Microsoft Patch Tuesday, November 2025 Security Update Review
Microsoft released its November Patch Tuesday Security Updates. Here’s a quick breakdown of what you need to know.
This month’s release addresses 68 vulnerabilities, including five critical and 59 important-severity vulnerabilities.
In this month’s updates, Microsoft has addressed a zero-day vulnerability that was being exploited in the wild.
Microsoft has addressed five vulnerabilities in Microsoft Edge (Chromium-based) in this month’s updates.
Microsoft Patch Tuesday, November edition, includes updates for vulnerabilities in SQL Server, Windows Hyper-V, Visual Studio, Windows Kernel, Windows WLAN Service, Customer Experience Improvement Program (CEIP), and more.
From elevation of privilege flaws to remote code execution risks, this month’s patches are essential for organizations aiming to maintain a robust security posture.
The November 2025 Microsoft vulnerabilities are classified as follows:
| Vulnerability Category | Quantity | Severities |
| Spoofing Vulnerability | 2 | Important: 2 |
| Denial of Service Vulnerability | 3 | Important: 3 |
| Elevation of Privilege Vulnerability | 29 | Critical: 1 Important: 28 |
| Security Feature Bypass Vulnerability | 2 | Important: 2 |
| Information Disclosure Vulnerability | 11 | Critical: 1 Important: 10 |
| Remote Code Execution Vulnerability | 16 | Critical: 3 Important: 13 |
Zero-day Vulnerabilities Patched in November Patch Tuesday Edition
CVE-2025-62215: Windows Kernel Elevation of Privilege Vulnerability
Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privileges. An attacker must win a race condition to exploit the vulnerability.
Critical Severity Vulnerabilities Patched in November Patch Tuesday Edition
CVE-2025-60724: GDI+ Remote Code Execution Vulnerability
A heap-based buffer overflow flaw in the Microsoft Graphics Component may allow an unauthenticated attacker to execute code over a network. An attacker could exploit this vulnerability by convincing a user to download and open a document containing a specially crafted metafile.
CVE-2025-62199: Microsoft Office Remote Code Execution Vulnerability
A use-after-free vulnerability in Microsoft Office may allow an unauthenticated attacker to execute code locally. For successful exploitation of the vulnerability, an attacker must send the user a malicious file and convince them to open it.
CVE-2025-60716: DirectX Graphics Kernel Elevation of Privilege Vulnerability
A use-after-free vulnerability in Windows DirectX may allow an authenticated attacker to elevate their local privileges. An attacker must win a race condition to exploit the vulnerability. Upon successful exploitation, an attacker could gain SYSTEM privileges.
CVE-2025-62214: Visual Studio Remote Code Execution Vulnerability
A command injection vulnerability in Visual Studio may allow an authenticated attacker to execute code locally.
CVE-2025-30398: Nuance PowerScribe 360 Information Disclosure Vulnerability
Missing authorization in Nuance PowerScribe may allow an unauthenticated attacker to disclose information over a network. An unauthenticated attacker could exploit this vulnerability by making an API call to a specific endpoint. The attacker could then use the data to gain access to sensitive information on the server.
Other Microsoft Vulnerability Highlights
- CVE-2025-59512 is an elevation of privilege vulnerability in the Customer Experience Improvement Program (CEIP). An improper access control flaw may allow an authenticated attacker to gain SYSTEM privileges.
- CVE-2025-60705 is an elevation of privilege vulnerability in the Windows Client-Side Caching. An improper access control flaw may allow an authenticated attacker to gain administrator privileges.
- CVE-2025-60719 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
- CVE-2025-62217 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
- CVE-2025-62213 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Microsoft Release Summary
This month’s release notes cover multiple Microsoft product families and products/versions affected, including, but not limited to, Nuance PowerScribe, Microsoft Configuration Manager, Microsoft Office Excel, Azure Monitor Agent, Windows Smart Card, Windows DirectX, Windows Speech, Windows Routing and Remote Access Service (RRAS), Windows Bluetooth RFCOM Protocol Driver, Microsoft Streaming Service, Windows Broadcast DVR User Service, Windows Remote Desktop, Windows Kerberos, Windows Client-Side Caching (CSC) Service, Multimedia Class Scheduler Service (MMCSS), Storvsp.sys Driver, Windows Common Log File System Driver, Host Process for Windows Tasks, Windows OLE, Windows Administrator Protection, Windows Ancillary Function Driver for WinSock, Windows TDX.sys, OneDrive for Android, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Office Word, Microsoft Dynamics 365 (on-premises), Windows License Manager, Dynamics 365 Field Service (online), Microsoft Wireless Provisioning System, Windows Subsystem for Linux GUI, Visual Studio Code CoPilot Chat Extension, GitHub Copilot and Visual Studio Code, and Microsoft Edge (Chromium-based).
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Qualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledgebase (KB).
You can see all your impacted hosts by these vulnerabilities using the following QQL query:
vulnerabilities.vulnerability: ( qid: 110510 or qid: 110511 or qid: 385929 or qid: 385930 or qid: 385931 or qid: 92327 or qid: 92328 or qid: 92329 or qid: 92330 or qid: 92331 or qid: 92332 )
Rapid Response with TruRisk
Eliminate
Patch to the Latest Version
VMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the “Missing” patches to identify and deploy the applicable, available patches with one click.
The following QQL will return the missing patches for this Patch Tuesday:
( qid: 110510 or qid: 110511 or qid: 385929 or qid: 385930 or qid: 385931 or qid: 92327 or qid: 92328 or qid: 92329 or qid: 92330 or qid: 92331 or qid: 92332 )
Visit the November 2025 Security Updates to access the full description of each vulnerability and the systems it affects.
Qualys customers can scan their network with QIDs 110510, 110511, 385929, 385930, 385931, 92327, 92328, 92329, 92330, 92331, and 92332 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References:
https://msrc.microsoft.com/update-guide
https://msrc.microsoft.com/update-guide/releaseNote/2025-Nov
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60724
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62199
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60716
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62214
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30398
Comments are closed.