Microsoft’s November 2025 Patch Tuesday Addresses 63 CVEs (CVE-2025-62215)
5Critical
58Important
0Moderate
0Low
Microsoft addresses 63 CVEs including one zero-day vulnerability which was exploited in the wild.
Microsoft’s November 2025 Patch Tuesday Addresses 63 CVEs (CVE-2025-62215)
5Critical
58Important
0Moderate
0Low
Microsoft addresses 63 CVEs including one zero-day vulnerability which was exploited in the wild.
Microsoft patched 63 CVEs in its November 2025 Patch Tuesday release, with five rated critical, and 58 rated as important.
This month’s update includes patches for:
Azure Monitor Agent
Customer Experience Improvement Program (CEIP)
Dynamics 365 Field Service (online)
GitHub Copilot and Visual Studio Code
Host Process for Windows Tasks
Microsoft Configuration Manager
Microsoft Dynamics 365 (on-premises)
Microsoft Graphics Component
Microsoft Office
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Office Word
Microsoft Streaming Service
Microsoft Wireless Provisioning System
Multimedia Class Scheduler Service (MMCSS)
Nuance PowerScribe
OneDrive for Android
Role: Windows Hyper-V
SQL Server
Storvsp.sys Driver
Visual Studio
Visual Studio Code CoPilot Chat Extension
Windows Administrator Protection
Windows Ancillary Function Driver for WinSock
Windows Bluetooth RFCOM Protocol Driver
Windows Broadcast DVR User Service
Windows Client-Side Caching (CSC) Service
Windows Common Log File System Driver
Windows DirectX
Windows Kerberos
Windows Kernel
Windows License Manager
Windows OLE
Windows Remote Desktop
Windows Routing and Remote Access Service (RRAS)
Windows Smart Card
Windows Speech
Windows Subsystem for Linux GUI
Windows TDX.sys
Windows WLAN Service
Elevation of privilege (EoP) vulnerabilities accounted for 46% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 25.4%.
CVE-2025-62215 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2025-62215 is an EoP vulnerability in the Windows Kernel. It was assigned a CVSSv3 score of 7.0 and rated important. A local, authenticated attacker could exploit this vulnerability by winning a race condition in order to gain SYSTEM privileges. According to Microsoft, this vulnerability was exploited in the wild as a zero-day.
Including CVE-2025-62215, there have been 11 EoP vulnerabilities patched in the Windows Kernel in 2025, with five of these included in the October 2025 Patch Tuesday release.
CVE-2025-62199 | Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62199 is a RCE vulnerability in Microsoft Office. It was assigned a CVSSv3 score of 7.8, rated critical and assessed as “Exploitation Less Likely” according to Microsoft’s Exploitability Index. An attacker could exploit this flaw through social engineering by sending the malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker.
Despite being flagged as “Less Likely” to be exploited, Microsoft notes that the Preview Pane is an attack vector, which means exploitation does not require the target to open the file.
Microsoft patched two additional Microsoft Office RCEs this month. CVE-2025-62205 and CVE-2025-62216 both were assigned CVSSv3 scores of 7.8 and rated as important. CVE-2025-62205 was assessed as “Exploitation Less Likely” while CVE-2025-62216 was assessed as “Exploitation Unlikely.” In contrast to CVE-2025-62199, the preview pane is not an attack vector for these two vulnerabilities.
CVE-2025-60719, CVE-2025-62213, and CVE-2025-62217 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-60719, CVE-2025-62213 and CVE-2025-62217 are EoP vulnerabilities affecting the Ancillary Function Driver for WinSock for Microsoft Windows. All three were assigned CVSSv3 scores of 7.0, were rated as important and assessed as “Exploitation More Likely.” A local, authenticated attacker could exploit these vulnerabilities to elevate to SYSTEM level privileges.
CVE-2025-60724 | GDI+ Remote Code Execution Vulnerability
CVE-2025-60724 is a RCE vulnerability affecting the Windows Graphics Device Interface (GDI). It was assigned a CVSSv3 score of 9.8, rated as critical and assessed as “Exploitation Less Likely.” A remote attacker could exploit this flaw by convincing a victim to download and open a crafted file which could exploit a heap-based buffer overflow in order to execute arbitrary code.
Tenable Solutions
A list of all the plugins released for Microsoft’s November 2025 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.
For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.
Get more information
Join on Tenable Connect and engage with us in the for further discussions on the latest cyber threats.
Learn more about , the Exposure Management Platform for the modern attack surface.
*** This is a Security Bloggers Network syndicated blog from Tenable Blog authored by Research Special Operations. Read the original post at: https://www.tenable.com/blog/microsofts-november-2025-patch-tuesday-addresses-63-cves-cve-2025-62215
About Author
