Today, Microsoft released its November 2025 Patch Tuesday, a fairly comprehensive security update that addresses 63 vulnerabilities, including a dangerous zero-day flaw that was already being actively exploited by attackers.
Additionally, this update fixes four critical vulnerabilities: two allow remote code execution, one involves privilege escalation, and the last one concerns the leakage of sensitive information.
Here’s a breakdown of how many bugs were fixed in each vulnerability category:
29 privilege escalation vulnerabilities
2 security feature bypass flaws
16 remote code execution (RCE) vulnerabilities
11 information disclosure vulnerabilities
3 denial of service (DoS) vulnerabilities
2 spoofing vulnerabilities
It’s important to note that this count includes only the vulnerabilities addressed in today’s update, excluding those related to Microsoft Edge and the Mariner system, which were fixed earlier this month.
Moreover, this update marks a significant milestone: it is the first Extended Security Update (ESU) for Windows 10. If you’re still using this operating system, it’s recommended to upgrade to Windows 11 or enroll in the ESU program to continue receiving security patches and keep your systems protected from new threats.
Microsoft’s Patch Tuesday includes a fix for a zero-day vulnerability that was already being actively exploited in the Windows kernel.
The vulnerability in question is CVE-2025-62215, a privilege escalation flaw in the Windows kernel. According to Microsoft, the issue arises from a race condition—a simultaneous execution that shares resources with improper synchronization—that allows a local attacker to escalate privileges to SYSTEM level, the highest within the operating system.
In simple terms, this means an attacker could gain full control over the compromised device.
Microsoft credits the discovery to the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC), although it has not disclosed details about how exactly the vulnerability was being exploited in real-world attacks.
The recommendation is clear: install the security updates as soon as possible to prevent this flaw from remaining an open door to potential attacks.
Read more: Most Exploited Zero-Day Vulnerabilities in 2025
Here are all the vulnerabilities Microsoft addressed in its November 2025 update. This is a significant package that strengthens the security of the operating system and several key company products.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Azure Monitor Agent | CVE-2025-59504 | Azure Monitor Agent Remote Code Execution Vulnerability | Important |
| Customer Experience Improvement Program (CEIP) | CVE-2025-59512 | Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability | Important |
| Dynamics 365 Field Service (online) | CVE-2025-62211 | Dynamics 365 Field Service (online) Spoofing Vulnerability | Important |
| Dynamics 365 Field Service (online) | CVE-2025-62210 | Dynamics 365 Field Service (online) Spoofing Vulnerability | Important |
| GitHub Copilot and Visual Studio Code | CVE-2025-62453 | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | Important |
| Host Process for Windows Tasks | CVE-2025-60710 | Host Process for Windows Tasks Elevation of Privilege Vulnerability | Important |
| Microsoft Configuration Manager | CVE-2025-47179 | Configuration Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Dynamics 365 (on-premises) | CVE-2025-62206 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-60724 | GDI+ Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-62216 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-62199 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Excel | CVE-2025-62200 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62201 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-60726 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62203 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62202 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-60727 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-60728 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-59240 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-62204 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-62205 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Streaming Service | CVE-2025-59514 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | Important |
| Microsoft Wireless Provisioning System | CVE-2025-62218 | Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability | Important |
| Microsoft Wireless Provisioning System | CVE-2025-62219 | Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability | Important |
| Multimedia Class Scheduler Service (MMCSS) | CVE-2025-60707 | Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability | Important |
| Nuance PowerScribe | CVE-2025-30398 | Nuance PowerScribe 360 Information Disclosure Vulnerability | Critical |
| OneDrive for Android | CVE-2025-60722 | Microsoft OneDrive for Android Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2025-60706 | Windows Hyper-V Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2025-59499 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important |
| Storvsp.sys Driver | CVE-2025-60708 | Storvsp.sys Driver Denial of Service Vulnerability | Important |
| Visual Studio | CVE-2025-62214 | Visual Studio Remote Code Execution Vulnerability | Critical |
| Visual Studio Code CoPilot Chat Extension | CVE-2025-62449 | Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability | Important |
| Visual Studio Code CoPilot Chat Extension | CVE-2025-62222 | Agentic AI and Visual Studio Code Remote Code Execution Vulnerability | Important |
| Windows Administrator Protection | CVE-2025-60721 | Windows Administrator Protection Elevation of Privilege Vulnerability | Important |
| Windows Administrator Protection | CVE-2025-60718 | Windows Administrator Protection Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-62217 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-60719 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2025-62213 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Bluetooth RFCOM Protocol Driver | CVE-2025-59513 | Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability | Important |
| Windows Broadcast DVR User Service | CVE-2025-59515 | Windows Broadcast DVR User Service Elevation of Privilege Vulnerability | Important |
| Windows Broadcast DVR User Service | CVE-2025-60717 | Windows Broadcast DVR User Service Elevation of Privilege Vulnerability | Important |
| Windows Client-Side Caching (CSC) Service | CVE-2025-60705 | Windows Client-Side Caching Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2025-60709 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows DirectX | CVE-2025-59506 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important |
| Windows DirectX | CVE-2025-60716 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Critical |
| Windows DirectX | CVE-2025-60723 | DirectX Graphics Kernel Denial of Service Vulnerability | Important |
| Windows Kerberos | CVE-2025-60704 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2025-62215 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows License Manager | CVE-2025-62208 | Windows License Manager Information Disclosure Vulnerability | Important |
| Windows License Manager | CVE-2025-62209 | Windows License Manager Information Disclosure Vulnerability | Important |
| Windows OLE | CVE-2025-60714 | Windows OLE Remote Code Execution Vulnerability | Important |
| Windows Remote Desktop | CVE-2025-60703 | Windows Remote Desktop Services Elevation of Privilege Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-62452 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-59510 | Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-60715 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-60713 | Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability | Important |
| Windows Smart Card | CVE-2025-59505 | Windows Smart Card Reader Elevation of Privilege Vulnerability | Important |
| Windows Speech | CVE-2025-59507 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important |
| Windows Speech | CVE-2025-59508 | Windows Speech Recognition Elevation of Privilege Vulnerability | Important |
| Windows Speech | CVE-2025-59509 | Windows Speech Recognition Information Disclosure Vulnerability | Important |
| Windows Subsystem for Linux GUI | CVE-2025-62220 | Windows Subsystem for Linux GUI Remote Code Execution Vulnerability | Important |
| Windows TDX.sys | CVE-2025-60720 | Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability | Important |
| Windows WLAN Service | CVE-2025-59511 | Windows WLAN Service Elevation of Privilege Vulnerability | Important |
The November 2025 Patch Tuesday marks a particularly important month for Windows users and system administrators. With 63 vulnerabilities fixed, Microsoft reinforces its commitment to the security of its platforms and products.
At TecnetOne, we know that security isn’t just about applying patches—it’s about building a preventive culture based on best practices, reliable technology, and rapid response to threats. Keep your systems up to date and your infrastructure protected: cybersecurity starts with staying one step ahead.