Microsoft Releases November 2025 Patch Tuesday Updates

Microsoft has began rolling out the November 2025 Patch Tuesday updates for Windows 11. This month, Microsoft has fastened 63 vulnerabilities in Windows, Office, Microsoft Edge, Azure Monitor Agent, Dynamics 365, Hyper-V, SQL Server, and different parts.

On the standard and expertise updates entrance, Microsoft has rolled out a redesigned Start Menu and a few different new capabilities to Windows 11 variations 25H2 and 24H2. The newest replace additionally brings Click to Do enhancements and different adjustments for customers with Copilot+ units.

63 vulnerabilities fastened within the November 2025 Patch Tuesday updates

Among the 63 Windows vulnerabilities Microsoft fastened this month, 4 are rated “Critical” and 59 are rated “Important” in severity. One of these vulnerabilities is already being exploited within the wild, and you will discover extra particulars about all of them beneath:

CVE-2025-62215: This is a Windows Kernel privilege escalation vulnerability that would permit hackers to realize admin-level rights on Windows units. This flaw requires the attackers to win a race situation to realize system privileges.

CVE-2025-60724: This is a important heap-based buffer overflow vulnerability within the Microsoft Graphics Component (GDI+) that enables distant code execution with out authentication. This flaw carries a CVSS rating of 9.8 and doesn’t require any person interplay or privileges.

CVE-2025-60704: This is a high-severity vulnerability in Windows Kerberos with a CVSS rating of seven.5. It impacts all organizations utilizing Active Directory, with the Kerberos delegation functionality enabled.

CVE-2025-62220: This is a heap-based buffer overflow vulnerability within the Windows Subsystem for Linux GUI (WSLg) with a CVSS rating of 8.8. This flaw might permit an attacker to execute arbitrary code remotely via crafted inputs.

CVE-2025-60719: This vulnerability is an untrusted pointer dereference within the Windows Ancillary Function Driver for WinSock (afd.sys). It might allow a neighborhood attacker with low privileges to escalate to SYSTEM.

CVE-2025-62213: This is a use-after-free flaw in afd.sys (WinSock driver) that would permit an authenticated native attacker to realize elevated privileges. This flaw carries a CVSS rating of seven.0 (High).

CVE-2025-62217: This race situation vulnerability in afd.sys happens as a result of improper synchronization of shared sources.

You can discover the complete record of CVEs launched by Microsoft with the November 2025 Patch Tuesday updates beneath:

