privilege escalation scenario.

A use-after-free vulnerability in Microsoft Office that may allow an attacker to execute arbitrary code remotely when a user opens or previews a malicious file.

An information disclosure vulnerability in Nuance PowerScribe 360 that allows an unauthenticated attacker to access sensitive data via a network API endpoint missing proper authorization.

A command-injection flaw in Microsoft Visual Studio’s AI/agent capabilities that may permit code execution when an attacker crafts malicious prompt/input for the AI agent and triggers a build.

This is a kernel e-privilege vulnerability in Windows DirectX graphics subsystem (use-after-free) that allows local, authenticated attackers to elevate to SYSTEM via a race condition.

The full list of affected products is as follows:

• Azure Monitor Agent
• Customer Experience Improvement Program (CEIP)
• Dynamics 365 Field Service (online)
• GitHub Copilot and Visual Studio Code
• Host Process for Windows Tasks
• Microsoft Configuration Manager
• Microsoft Dynamics 365 (on-premises)
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Office Word
• Microsoft Streaming Service
• Microsoft Wireless Provisioning System
• Multimedia Class Scheduler Service (MMCSS)
• Nuance PowerScribe
• OneDrive for Android
• Role: Windows Hyper-V
• SQL Server
• Storvsp.sys Driver
• Visual Studio
• Visual Studio Code CoPilot Chat Extension
• Windows Administrator Protection
• Windows Ancillary Function Driver for WinSock
• Windows Bluetooth RFCOM Protocol Driver
• Windows Broadcast DVR User Service
• Windows Client-Side Caching (CSC) Service
• Windows Common Log File System Driver
• Windows DirectX
• Windows Kerberos
• Windows Kernel
• Windows License Manager
• Windows OLE
• Windows Remote Desktop
• Windows Routing and Remote Access Service (RRAS)
• Windows Smart Card
• Windows Speech
• Windows Subsystem for Linux GUI
• Windows TDX.sys
• Windows WLAN Service

Microsoft has provided fixes for all of these products. It is recommended that users apply these updates as soon as possible.

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.