This web page was created programmatically, to learn the article in its unique location you’ll be able to go to the hyperlink bellow:
https://petri.com/microsoft-november-2025-patch-tuesday-updates/
and if you wish to take away this text from our website please contact us
Key Takeaways:
- Microsoft’s November 2025 Patch Tuesday addresses 63 vulnerabilities.
- The replace introduces a redesigned Start Menu, taskbar and battery enhancements, and new Copilot+ options for variations 25H2 and 24H2.
- A brand new Administrator Protection preview enhances system safety.
Microsoft has began rolling out the November 2025 Patch Tuesday updates for Windows 11. This month, Microsoft has fastened 63 vulnerabilities in Windows, Office, Microsoft Edge, Azure Monitor Agent, Dynamics 365, Hyper-V, SQL Server, and different parts.
On the standard and expertise updates entrance, Microsoft has rolled out a redesigned Start Menu and a few different new capabilities to Windows 11 variations 25H2 and 24H2. The newest replace additionally brings Click to Do enhancements and different adjustments for customers with Copilot+ units.
63 vulnerabilities fastened within the November 2025 Patch Tuesday updates
Among the 63 Windows vulnerabilities Microsoft fastened this month, 4 are rated “Critical” and 59 are rated “Important” in severity. One of these vulnerabilities is already being exploited within the wild, and you will discover extra particulars about all of them beneath:
CVE-2025-62215: This is a Windows Kernel privilege escalation vulnerability that would permit hackers to realize admin-level rights on Windows units. This flaw requires the attackers to win a race situation to realize system privileges.
CVE-2025-60724: This is a important heap-based buffer overflow vulnerability within the Microsoft Graphics Component (GDI+) that enables distant code execution with out authentication. This flaw carries a CVSS rating of 9.8 and doesn’t require any person interplay or privileges.
CVE-2025-60704: This is a high-severity vulnerability in Windows Kerberos with a CVSS rating of seven.5. It impacts all organizations utilizing Active Directory, with the Kerberos delegation functionality enabled.
CVE-2025-62220: This is a heap-based buffer overflow vulnerability within the Windows Subsystem for Linux GUI (WSLg) with a CVSS rating of 8.8. This flaw might permit an attacker to execute arbitrary code remotely via crafted inputs.
CVE-2025-60719: This vulnerability is an untrusted pointer dereference within the Windows Ancillary Function Driver for WinSock (afd.sys). It might allow a neighborhood attacker with low privileges to escalate to SYSTEM.
CVE-2025-62213: This is a use-after-free flaw in afd.sys (WinSock driver) that would permit an authenticated native attacker to realize elevated privileges. This flaw carries a CVSS rating of seven.0 (High).
CVE-2025-62217: This race situation vulnerability in afd.sys happens as a result of improper synchronization of shared sources.
You can discover the complete record of CVEs launched by Microsoft with the November 2025 Patch Tuesday updates beneath:
| Tag | CVE | Base Score | CVSS Vector | Exploitability | FAQs? | Workarounds? | Mitigations? |
| Nuance PowerScribe | CVE-2025-30398 | 8.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Configuration Manager | CVE-2025-47179 | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office Excel | CVE-2025-59240 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| SQL Server | CVE-2025-59499 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Azure Monitor Agent | CVE-2025-59504 | 7.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Smart Card | CVE-2025-59505 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows DirectX | CVE-2025-59506 | 7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Speech | CVE-2025-59507 | 7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Speech | CVE-2025-59508 | 7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Speech | CVE-2025-59509 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-59510 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | No | No | No |
| Windows WLAN Service | CVE-2025-59511 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Customer Experience Improvement Program (CEIP) | CVE-2025-59512 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
| Windows Bluetooth RFCOM Protocol Driver | CVE-2025-59513 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Streaming Service | CVE-2025-59514 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Broadcast DVR User Service | CVE-2025-59515 | 7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Remote Desktop | CVE-2025-60703 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Kerberos | CVE-2025-60704 | 7.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Client-Side Caching (CSC) Service | CVE-2025-60705 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
| Role: Windows Hyper-V | CVE-2025-60706 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Multimedia Class Scheduler Service (MMCSS) | CVE-2025-60707 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Storvsp.sys Driver | CVE-2025-60708 | 6.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Common Log File System Driver | CVE-2025-60709 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Host Process for Windows Tasks | CVE-2025-60710 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-60713 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows OLE | CVE-2025-60714 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-60715 | 8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows DirectX | CVE-2025-60716 | 7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Broadcast DVR User Service | CVE-2025-60717 | 7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Administrator Protection | CVE-2025-60718 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Ancillary Function Driver for WinSock | CVE-2025-60719 | 7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