Tag	CVE	Base Score	CVSS Vector	Exploitability	FAQs?	Workarounds?	Mitigations?
Nuance PowerScribe	CVE-2025-30398	8.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Microsoft Configuration Manager	CVE-2025-47179	6.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Microsoft Office Excel	CVE-2025-59240	5.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2025-59499	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Azure Monitor Agent	CVE-2025-59504	7.3	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Windows Smart Card	CVE-2025-59505	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Windows DirectX	CVE-2025-59506	7	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Windows Speech	CVE-2025-59507	7	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Windows Speech	CVE-2025-59508	7	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Windows Speech	CVE-2025-59509	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Windows Routing and Remote Access Service (RRAS)	CVE-2025-59510	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	No	No	No
Windows WLAN Service	CVE-2025-59511	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Customer Experience Improvement Program (CEIP)	CVE-2025-59512	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation More Likely	Yes	No	No
Windows Bluetooth RFCOM Protocol Driver	CVE-2025-59513	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Microsoft Streaming Service	CVE-2025-59514	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Windows Broadcast DVR User Service	CVE-2025-59515	7	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Windows Remote Desktop	CVE-2025-60703	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Windows Kerberos	CVE-2025-60704	7.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Windows Client-Side Caching (CSC) Service	CVE-2025-60705	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation More Likely	Yes	No	No
Role: Windows Hyper-V	CVE-2025-60706	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Multimedia Class Scheduler Service (MMCSS)	CVE-2025-60707	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Storvsp.sys Driver	CVE-2025-60708	6.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Windows Common Log File System Driver	CVE-2025-60709	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Host Process for Windows Tasks	CVE-2025-60710	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Windows Routing and Remote Access Service (RRAS)	CVE-2025-60713	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Windows OLE	CVE-2025-60714	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Windows Routing and Remote Access Service (RRAS)	CVE-2025-60715	8	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Windows DirectX	CVE-2025-60716	7	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Windows Broadcast DVR User Service	CVE-2025-60717	7	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Windows Administrator Protection	CVE-2025-60718	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Windows Ancillary Function Driver for WinSock	CVE-2025-60719	7	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation More Likely	Yes	No	No
Windows TDX.sys	CVE-2025-60720	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Windows Administrator Protection	CVE-2025-60721	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C	Exploitation Less Likely	Yes	No	No
OneDrive for Android	CVE-2025-60722	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Windows DirectX	CVE-2025-60723	6.3	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Microsoft Graphics Component	CVE-2025-60724	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Microsoft Office Excel	CVE-2025-60726	7.1	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Microsoft Office Excel	CVE-2025-60727	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Microsoft Office Excel	CVE-2025-60728	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Microsoft Office	CVE-2025-62199	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Microsoft Office Excel	CVE-2025-62200	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Microsoft Office Excel	CVE-2025-62201	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Microsoft Office Excel	CVE-2025-62202	7.1	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Microsoft Office Excel	CVE-2025-62203	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Microsoft Office SharePoint	CVE-2025-62204	8	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Microsoft Office Word	CVE-2025-62205	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Microsoft Dynamics 365 (on-premises)	CVE-2025-62206	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Windows License Manager	CVE-2025-62208	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Windows License Manager	CVE-2025-62209	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Dynamics 365 Field Service (on-line)	CVE-2025-62210	8.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Dynamics 365 Field Service (on-line)	CVE-2025-62211	8.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Windows Ancillary Function Driver for WinSock	CVE-2025-62213	7	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation More Likely	Yes	No	No
Visual Studio	CVE-2025-62214	6.7	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Windows Kernel	CVE-2025-62215	7	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C	Exploitation Detected	Yes	No	No
Microsoft Office	CVE-2025-62216	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Windows Ancillary Function Driver for WinSock	CVE-2025-62217	7	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation More Likely	Yes	No	No
Microsoft Wireless Provisioning System	CVE-2025-62218	7	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Microsoft Wireless Provisioning System	CVE-2025-62219	7	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Windows Subsystem for Linux GUI	CVE-2025-62220	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Unlikely	Yes	No	No
Visual Studio Code CoPilot Chat Extension	CVE-2025-62222	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Visual Studio Code CoPilot Chat Extension	CVE-2025-62449	6.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
Windows Routing and Remote Access Service (RRAS)	CVE-2025-62452	8	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No
GitHub Copilot and Visual Studio Code	CVE-2025-62453	5	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C	Exploitation Less Likely	Yes	No	No

Quality and expertise updates

On Windows 11 variations 25H2 and 24H2, the KB5068861 patch brings enhancements to Click to Do, File Explorer, Voice Access, and Windows Search for Copilot+ PCs. The Windows 11 Taskbar can also be getting a number of enhancements this month. The battery icon now options completely different colours that point out whether or not the battery is in battery saver mode, in charging, in good well being, or is critically low.

Additionally, Microsoft has additionally up to date the Windows 11 Start Menu this month. The new Start menu contains a scrollable All part with class and grid views, a responsive format for any display screen measurement, and Phone Link integration through a collapsible facet panel accessed via a cellular button subsequent to the search field.

Microsoft has rolled out the Administrator Protection characteristic in preview for Windows 11 units. It makes use of User Account Control (UAC) and safety insurance policies to stop unauthorized adjustments by requiring admin approval for system-level actions. It will be enabled in Windows Security or through Microsoft Intune or Group Policy.

Microsoft has launched KB5068781, the primary Windows 10 Extended Security Update after end-of-support, which fixes an incorrect “end of support” message and contains November Patch Tuesday safety fixes for 63 vulnerabilities, together with one actively exploited flaw. This replace is out there solely to units enrolled within the Windows 10 Extended Security Updates (ESU) program.

Windows Update testing and greatest practices

Organizations seeking to deploy this month’s patches ought to conduct thorough testing earlier than deploying them broadly on manufacturing techniques. That stated, making use of the patches broadly shouldn’t be delayed longer than vital, as hackers begin to work out easy methods to weaponize newly reported vulnerabilities.

A greatest observe is to be sure you have backed up techniques earlier than making use of updates. Every month, customers expertise points with Windows updates that result in techniques not booting, software and {hardware} compatibility points, and even information loss in excessive instances.

There are backup instruments constructed into Windows and Windows Server that you should utilize to revive techniques within the occasion a patch causes an issue. The backup options in Windows can be utilized to revive a whole system or recordsdata and folders on a granular foundation.