Overview

Microsoft’s November 2025 Patch Tuesday delivers security fixes for 63 vulnerabilities, including one actively exploited zero-day. The release includes four “Critical” flaws (two RCEs, one EoP, one information disclosure).

Key technical details

  • Total fixes: 63 vulnerabilities
  • Actively exploited zero-day: 1 — CVE-2025-62215 (CVSS 7.0)(Windows Kernel, local elevation of privilege)
    • Microsoft: a race-condition (“concurrent execution using shared resource with improper synchronization”) in the Windows Kernel can allow a local, authorized attacker to gain SYSTEM privileges; Microsoft has not published exploitation details.
  • Critical issues: 4 (2 remote code execution, 1 elevation of privilege, 1 information disclosure)

Vulnerability breakdown

  • 29 Elevation of Privilege
  • 16 Remote Code Execution
  • 11 Information Disclosure
  • 3 Denial of Service
  • 2 Security Feature Bypass
  • 2 Spoofing

Notable deployment / ESU notes

  • This month is also the first Extended Security Update (ESU) for Windows 10. if you remain on Windows 10, upgrade to Windows 11 or enroll in the ESU program to keep receiving patches.
  • Microsoft released an out-of-band update today to fix a bug that prevented some customers from enrolling in ESU.

 

Affected Devices

Windows 10: All supported versions (Only Windows 10, version 22H2)covered under the Extended Security Updates (ESU) program receive fixes in this release. Systems not enrolled in ESU no longer receive free monthly security updates.

Windows 11: Versions 24H2 and 25H2 receive updates KB5066835 and KB5066793, respectively, addressing this month’s vulnerabilities including the actively exploited kernel zero-day (CVE-2025-62215).

Recommended Remediations

ctrl:cyber recommends installing the following remediations:

  • Apply all November 2025 updates immediately across affected devices.
  • Migrate Windows 10 systems to a supported OS (e.g., Windows 11) or enroll in ESU to maintain protection.
  • Prioritize patching externally exposed systems (e.g., servers, SMB endpoints).
  • Monitor for exploit indicators, especially related to zero-days mentioned above.
  • Harden configurations by disabling unnecessary services and limiting privilege escalation paths.

Source: Microsoft Security Response Center
Source: BleepingComputer
Source: Tenable