Patch Tuesday: Microsoft fixes actively exploited Windows kernel vulnerability (CVE-2025-62215)

Microsoft has delivered a moderately mild load of patches for November 2025 Patch Tuesday: some 60+ vulnerabilities have obtained a repair, amongst them an actively exploited Windows Kernel flaw (CVE-2025-62215).

CVE-2025-62215

CVE-2025-62215 is a reminiscence corruption subject that stems from “concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel”, which that permits native elevation of privileges (to SYSTEM).

Exploitation within the wild was flagged by Microsoft’s Threat Intelligence Center (MSTIC) and its Security Response Center (MSRC), probably in restricted assaults, since exploit code is purposeful however not broadly accessible.

“It’s also interesting to note there’s a race condition here, and it shows that some race conditions are more reliable than others. Bugs like these are often paired with a code execution bug by malware to completely take over a system,” noted Dustin Childs, head of risk consciousness at Trend Micro’s Zero Day Initiative.

Chris Goettl, VP of Security Product Management at Ivanti, identified that  the vulnerability impacts all at the moment supported Windows OS editions and Windows 10 Extended Security Updates (ESU), which suggests the chance of operating Windows 10 previous the EoL with out ESU will not be hypothetical.

“Ensure you are subscribing to Windows 10 ESU and providing additional mitigations where possible,” he advised.

Microsoft has additionally pushed out an out-of-band update for client units that aren’t enrolled within the Extended Security Updates (ESU) program for Windows 10. It fixes a problem which will outcome within the ESU enrollment wizard failing through the enrollment course of.

Goettl famous that there are different Windows merchandise that may now not be supported or can be supported for a short time extra.

“Exchange Server, for one, is getting some additional attention. Microsoft announced a 6-month ESU option for Exchange 2016/2019 servers for customers who need the extension. Their guidance, however, is not to rely on this program and to make every attempt to move off of Exchange and move to Exchange SE in time.”

Windows 11 Home and Pro 23H2 have reached their “End of Support” date.

Other vulnerabilities of word

CVE-2025-60724 is a heap-based buffer overflow bug in Graphics Device Interface Plus (GDI+), a subsystem utilized in Windows purposes to render 2D vector graphics, photographs, and textual content.

“An attacker could trigger this vulnerability by convincing a victim to download and open a document that contains a specially crafted metafile. In the worst-case scenario, an attacker could trigger this vulnerability on web services by uploading documents containing a specially crafted metafile without user interaction,” Microsoft explained.

The vulnerability is “critical”, as it could result in distant code execution with none person interplay and could be triggered by unauthenticated attackers in low-complexity assaults. Still, Microsoft assess that it’s much less more likely to be exploited.

“While this vuln almost certainly isn’t wormable, it’s clearly very serious and is surely a top priority for just about anyone considering how to approach this month’s patches,” Adam Barnett, lead software program engineer at Rapid7, commented.

CVE-2025-62199, a use-after-free flaw in Microsoft Office, could be exploited by attackers to attain code execution on weak programs.

Exploitation depends on the person being tricked into downloading and opening a malicious file, Microsoft pointed out, but in addition said that Preview Pane is an assault vector.

“This certainly increases the probability of real-world exploitation, since there’s no need for the attacker to craft a way around those pesky warnings about enabling dangerous content. Just scrolling through a list of emails in Outlook could be enough,” Rapid7’s Barnett famous.

CVE-2025-62222 affects Agentic AI and Visual Studio Code and will permit an unauthorized attacker to execute code over a community.

“The vulnerability has been identified and patched in the Visual Studio Code CoPilot Chat Extension. The attack chain here is a novel and concerning one that targets the developer’s trusted environment,” says Ben McCarthy, lead cyber safety engineer at Immersive.

“An attacker crafts a malicious GitHub issue within a repository. The description of this issue contains the hidden, unsanitized command. The attacker must then convince the developer to interact with this specific issue in a non-standard way: by ‘enabling a particular mode on the attacker’s crafted issue.’ This user action causes the extension to read and execute the malicious issue description. This triggers the command injection flaw, leading to full Remote Code Execution in the context of the user.”

Subscribe to our breaking information e-mail alert to by no means miss out on the newest breaches, vulnerabilities and cybersecurity threats. Subscribe right here!