Microsoft November 2025 Patch Tuesday Fixes 63 New Vulnerabilities Including 1 Actively Exploited Zero-Day
Dave W. Shanahan 7 minutes read
Microsoft’s November 2025 Patch Tuesday update addresses 63 security vulnerabilities across its software product portfolio, including one actively exploited zero-day flaw. The update features critical patches for remote code execution and privilege escalation vulnerabilities that pose significant threat risks, urging users and organizations to promptly apply the fixes.
November 11, 2025 Patch Tuesday Security Vulnerabilities Fixed
As reported by Bleeping Computer, Microsoft’s November 2025 Patch Tuesday fixed 63 vulnerabilities in total, of which five are rated “Critical” severity. Among these critical patches are remote code execution (RCE) flaws and elevation of privilege (EoP) issues that attackers commonly exploit to gain control or move laterally within systems.
The most concerning flaw is CVE-2025-62215, a zero-day vulnerability in the Windows Kernel allowing local privilege escalation through a race condition. It is the only actively exploited zero-day observed “in the wild,” making it urgent for all Windows users to install this update.
Other critical flaws include a remote code execution vulnerability in GDI+ (graphics component), which can be triggered by opening a malicious document or uploading a crafted metafile, and additional elevation of privilege bugs impacting Windows components.
The update also fixes 29 elevation of privilege vulnerabilities, 16 remote code execution bugs, 11 information disclosure issues, 3 denial-of-service vulnerabilities, and various spoofing and security bypass flaws across Windows, Office, Azure, Visual Studio, and related products.
Broad Product Coverage
This Patch Tuesday release touches multiple Microsoft technologies:
Windows Kernel, GDI+, and Windows components including License Manager and Speech Recognition.
Microsoft Office suite components like Excel.
Azure components such as the Monitor Agent.
Developer tools including Visual Studio and GitHub Copilot.
Dynamics 365 products are affected by spoofing and cross-site scripting vulnerabilities.
Additional Features and Fixes for Windows 11
Beyond security, Microsoft released Windows 11 updates (KB5068861 and KB5067112) introducing UI improvements like a redesigned Start menu and better battery icon behavior, plus fixes for Task Manager bugs. These cumulative updates enhance system stability alongside security reinforcement.
Extended Security Updates for Windows 10
Noteworthy in this Patch Tuesday is the release of the first Extended Security Update (ESU) for Windows 10 (KB5068781), available after support ended last month. This allows Windows 10 users requiring continued security patches to maintain protection, though migration to Windows 11 remains recommended.
Importance of Immediate Patching
With 63 vulnerabilities patched, including a zero-day actively exploited, this Patch Tuesday, Microsoft stresses onboarding these updates rapidly to minimize attack surface exposure. The rapidly evolving threat landscape and demonstrated exploitation necessitate a proactive patch management approach.
Summary of Vulnerability Counts by Type
| Vulnerability Type | Count |
|---|---|
| Elevation of Privilege (EoP) | 29 |
| Remote Code Execution (RCE) | 16 |
| Information Disclosure | 11 |
| Denial of Service | 3 |
| Spoofing | 2 |
| Security Feature Bypass | 2 |
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Azure Monitor Agent | CVE-2025-59504 | Azure Monitor Agent Remote Code Execution Vulnerability | Important |
| Customer Experience Improvement Program (CEIP) | CVE-2025-59512 | Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability | Important |
| Dynamics 365 Field Service (online) | CVE-2025-62211 | Dynamics 365 Field Service (online) Spoofing Vulnerability | Important |
| Dynamics 365 Field Service (online) | CVE-2025-62210 | Dynamics 365 Field Service (online) Spoofing Vulnerability | Important |
| GitHub Copilot and Visual Studio Code | CVE-2025-62453 | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | Important |
| Host Process for Windows Tasks | CVE-2025-60710 | Host Process for Windows Tasks Elevation of Privilege Vulnerability | Important |
| Microsoft Configuration Manager | CVE-2025-47179 | Configuration Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Dynamics 365 (on-premises) | CVE-2025-62206 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-60724 | GDI+ Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-62216 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-62199 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Excel | CVE-2025-62200 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62201 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-60726 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62203 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62202 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-60727 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-60728 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-59240 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-62204 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-62205 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Streaming Service | CVE-2025-59514 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | Important |
