Microsoft released its November Patch Tuesday Security Updates. Here’s a quick breakdown of what you need to know.
Microsoft Patch Tuesday for November 2025
This month’s release addresses 68 vulnerabilities, including five critical and 64 important-severity vulnerabilities.
In this month’s updates, Microsoft has addressed a zero-day vulnerability that was being exploited in the wild.
Microsoft has addressed five vulnerabilities in Microsoft Edge (Chromium-based) in this month’s updates.
Microsoft Patch Tuesday, November edition, includes updates for vulnerabilities in SQL Server, Windows Hyper-V, Visual Studio, Windows Kernel, Windows WLAN Service, Customer Experience Improvement Program (CEIP), and more.
From elevation of privilege flaws to remote code execution risks, this month’s patches are essential for organizations aiming to maintain a robust security posture.
The November 2025 Microsoft vulnerabilities are classified as follows:
| Vulnerability Category | Quantity | Severities |
| Spoofing Vulnerability | 2 | Important: 2 |
| Denial of Service Vulnerability | 3 | Important: 3 |
| Elevation of Privilege Vulnerability | 29 | Critical: 1 Important: 28 |
| Security Feature Bypass Vulnerability | 2 | Important: 2 |
| Information Disclosure Vulnerability | 11 | Critical: 1 Important: 10 |
| Remote Code Execution Vulnerability | 16 | Critical: 3 Important: 13 |
Zero-day Vulnerabilities Patched in November Patch Tuesday Edition
CVE-2025-62215: Windows Kernel Elevation of Privilege Vulnerability
Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privileges. An attacker must win a race condition to exploit the vulnerability.
Critical Severity Vulnerabilities Patched in November Patch Tuesday Edition
CVE-2025-60724: GDI+ Remote Code Execution Vulnerability
A heap-based buffer overflow flaw in the Microsoft Graphics Component may allow an unauthenticated attacker to execute code over a network. An attacker could exploit this vulnerability by convincing a user to download and open a document containing a specially crafted metafile.
CVE-2025-62199: Microsoft Office Remote Code Execution Vulnerability
A use-after-free vulnerability in Microsoft Office may allow an unauthenticated attacker to execute code locally. For successful exploitation of the vulnerability, an attacker must send the user a malicious file and convince them to open it.
CVE-2025-60716: DirectX Graphics Kernel Elevation of Privilege Vulnerability
A use-after-free vulnerability in Windows DirectX may allow an authenticated attacker to elevate their local privileges. An attacker must win a race condition to exploit the vulnerability. Upon successful exploitation, an attacker could gain SYSTEM privileges.
CVE-2025-62214: Visual Studio Remote Code Execution Vulnerability
A command injection vulnerability in Visual Studio may allow an authenticated attacker to execute code locally.
CVE-2025-30398: Nuance PowerScribe 360 Information Disclosure Vulnerability
Missing authorization in Nuance PowerScribe may allow an unauthenticated attacker to disclose information over a network. An unauthenticated attacker could exploit this vulnerability by making an API call to a specific endpoint. The attacker could then use the data to gain access to sensitive information on the server.
Other Microsoft Vulnerability Highlights
- CVE-2025-59512 is an elevation of privilege vulnerability in the Customer Experience Improvement Program (CEIP). An improper access control flaw may allow an authenticated attacker to gain SYSTEM privileges.
- CVE-2025-60705 is an elevation of privilege vulnerability in the Windows Client-Side Caching. An improper access control flaw may allow an authenticated attacker to gain administrator privileges.
- CVE-2025-60719 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
- CVE-2025-62217 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
- CVE-2025-62213 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Microsoft Release Summary
This month’s release notes cover multiple Microsoft product families and products/versions affected, including, but not limited to, Nuance PowerScribe, Microsoft Configuration Manager, Microsoft Office Excel, Azure Monitor Agent, Windows Smart Card, Windows DirectX, Windows Speech, Windows Routing and Remote Access Service (RRAS), Windows Bluetooth RFCOM Protocol Driver, Microsoft Streaming Service, Windows Broadcast DVR User Service, Windows Remote Desktop, Windows Kerberos, Windows Client-Side Caching (CSC) Service, Multimedia Class Scheduler Service (MMCSS), Storvsp.sys Driver, Windows Common Log File System Driver, Host Process for Windows Tasks, Windows OLE, Windows Administrator Protection, Windows Ancillary Function Driver for WinSock, Windows TDX.sys, OneDrive for Android, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Office Word, Microsoft Dynamics 365 (on-premises), Windows License Manager, Dynamics 365 Field Service (online), Microsoft Wireless Provisioning System, Windows Subsystem for Linux GUI, Visual Studio Code CoPilot Chat Extension, GitHub Copilot and Visual Studio Code, and Microsoft Edge (Chromium-based).
The next Patch Tuesday falls on December 9, and we will be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to ‘This Month in Vulnerabilities and Patch’s webinar.’
Qualys Monthly Webinar Series
The Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys Vulnerability Management Detection Response (VMDR) and Qualys Patch Management. Combining these two solutions can reduce the median time to remediate critical vulnerabilities.
During the webcast, we will discuss this month’s high-impact vulnerabilities, including those that are a part of this month’s Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management.
Join the webinar
This Month in Vulnerabilities & Patches
