Microsoft released its November Patch Tuesday Security Updates. Here’s a quick breakdown of what you need to know.
Microsoft Patch Tuesday for November 2025
This month’s release addresses 68 vulnerabilities, including five critical and 59 important-severity vulnerabilities.
In this month’s updates, Microsoft has addressed a zero-day vulnerability that was being exploited in the wild.
Microsoft has addressed five vulnerabilities in Microsoft Edge (Chromium-based) in this month’s updates.
Microsoft Patch Tuesday, November edition, includes updates for vulnerabilities in SQL Server, Windows Hyper-V, Visual Studio, Windows Kernel, Windows WLAN Service, Customer Experience Improvement Program (CEIP), and more.
From elevation of privilege flaws to remote code execution risks, this month’s patches are essential for organizations aiming to maintain a robust security posture.
The November 2025 Microsoft vulnerabilities are classified as follows:
| Vulnerability Category | Quantity | Severities |
| Spoofing Vulnerability | 2 | Important: 2 |
| Denial of Service Vulnerability | 3 | Important: 3 |
| Elevation of Privilege Vulnerability | 29 | Critical: 1 Important: 28 |
| Security Feature Bypass Vulnerability | 2 | Important: 2 |
| Information Disclosure Vulnerability | 11 | Critical: 1 Important: 10 |
| Remote Code Execution Vulnerability | 16 | Critical: 3 Important: 13 |
Adobe Patches for November 2025
Adobe has released eight security advisories to address 29 vulnerabilities in Adobe InDesign, Adobe InCopy, Adobe Photoshop, Adobe Illustrator, Adobe Illustrator Mobile, Adobe Pass, Adobe Substance 3D Stager, and Adobe Format Plugins. 23 of these vulnerabilities are given critical severity ratings. Successful exploitation of these vulnerabilities may lead to security feature bypass and arbitrary code execution.
Zero-day Vulnerabilities Patched in November Patch Tuesday Edition
CVE-2025-62215: Windows Kernel Elevation of Privilege Vulnerability
Successful exploitation of the vulnerability may allow an authenticated attacker to gain SYSTEM privileges. An attacker must win a race condition to exploit the vulnerability.
CISA acknowledged the vulnerability’s active exploitation by adding it to its Known Exploited Vulnerabilities Catalog and urging users to patch it before December 3, 2025.
Critical Severity Vulnerabilities Patched in November Patch Tuesday Edition
CVE-2025-60724: GDI+ Remote Code Execution Vulnerability
A heap-based buffer overflow flaw in the Microsoft Graphics Component may allow an unauthenticated attacker to execute code over a network. An attacker could exploit this vulnerability by convincing a user to download and open a document containing a specially crafted metafile.
CVE-2025-62199: Microsoft Office Remote Code Execution Vulnerability
A use-after-free vulnerability in Microsoft Office may allow an unauthenticated attacker to execute code locally. For successful exploitation of the vulnerability, an attacker must send the user a malicious file and convince them to open it.
CVE-2025-60716: DirectX Graphics Kernel Elevation of Privilege Vulnerability
A use-after-free vulnerability in Windows DirectX may allow an authenticated attacker to elevate their local privileges. An attacker must win a race condition to exploit the vulnerability. Upon successful exploitation, an attacker could gain SYSTEM privileges.
CVE-2025-62214: Visual Studio Remote Code Execution Vulnerability
A command injection vulnerability in Visual Studio may allow an authenticated attacker to execute code locally.
CVE-2025-30398: Nuance PowerScribe 360 Information Disclosure Vulnerability
Missing authorization in Nuance PowerScribe may allow an unauthenticated attacker to disclose information over a network. An unauthenticated attacker could exploit this vulnerability by making an API call to a specific endpoint. The attacker could then use the data to gain access to sensitive information on the server.
Other Microsoft Vulnerability Highlights
- CVE-2025-59512 is an elevation of privilege vulnerability in the Customer Experience Improvement Program (CEIP). An improper access control flaw may allow an authenticated attacker to gain SYSTEM privileges.
