Microsoft Patch Tuesday for November 2025

Published: 2025-11-11. Last Updated: 2025-11-11 19:24:30 UTC
by Johannes Ullrich (Version: 1)

Today's Microsoft Patch Tuesday offers fixes for 80 different vulnerabilities. One of the vulnerabilities is already being exploited, and five are rated as critical.

Notable Vulnerabilities:

CVE-2025-62215: This vulnerability is already being exploited. It is a privilege escalation vulnerability in the Windows Kernel. These types of vulnerabilities are often exploited as part of a more complex attack chain; however, exploiting this specific vulnerability is likely to be relatively straightforward, given the existence of prior similar vulnerabilities.

CVE-2025-60274: A critical GDI+ remote execution vulnerability. GDI+ parses various graphics files. The attack surface is likely huge, as anything in Windows (Browsers, email, and Office Documents) will use this library at some point to display images. We also have a critical vulnerability in Direct-X CVE-2025-60716. Microsoft classifies this as a privilege escalation issue, yet still rates it as critical.

CVE-2025-62199: A code execution vulnerability in Microsoft Office. Another component with a huge attack surface that is often exploited.

Given the number and type of vulnerabilities, I would consider this patch Tuesday "lighter than normal". There are no "Patch Now" vulnerabilities, and I suggest applying these vulnerabilities in accordance with your vulnerability management program.

