Microsoft Patches 63 Security Flaws in November Update—One Zero-Day
By: Jim Stickley and Tina Davis
November 23, 2025
It’s the second Tuesday of the month. That means that Microsoft released its November Patch Tuesday security update addressing a whopping 63 vulnerabilities across its product ecosystem. While it may seem like a lot, it actually marks a significantly lighter load than previous months. Four vulnerabilities are rated Critical while 59 are rated. The lot affects Windows (including Windows 11), Office, Azure, SQL Server, Hyper-V, and other core components.
The most alarming of them in the release is CVE-2025-62215, an actively exploited Windows Kernel elevation of privilege vulnerability that allows local attackers to gain system-level access through a race condition flaw. That sounds scary, and it is. If exploited, this could result in data corruption or provide unauthorized access to your PC. It’s particularly dangerous because attackers often pair it with code execution bugs to completely take over systems.
Another critical threat is CVE-2025-62199, a use-after-free flaw in Microsoft Office that enables code execution when users open malicious files using the Preview Pane. This means simply scrolling through Outlook emails could trigger an attack without any user interaction beyond viewing the email message.
The updates cover vulnerabilities ranging from elevation of privilege flaws to remote code execution risks across SQL Server, Windows Hyper-V, Visual Studio, Windows Kernel, and numerous other components. Remember that support for Windows 10 ceased in October. So, unless you have the extended support plan, your operating system will not be updated to protect against any issues in this patch update.
Everyone who uses Microsoft products should prioritize applying these patches. The time it takes now can save you far more of your time later, should an attacker find your unpatched system.
SUBSCRIBE TO WEEKLY NEWSLETTER
URGENT!! Time To Patch Your Windows PCs