Microsoft has released its November 2025 Patch Tuesday update, addressing a total of 63 new security vulnerabilities across its software suite. Highlighting this month’s release is a fix for a zero-day vulnerability that is confirmed to be under active exploitation in the wild.

The comprehensive update includes patches for a wide range of security issues. Of the 63 flaws, four are rated as Critical and 59 are rated as Important in severity. These fixes come in addition to 27 vulnerabilities that Microsoft has already patched in its Chromium-based Edge browser since the October 2025 update cycle.

Actively Exploited Zero-Day: CVE-2025-62215

The most pressing issue addressed this month is CVE-2025-62215, a privilege escalation vulnerability within the Windows Kernel. This flaw, which carries a CVSS score of 7.0, was discovered and reported by Microsoft’s own Threat Intelligence Center (MSTIC) and Security Response Center (MSRC). Attackers who successfully exploit this vulnerability could gain elevated privileges on a compromised system. Given its active exploitation, administrators are urged to apply this patch immediately to mitigate ongoing threats.

November 2025 Patch Breakdown

The vulnerabilities fixed in this month’s release cover several categories. The most common issue was privilege escalation, accounting for 29 of the flaws. Other significant categories include:

• 16 Remote Code Execution (RCE) vulnerabilities
• 11 Information Disclosure vulnerabilities
• 3 Denial-of-Service (DoS) flaws
• 2 Security Feature Bypass vulnerabilities
• 2 Spoofing bugs

System administrators should prioritize the deployment of these security updates to protect their environments from potential exploitation.

Source: https://thehackernews.com/2025/11/microsoft-fixes-63-security-flaws.html