Microsoft’s November 2025 Patch Tuesday Addresses 63 CVEs (CVE-2025-62215)

5Critical
58Important
0Moderate
0Low

Microsoft addresses 63 CVEs including one zero-day vulnerability which was exploited in the wild. Microsoft patched 63 CVEs in its November 2025 Patch Tuesday release, with five rated critical, and 58 rated as important. A pie chart showing the severity distribution across the Patch Tuesday CVEs patched in November 2025. This month’s update includes patches for: Azure Monitor Agent Customer Experience Improvement Program (CEIP) Dynamics 365 Field Service (online) GitHub Copilot and Visual Studio Code Host Process for Windows Tasks Microsoft Configuration Manager Microsoft Dynamics 365 (on-premises) Microsoft Graphics Component Microsoft Office Microsoft Office Excel Microsoft Office SharePoint Microsoft Office Word Microsoft Streaming Service Microsoft Wireless Provisioning System Multimedia Class Scheduler Service (MMCSS) Nuance PowerScribe OneDrive for Android Role: Windows Hyper-V SQL Server Storvsp.sys Driver Visual Studio Visual Studio Code CoPilot Chat Extension Windows Administrator Protection Windows Ancillary Function Driver for WinSock Windows Bluetooth RFCOM Protocol Driver Windows Broadcast DVR User Service Windows Client-Side Caching (CSC) Service Windows Common Log File System Driver Windows DirectX Windows Kerberos Windows Kernel Windows License Manager Windows OLE Windows Remote Desktop Windows Routing and Remote Access Service (RRAS) Windows Smart Card Windows Speech Windows Subsystem for Linux GUI Windows TDX.sys Windows WLAN Service A bar chart showing the count by impact of CVEs patched in the November 2025 Patch Tuesday release. Elevation of privilege (EoP) vulnerabilities accounted for 46% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 25.4%.

Important

CVE-2025-62215 – Windows Kernel Elevation of Privilege Vulnerability

CVE-2025-62215 is an EoP vulnerability in the Windows Kernel. It was assigned a CVSSv3 score of 7.0 and rated important. A local, authenticated attacker could exploit this vulnerability by winning a race condition in order to gain SYSTEM privileges. According to Microsoft, this vulnerability was exploited in the wild as a zero-day. Including CVE-2025-62215, there have been 11 EoP vulnerabilities patched in the Windows Kernel in 2025, with five of these included in the October 2025 Patch Tuesday release.

Critical

CVE-2025-62199 – Microsoft Office Remote Code Execution Vulnerability

CVE-2025-62199 is a RCE vulnerability in Microsoft Office. It was assigned a CVSSv3 score of 7.8, rated critical and assessed as “Exploitation Less Likely” according to Microsoft’s Exploitability Index. An attacker could exploit this flaw through social engineering by sending the malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker. Despite being flagged as “Less Likely” to be exploited, Microsoft notes that the Preview Pane is an attack vector, which means exploitation does not require the target to open the file. Microsoft patched two additional Microsoft Office RCEs this month. CVE-2025-62205 and CVE-2025-62216 both were assigned CVSSv3 scores of 7.8 and rated as important. CVE-2025-62205 was assessed as “Exploitation Less Likely” while CVE-2025-62216 was assessed as “Exploitation Unlikely.” In contrast to CVE-2025-62199, the preview pane is not an attack vector for these two vulnerabilities.

Important

CVE-2025-60719, CVE-2025-62213, and CVE-2025-62217 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2025-60719, CVE-2025-62213 and CVE-2025-62217 are EoP vulnerabilities affecting the Ancillary Function Driver for WinSock for Microsoft Windows. All three were assigned CVSSv3 scores of 7.0, were rated as important and assessed as “Exploitation More Likely.” A local, authenticated attacker could exploit these vulnerabilities to elevate to SYSTEM level privileges.

Critical

CVE-2025-60724 – GDI+ Remote Code Execution Vulnerability

CVE-2025-60724 is a RCE vulnerability affecting the Windows Graphics Device Interface (GDI). It was assigned a CVSSv3 score of 9.8, rated as critical and assessed as “Exploitation Less Likely.” A remote attacker could exploit this flaw by convincing a victim to download and open a crafted file which could exploit a heap-based buffer overflow in order to execute arbitrary code.

Tenable Solutions

A list of all the plugins released for Microsoft’s November 2025 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched. For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

Microsoft’s November 2025 Security Updates Tenable plugins for Microsoft November 2025 Patch Tuesday Security Updates Join Tenable’s Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats. Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

First seen on securityboulevard.com

Jump to article: securityboulevard.com/2025/11/microsofts-november-2025-patch-tuesday-addresses-63-cves-cve-2025-62215/