| Microsoft Wireless Provisioning System | CVE-2025-62218 | Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability | Important |
| Microsoft Wireless Provisioning System | CVE-2025-62219 | Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability | Important |
| Multimedia Class Scheduler Service (MMCSS) | CVE-2025-60707 | Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability | Important |
| Nuance PowerScribe | CVE-2025-30398 | Nuance PowerScribe 360 Information Disclosure Vulnerability | Critical |
| OneDrive for Android | CVE-2025-60722 | Microsoft OneDrive for Android Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-60706 | Windows Hyper-V Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2025-59499 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important |
| Storvsp.sys Driver | CVE-2025-60708 | Storvsp.sys Driver Denial of Service Vulnerability | Important |
| Visual Studio | CVE-2025-62214 | Visual Studio Remote Code Execution Vulnerability | Critical |
| Visual Studio Code CoPilot Chat Extension | CVE-2025-62449 | Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability | Important |
| Visual Studio Code CoPilot Chat Extension | CVE-2025-62222 | Agentic AI and Visual Studio Code Remote Code Execution Vulnerability | Important |
| Windows Administrator Protection | CVE-2025-60721 | Windows Administrator Protection Elevation of Privilege Vulnerability | Important |
| Windows Administrator Protection | CVE-2025-60718 | Windows Administrator Protection Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-62217 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-60719 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-62213 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Bluetooth RFCOM Protocol Driver | CVE-2025-59513 | Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability | Important |
| Windows Broadcast DVR User Service | CVE-2025-59515 | Windows Broadcast DVR User Service Elevation of Privilege Vulnerability | Important |
| Windows Broadcast DVR User Service | CVE-2025-60717 | Windows Broadcast DVR User Service Elevation of Privilege Vulnerability | Important |
| Windows Client-Side Caching (CSC) Service | CVE-2025-60705 | Windows Client-Side Caching Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2025-60709 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows DirectX | CVE-2025-59506 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important |
| Windows DirectX | CVE-2025-60716 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Critical |
| Windows DirectX | CVE-2025-60723 | DirectX Graphics Kernel Denial of Service Vulnerability | Important |
| Windows Kerberos | CVE-2025-60704 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2025-62215 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows License Manager | CVE-2025-62208 | Windows License Manager Information Disclosure Vulnerability | Important |
| Windows License Manager | CVE-2025-62209 | Windows License Manager Information Disclosure Vulnerability | Important |
| Windows OLE | CVE-2025-60714 | Windows OLE Remote Code Execution Vulnerability | Important |
| Windows Remote Desktop | CVE-2025-60703 | Windows Remote Desktop Services Elevation of Privilege Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-62452 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-59510 | Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-60715 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-60713 | Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability | Important |
| Windows Smart Card | CVE-2025-59505 | Windows Smart Card Reader Elevation of Privilege Vulnerability | Important |
| Windows Speech | CVE-2025-59507 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important |
| Windows Speech | CVE-2025-59508 | Windows Speech Recognition Elevation of Privilege Vulnerability | Important |
| Windows Speech | CVE-2025-59509 | Windows Speech Recognition Information Disclosure Vulnerability | Important |
| Windows Subsystem for Linux GUI | CVE-2025-62220 | Windows Subsystem for Linux GUI Remote Code Execution Vulnerability | Important |
| Windows TDX.sys | CVE-2025-60720 | Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability | Important |
| Windows WLAN Service | CVE-2025-59511 | Windows WLAN Service Elevation of Privilege Vulnerability | Important |
Don’t forget to check out other Microsoft news happening today, including Microsoft’s $10 Billion AI Data Center in Portugal: Leading Europe’s $16B AI Infrastructure Boom and see what BlueCodeAgent is doing for AI Code Security. This month’s Patch Tuesday underscores Microsoft’s continued commitment to fixing emerging threats across its wide product ecosystem to protect users from sophisticated cyberattacks. For more Patch Tuesday coverage, check out our dedicated page.
About The Author
Discover more from Microsoft News Now
Subscribe to get the latest posts sent to your email.
