Microsoft released its November 2025 Patch Tuesday updates on November 11, fixing 63 security flaws across Windows, Office, Azure, and Visual Studio. The most urgent concern is CVE-2025-62215, a zero-day Windows Kernel vulnerability already being exploited by attackers to escalate privileges on compromised systems.
Five critical vulnerabilities lead the pack, including CVE-2025-62199 in Microsoft Office that allows remote code execution through malicious documents, and CVE-2025-60724 in GDI+ enabling network-based attacks on graphics applications.
The remaining 57 "Important" rated flaws primarily target privilege escalation, affecting everything from Smart Card services to Kerberos authentication. Security teams should prioritize patching internet-facing systems immediately, as no workarounds exist for the exploited zero-day.
Source: Cyber Security News