| Windows TDX.sys | CVE-2025-60720 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Administrator Protection | CVE-2025-60721 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C | Exploitation Less Likely | Yes | No | No |
| OneDrive for Android | CVE-2025-60722 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows DirectX | CVE-2025-60723 | 6.3 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Graphics Component | CVE-2025-60724 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office Excel | CVE-2025-60726 | 7.1 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office Excel | CVE-2025-60727 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office Excel | CVE-2025-60728 | 4.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office | CVE-2025-62199 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office Excel | CVE-2025-62200 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office Excel | CVE-2025-62201 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office Excel | CVE-2025-62202 | 7.1 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office Excel | CVE-2025-62203 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Microsoft Office SharePoint | CVE-2025-62204 | 8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Office Word | CVE-2025-62205 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Dynamics 365 (on-premises) | CVE-2025-62206 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows License Manager | CVE-2025-62208 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows License Manager | CVE-2025-62209 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Dynamics 365 Field Service (on-line) | CVE-2025-62210 | 8.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Dynamics 365 Field Service (on-line) | CVE-2025-62211 | 8.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Ancillary Function Driver for WinSock | CVE-2025-62213 | 7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
| Visual Studio | CVE-2025-62214 | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Kernel | CVE-2025-62215 | 7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C | Exploitation Detected | Yes | No | No |
| Microsoft Office | CVE-2025-62216 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Ancillary Function Driver for WinSock | CVE-2025-62217 | 7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
| Microsoft Wireless Provisioning System | CVE-2025-62218 | 7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Microsoft Wireless Provisioning System | CVE-2025-62219 | 7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Windows Subsystem for Linux GUI | CVE-2025-62220 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
| Visual Studio Code CoPilot Chat Extension | CVE-2025-62222 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Visual Studio Code CoPilot Chat Extension | CVE-2025-62449 | 6.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-62452 | 8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
| GitHub Copilot and Visual Studio Code | CVE-2025-62453 | 5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Quality and expertise updates
On Windows 11 variations 25H2 and 24H2, the KB5068861 patch brings enhancements to Click to Do, File Explorer, Voice Access, and Windows Search for Copilot+ PCs. The Windows 11 Taskbar can also be getting a number of enhancements this month. The battery icon now options completely different colours that point out whether or not the battery is in battery saver mode, in charging, in good well being, or is critically low.
Additionally, Microsoft has additionally up to date the Windows 11 Start Menu this month. The new Start menu contains a scrollable All part with class and grid views, a responsive format for any display screen measurement, and Phone Link integration through a collapsible facet panel accessed via a cellular button subsequent to the search field.
Microsoft has rolled out the Administrator Protection characteristic in preview for Windows 11 units. It makes use of User Account Control (UAC) and safety insurance policies to stop unauthorized adjustments by requiring admin approval for system-level actions. It will be enabled in Windows Security or through Microsoft Intune or Group Policy.
Microsoft has launched KB5068781, the primary Windows 10 Extended Security Update after end-of-support, which fixes an incorrect “end of support” message and contains November Patch Tuesday safety fixes for 63 vulnerabilities, together with one actively exploited flaw. This replace is out there solely to units enrolled within the Windows 10 Extended Security Updates (ESU) program.
Windows Update testing and greatest practices
Organizations seeking to deploy this month’s patches ought to conduct thorough testing earlier than deploying them broadly on manufacturing techniques. That stated, making use of the patches broadly shouldn’t be delayed longer than vital, as hackers begin to work out easy methods to weaponize newly reported vulnerabilities.
A greatest observe is to be sure you have backed up techniques earlier than making use of updates. Every month, customers expertise points with Windows updates that result in techniques not booting, software and {hardware} compatibility points, and even information loss in excessive instances.
There are backup instruments constructed into Windows and Windows Server that you should utilize to revive techniques within the occasion a patch causes an issue. The backup options in Windows can be utilized to revive a whole system or recordsdata and folders on a granular foundation.
This web page was created programmatically, to learn the article in its unique location you’ll be able to go to the hyperlink bellow:
https://petri.com/microsoft-november-2025-patch-tuesday-updates/
and if you wish to take away this text from our website please contact us
