Today is Microsoft’s November 2025 Patch Tuesday, which includes security updates for 63 flaws, including one actively exploited zero-day vulnerability.
This Patch Tuesday also addresses four “Critical” vulnerabilities, two of which are remote code execution vulnerabilities, one is an elevation of privileges, and the fourth is an information disclosure flaw.
The number of bugs in each vulnerability category is listed below:
- 29 Elevation of Privilege Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 16 Remote Code Execution Vulnerabilities
- 11 Information Disclosure Vulnerabilities
- 3 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
When BleepingComputer reports on the Patch Tuesday security updates, we only count those released today by Microsoft. Therefore, the number of flaws does not include Microsoft Edge and Mariner vulnerabilities fixed earlier this month.
Today is also the first extended security update (ESU) for Windows 10, so if you are still utilizing the unsupported operating system, it is strongly advised that you upgrade to Windows 11 or enroll in the ESU program.
For those who are having issues enrolling in the program, Microsoft released an out-of-band update today to fix an bug that prevents enrollments.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5066835 and KB5066793 updates and the Windows 10 KB5068781 extended security update.
If you’re facing delays, blind spots, or prioritization issues with Patch Tuesday updates, join our December 2 webinar with Action1 to learn how modern patch management helps you patch faster and reduce risk.
1 actively exploited zero-day
This month’s Patch Tuesday fixes one actively exploited zero-day flaw in the Windows Kernel.
Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available.
The exploited zero-days is:
CVE-2025-62215 – Windows Kernel Elevation of Privilege Vulnerability
Microsoft has patched a Windows Kernel flaw that was exploited to gain SYSTEM privilges on Windows devices.
“Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally,” explains Microsoft.
Microsoft says that the flaw requires an attackers to win a race condition, upon which they receive SYSTEM privileges.
Microsoft has attributed the flaw to Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC) but has not shared how the flaw was exploited.
Recent updates from other companies
Other vendors who released updates or advisories in November 2025 include:
- Adobe released security updates for InDesign, InCopy, PhotoShop, Illustrator, Substance 3D, Pass, and Adobe Format.
- Cisco released patches for multiple products, including Cisco ASA, Unified Contact Center, and Identity services. Cisco also warned this month that a new attack was discovered exploiting older flaws.
- expr-eval developers released patches to fix a critical RCE in the JavaScript library.
- Fortinet released a security update for a medium-severity elevation of privileges flaw in FortiOS.
- Google has released the Android’s November security bulletin with fixes for two vulnerabilities.
- Ivanti released security patches as part of its November 2025 Patch Tuesday updates.
- runC security updates fix flaws allowing attackers to escape Docker and Kubernetes containers.
- QNAP released security updates for seven zero-day vulnerabilities exploited to hack network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 hacking contest.
- SAP released the November security updates for multiple products, including a fix for a 10/10 harcoded credentials flaw in SQL Anywhere Monitor.
- Samsung released its November security updates with fixes for 25 flaws.
The November 2025 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the November 2025 Patch Tuesday updates.
To access the full description of each vulnerability and the systems it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Azure Monitor Agent | CVE-2025-59504 | Azure Monitor Agent Remote Code Execution Vulnerability | Important |
| Customer Experience Improvement Program (CEIP) | CVE-2025-59512 | Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability | Important |
| Dynamics 365 Field Service (online) | CVE-2025-62211 | Dynamics 365 Field Service (online) Spoofing Vulnerability | Important |
| Dynamics 365 Field Service (online) | CVE-2025-62210 | Dynamics 365 Field Service (online) Spoofing Vulnerability | Important |
| GitHub Copilot and Visual Studio Code | CVE-2025-62453 | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | Important |
| Host Process for Windows Tasks | CVE-2025-60710 | Host Process for Windows Tasks Elevation of Privilege Vulnerability | Important |
| Microsoft Configuration Manager | CVE-2025-47179 | Configuration Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Dynamics 365 (on-premises) | CVE-2025-62206 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-60724 | GDI+ Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-62216 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-62199 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Excel | CVE-2025-62200 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62201 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-60726 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62203 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62202 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-60727 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-60728 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-59240 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-62204 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-62205 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Streaming Service | CVE-2025-59514 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | Important |
| Microsoft Wireless Provisioning System | CVE-2025-62218 | Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability | Important |
| Microsoft Wireless Provisioning System | CVE-2025-62219 | Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability | Important |
| Multimedia Class Scheduler Service (MMCSS) | CVE-2025-60707 | Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability | Important |
| Nuance PowerScribe | CVE-2025-30398 | Nuance PowerScribe 360 Information Disclosure Vulnerability | Critical |
| OneDrive for Android | CVE-2025-60722 | Microsoft OneDrive for Android Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-60706 | Windows Hyper-V Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2025-59499 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important |
| Storvsp.sys Driver | CVE-2025-60708 | Storvsp.sys Driver Denial of Service Vulnerability | Important |
| Visual Studio | CVE-2025-62214 | Visual Studio Remote Code Execution Vulnerability | Critical |
| Visual Studio Code CoPilot Chat Extension | CVE-2025-62449 | Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability | Important |
| Visual Studio Code CoPilot Chat Extension | CVE-2025-62222 | Agentic AI and Visual Studio Code Remote Code Execution Vulnerability | Important |
| Windows Administrator Protection | CVE-2025-60721 | Windows Administrator Protection Elevation of Privilege Vulnerability | Important |
| Windows Administrator Protection | CVE-2025-60718 | Windows Administrator Protection Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-62217 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-60719 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-62213 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Bluetooth RFCOM Protocol Driver | CVE-2025-59513 | Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability | Important |
| Windows Broadcast DVR User Service | CVE-2025-59515 | Windows Broadcast DVR User Service Elevation of Privilege Vulnerability | Important |
| Windows Broadcast DVR User Service | CVE-2025-60717 | Windows Broadcast DVR User Service Elevation of Privilege Vulnerability | Important |
| Windows Client-Side Caching (CSC) Service | CVE-2025-60705 | Windows Client-Side Caching Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2025-60709 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows DirectX | CVE-2025-59506 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important |
| Windows DirectX | CVE-2025-60716 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Critical |
| Windows DirectX | CVE-2025-60723 | DirectX Graphics Kernel Denial of Service Vulnerability | Important |
| Windows Kerberos | CVE-2025-60704 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2025-62215 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows License Manager | CVE-2025-62208 | Windows License Manager Information Disclosure Vulnerability | Important |
| Windows License Manager | CVE-2025-62209 | Windows License Manager Information Disclosure Vulnerability | Important |
| Windows OLE | CVE-2025-60714 | Windows OLE Remote Code Execution Vulnerability | Important |
| Windows Remote Desktop | CVE-2025-60703 | Windows Remote Desktop Services Elevation of Privilege Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-62452 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-59510 | Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-60715 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-60713 | Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability | Important |
| Windows Smart Card | CVE-2025-59505 | Windows Smart Card Reader Elevation of Privilege Vulnerability | Important |
| Windows Speech | CVE-2025-59507 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important |
| Windows Speech | CVE-2025-59508 | Windows Speech Recognition Elevation of Privilege Vulnerability | Important |
| Windows Speech | CVE-2025-59509 | Windows Speech Recognition Information Disclosure Vulnerability | Important |
| Windows Subsystem for Linux GUI | CVE-2025-62220 | Windows Subsystem for Linux GUI Remote Code Execution Vulnerability | Important |
| Windows TDX.sys | CVE-2025-60720 | Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability | Important |
| Windows WLAN Service | CVE-2025-59511 | Windows WLAN Service Elevation of Privilege Vulnerability | Important |
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.