Microsoft released security updates under the ‘Patch Tuesday’ program on 11 Novemmber 2025. The latest security bulletin reports 63 security vulnerabilities for November 2025.
- 63 security vulnerabilities reported in November 2025
- 5 security vulnerabilities have ‘CRITICAL’ severity
- A single zero-day vulnerability has been reported
Details of the zero-day vulnerability and CRITICAL security vulnerabilties are shared below.
Zero-day vulnerability – Microsoft Security Report November 2025
Zero-day vulnerabilities are those security vulnerabilities that are either publicly disclosed or publicly exploited. In either case, zero-day vulnerabilities require immediate patching through the latest security updates.
In November 2025 security report, Microsoft has shared a single zero-day vulnerability. Brief details of the security vulnerabilities are shared here under.
Zero-day vulnerability
- CVE-2025-62215
- CVSS 3.1 – 7.1
- This vulnerability is confirmed zero-day vulnerability as it has been exploited and exploitation has been confirmed.
- The security vulnerability affects Windows Kernel.
- It could lead to Elevation of Privileges
CVE-2025-62215 impacts the following systems or operating systems of Microsoft:
- Windows Server 2019 and Windows Server 2019 Server Core installation
- Windows Server 2022 and Windows Server 2022 Server Core installation
- Windows Server 2025 and Windows Server 2025 Server Core installation
- Windows 10 versions 1809, 21H2, 22H2
- Windows 11 23H2, 24H2, 25H2
Installing the corresponding security updates should take care of CVE-2025-62215.
Critical Security Vulnerabilities
Microsoft reported 5 CRITICAL severity security vulnerabilities in November 2025. Brief details of these security vulnerabilities are shared below.
| Security vulnerability | CVSS | Description |
|---|---|---|
| CVE-2025-62214 | 6.7 | Remote Code Execution Vulnerability in Visual Studio. |
| CVE-2025-62199 | 7.8 | Remote Code Execution Vulnerability in Microsoft Office 2016, 2021, 2024, Microsoft 365 Apps for Enterprise, Microsoft Office for Android, and Microsoft Office for Mac |
| CVE-2025-60724 | 9.8 | Remote Code Execution in GDI+. The vulnerability affects all server editions beginning Windows Server 2008 until Windows Server 2025. It also affects all versions of Windows 10 and Windows 11. |
| CVE-2025-60716 | 7 | Elevation of Privilege vulnerability in DirectX Graphics Kernel. This security vulnerability impacts Windows Server 2016 onwards until Windows Server 2025. Windows 10 versions 1809 and higher are affected. Windows 11 21H2, 22H2, and 25H2 are also affected. |
| CVE-2025-30398 | 8.1 | Information disclosure vulnerability in Nuance PowerScribe 360 |
Out of these, we can see that CVE-2025-60716 and CVE-2025-60724 require patching on Windows Servers, Windows 10 desktops and Windows 11 desktops for full protection.
For Windows 10 computers that are end of life, it is recommended to apply the latest Extended Security Update.
Simplifying technology, one step at a time.