Description
CVE	Disclosed	Exploited	Exploitability (old versions)	current version	Severity	CVSS Base (AVG)	CVSS Temporal (AVG)
Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
CVE-2025-62222	No	No	-	-	Important	8.8	7.7
An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).
CVE-2025-60753	No	No	-	-	Moderate	5.5	5.2
Azure Monitor Agent Remote Code Execution Vulnerability
CVE-2025-59504	No	No	-	-	Important	7.3	6.4
Configuration Manager Elevation of Privilege Vulnerability
CVE-2025-47179	No	No	-	-	Important	6.7	5.8
Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability
CVE-2025-59512	No	No	-	-	Important	7.8	6.8
DirectX Graphics Kernel Denial of Service Vulnerability
CVE-2025-60723	No	No	-	-	Important	6.3	5.5
DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2025-59506	No	No	-	-	Important	7.0	6.1
CVE-2025-60716	No	No	-	-	Critical	7.0	6.1
Dynamics 365 Field Service (online) Spoofing Vulnerability
CVE-2025-62210	No	No	-	-	Important	8.7	7.6
CVE-2025-62211	No	No	-	-	Important	8.7	7.6
GDI+ Remote Code Execution Vulnerability
CVE-2025-60724	No	No	-	-	Critical	9.8	8.5
GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
CVE-2025-62453	No	No	-	-	Important	5.0	4.4
Host Process for Windows Tasks Elevation of Privilege Vulnerability
CVE-2025-60710	No	No	-	-	Important	7.8	6.8
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
CVE-2025-64432	No	No	-	-	Moderate	4.7	4.5
KubeVirt Arbitrary Container File Read
CVE-2025-64433	No	No	-	-	Moderate	6.5	6.2
KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes
CVE-2025-64436	No	No	-	-	Moderate
KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing
CVE-2025-64434	No	No	-	-	Moderate	4.7	4.5
KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes
CVE-2025-64437	No	No	-	-	Moderate	5.0	4.7
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
CVE-2025-64435	No	No	-	-	Moderate	5.3	5.0
Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2
CVE-2025-12863	No	No	-	-	Important	7.5	7.1
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2025-62206	No	No	-	-	Important	6.5	5.7
Microsoft Excel Information Disclosure Vulnerability
CVE-2025-60726	No	No	-	-	Important	7.1	6.2
CVE-2025-60728	No	No	-	-	Important	4.3	3.8
CVE-2025-59240	No	No	-	-	Important	5.5	4.8
CVE-2025-62202	No	No	-	-	Important	7.1	6.2
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-60727	No	No	-	-	Important	7.8	6.8
CVE-2025-62200	No	No	-	-	Important	7.8	6.8
CVE-2025-62201	No	No	-	-	Important	7.8	6.8
CVE-2025-62203	No	No	-	-	Important	7.8	6.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62199	No	No	-	-	Critical	7.8	6.8
CVE-2025-62216	No	No	-	-	Important	7.8	6.8
CVE-2025-62205	No	No	-	-	Important	7.8	6.8
Microsoft OneDrive for Android Elevation of Privilege Vulnerability
CVE-2025-60722	No	No	-	-	Important	6.5	5.7
Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-59499	No	No	-	-	Important	8.8	7.7
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-62204	No	No	-	-	Important	8.0	7.0
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
CVE-2025-59514	No	No	-	-	Important	7.8	6.8
Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability
CVE-2025-62449	No	No	-	-	Important	6.8	5.9
Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
CVE-2025-62218	No	No	-	-	Important	7.0	6.1
CVE-2025-62219	No	No	-	-	Important	7.0	6.1
Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability
CVE-2025-60707	No	No	-	-	Important	7.8	6.8
Nuance PowerScribe 360 Information Disclosure Vulnerability
CVE-2025-30398	No	No	-	-	Critical	8.1	7.1
Storvsp.sys Driver Denial of Service Vulnerability
CVE-2025-60708	No	No	-	-	Important	6.5	5.7
Visual Studio Remote Code Execution Vulnerability
CVE-2025-62214	No	No	-	-	Critical	6.7	5.8
Windows Administrator Protection Elevation of Privilege Vulnerability
CVE-2025-60718	No	No	-	-	Important	7.8	6.8
CVE-2025-60721	No	No	-	-	Important	7.8	6.9
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-60719	No	No	-	-	Important	7.0	6.1
CVE-2025-62217	No	No	-	-	Important	7.0	6.1
CVE-2025-62213	No	No	-	-	Important	7.0	6.1
Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability
CVE-2025-59513	No	No	-	-	Important	5.5	4.8
Windows Broadcast DVR User Service Elevation of Privilege Vulnerability
CVE-2025-59515	No	No	-	-	Important	7.0	6.1
CVE-2025-60717	No	No	-	-	Important	7.0	6.1
Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2025-60705	No	No	-	-	Important	7.8	6.8
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-60709	No	No	-	-	Important	7.8	6.8
Windows Hyper-V Information Disclosure Vulnerability
CVE-2025-60706	No	No	-	-	Important	5.5	4.8
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2025-60704	No	No	-	-	Important	7.5	6.5
Windows Kernel Elevation of Privilege Vulnerability
CVE-2025-62215	No	Yes	-	-	Important	7.0	6.5
Windows License Manager Information Disclosure Vulnerability
CVE-2025-62208	No	No	-	-	Important	5.5	4.8
CVE-2025-62209	No	No	-	-	Important	5.5	4.8
Windows OLE Remote Code Execution Vulnerability
CVE-2025-60714	No	No	-	-	Important	7.8	6.8
Windows Remote Desktop Services Elevation of Privilege Vulnerability
CVE-2025-60703	No	No	-	-	Important	7.8	6.8
Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability
CVE-2025-59510	No	No	-	-	Important	5.5	4.8
Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
CVE-2025-60713	No	No	-	-	Important	7.8	6.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-62452	No	No	-	-	Important	8.0	7.0
CVE-2025-60715	No	No	-	-	Important	8.0	7.0
Windows Smart Card Reader Elevation of Privilege Vulnerability
CVE-2025-59505	No	No	-	-	Important	7.8	6.8
Windows Speech Recognition Elevation of Privilege Vulnerability
CVE-2025-59508	No	No	-	-	Important	7.0	6.1
Windows Speech Recognition Information Disclosure Vulnerability
CVE-2025-59509	No	No	-	-	Important	5.5	4.8
Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2025-59507	No	No	-	-	Important	7.0	6.1
Windows Subsystem for Linux GUI Remote Code Execution Vulnerability
CVE-2025-62220	No	No	-	-	Important	8.8	7.7
Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability
CVE-2025-60720	No	No	-	-	Important	7.8	6.8
Windows WLAN Service Elevation of Privilege Vulnerability
CVE-2025-59511	No	No	-	-	Important	7.8	6.8
can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled
CVE-2025-40107	No	No	-	-	Moderate	5.5	5.5
container escape due to /dev/console mount and related races
CVE-2025-52565	No	No	-	-	Important
containerd CRI server: Host memory exhaustion through Attach goroutine leak
CVE-2025-64329	No	No	-	-	Moderate
containerd affected by a local privilege escalation via wide permissions on CRI directory
CVE-2024-25621	No	No	-	-	Important	7.3	7.3
crypto: rng - Ensure set_ent is always present
CVE-2025-40109	No	No	-	-	Moderate	4.2	4.2
missing SFTP host verification with wolfSSH
CVE-2025-10966	No	No	-	-	Moderate	6.8	6.8
mruby array.c ary_fill_exec out-of-bounds write
CVE-2025-12875	No	No	-	-	Moderate	5.3	4.8
runc container escape via "masked path" abuse due to mount race conditions
CVE-2025-31133	No	No	-	-	Important
runc: LSM labels can be bypassed with malicious config using dummy procfs files
CVE-2025-52881	No	No	-	-	Important

--
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

Keywords: microsoft patch Tuesday

1 comment(s)

ISC Stormcast For Tuesday, November 11th, 2025 https://isc.sans.edu/podcastdetail/9694

Internet Storm Center

Microsoft Patch Tuesday for November 2025

Comments