- CVE-2025-60705 is an elevation of privilege vulnerability in the Windows Client-Side Caching. An improper access control flaw may allow an authenticated attacker to gain administrator privileges.
- CVE-2025-60719 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
- CVE-2025-62217 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
- CVE-2025-62213 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Microsoft Release Summary
This month’s release notes cover multiple Microsoft product families and products/versions affected, including, but not limited to, Nuance PowerScribe, Microsoft Configuration Manager, Microsoft Office Excel, Azure Monitor Agent, Windows Smart Card, Windows DirectX, Windows Speech, Windows Routing and Remote Access Service (RRAS), Windows Bluetooth RFCOM Protocol Driver, Microsoft Streaming Service, Windows Broadcast DVR User Service, Windows Remote Desktop, Windows Kerberos, Windows Client-Side Caching (CSC) Service, Multimedia Class Scheduler Service (MMCSS), Storvsp.sys Driver, Windows Common Log File System Driver, Host Process for Windows Tasks, Windows OLE, Windows Administrator Protection, Windows Ancillary Function Driver for WinSock, Windows TDX.sys, OneDrive for Android, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Office Word, Microsoft Dynamics 365 (on-premises), Windows License Manager, Dynamics 365 Field Service (online), Microsoft Wireless Provisioning System, Windows Subsystem for Linux GUI, Visual Studio Code CoPilot Chat Extension, GitHub Copilot and Visual Studio Code, and Microsoft Edge (Chromium-based).
Qualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledgebase (KB).
You can see all your impacted hosts by these vulnerabilities using the following QQL query:
vulnerabilities.vulnerability: ( qid: 110510 or qid: 110511 or qid: 385929 or qid: 385930 or qid: 385931 or qid: 92327 or qid: 92328 or qid: 92329 or qid: 92330 or qid: 92331 or qid: 92332 )
Patch to the Latest Version
VMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the “Missing” patches to identify and deploy the applicable, available patches with one click.
The following QQL will return the missing patches for this Patch Tuesday:
( qid: 110510 or qid: 110511 or qid: 385929 or qid: 385930 or qid: 385931 or qid: 92327 or qid: 92328 or qid: 92329 or qid: 92330 or qid: 92331 or qid: 92332 )
Mitigation: Reducing Risk Until Remediation
Not every team can patch immediately due to operational challenges. TruRisk™ Eliminate enables security teams to apply mitigation controls that immediately lower exposure and reduce the Qualys Detection Score (QDS).
As a first set of our mitigant signature set, we have Qualys-created mitigations for the following 61 vulnerabilities: CVE-2025-59510, CVE-2025-60713, CVE-2025-60715, CVE-2025-60703, CVE-2025-60706, CVE-2025-60709, CVE-2025-62204, CVE-2025-60719, CVE-2025-62217, CVE-2025-62213, CVE-2025-59505, and CVE-2025-60705.
For vulnerabilities in Windows services where local or remote exploitation vectors exist, our mitigants modify configuration by modifying registry keys and, where applicable, service policy files. These mitigations work for affected components such as the Routing and Remote Access Service (RRAS), Remote Desktop Services, Hyper-V, Microsoft SharePoint, Ancillary Function Driver for WinSock, Smart Card Reader, and Client-Side Caching. Additionally, this mitigant set addresses denial-of-service, elevation-of-privilege, remote code execution, and information disclosure risks in these core Windows subsystems.
Qualys TruRisk Mitigate product customers receive these scripts as part of the monthly Patch Tuesday signature set.
The next Patch Tuesday falls on December 9, and we will be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to ‘This Month in Vulnerabilities and Patch’s webinar.’
Qualys Monthly Webinar Series
The Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys Vulnerability Management Detection Response (VMDR) and Qualys Patch Management. Combining these two solutions can reduce the median time to remediate critical vulnerabilities.
During the webcast, we will discuss this month’s high-impact vulnerabilities, including those that are a part of this month’s Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management.
Join the webinar
This Month in Vulnerabilities & Patches
Deixe o seu comentário