November Patch Tuesday: Microsoft Fixes 68 Flaws, Including Kernel Zero-Day Under Active Exploitation
Ddos 
Microsoft has released its November 2025 Patch Tuesday, addressing a total of 68 vulnerabilities, including a high-priority zero-day flaw already being actively exploited in the wild. This critical update package, which includes five critical-severity and 64 important-severity fixes, is essential for organizations to shore up their defenses against immediate threats.
The updates span key products like SQL Server, Windows Hyper-V, Visual Studio, Windows Kernel, Windows WLAN Service, and more.
The most urgent patch is for a zero-day vulnerability in the Windows Kernel: CVE-2025-62215 – Windows Kernel Elevation of Privilege Vulnerability. This flaw is an Elevation of Privilege (EoP) vulnerability. Successful exploitation may allow an authenticated attacker to gain SYSTEM privileges. The attacker must win a race condition to successfully exploit this vulnerability.
In addition to the zero-day, four other flaws have been rated as Critical severity, posing a significant risk of Remote Code Execution (RCE) or high-level Elevation of Privilege (EoP).
| CVE ID | Vulnerability Type | Component | Attack Vector |
| CVE-2025-60724 | Remote Code Execution (RCE) | GDI+ (Microsoft Graphics Component) | An unauthenticated attacker could exploit a heap-based buffer overflow by convincing a user to download and open a specially crafted metafile. |
| CVE-2025-62199 | Remote Code Execution (RCE) | Microsoft Office | A use-after-free flaw could allow an unauthenticated attacker to execute code locally. Exploitation requires the attacker to send a malicious file and convince the user to open it. |
| CVE-2025-60716 | Elevation of Privilege (EoP) | DirectX Graphics Kernel | A use-after-free vulnerability in Windows DirectX could allow an authenticated attacker to elevate their local privileges to SYSTEM. The attacker must also win a race condition. |
| CVE-2025-62214 | Remote Code Execution (RCE) | Visual Studio | A command injection vulnerability may allow an authenticated attacker to execute code locally. |
One notable Important-severity flaw addresses a serious information disclosure risk: CVE-2025-30398 – Nuance PowerScribe 360 Information Disclosure Vulnerability. The vulnerability stems from missing authorization in Nuance PowerScribe. An unauthenticated attacker can exploit this flaw over a network by making a specific API call. This could lead to the disclosure of sensitive information on the server.
Microsoft also included fixes for five vulnerabilities in its Chromium-based Edge browser.
Given the active exploitation of the Windows Kernel zero-day, IT teams must prioritize and deploy these security patches immediately.
Related Posts:
- New Google Mandate: All Android Apps Must Support 16KB Page Size by November 1, 2025
- Android Zero-Click RCE (CVE-2025-48593) in System Component Requires Immediate Patch for Versions 13-16
- The Fix is Coming: Microsoft Acknowledges and Mitigates Widespread Driver Error 0x80070103
- CISA & Microsoft Warn of 6 Actively Exploited Zero-Day Vulnerabilities
- Microsoft May 2025 Patch Tuesday Fixes 83 Vulnerabilities, Including 5 Exploited in the Wild
Donate