Microsoft’s November 2025 Patch Tuesday update addresses 63 security vulnerabilities, including a critical remote code execution flaw and an actively exploited Windows kernel zero-day that could allow attackers to gain SYSTEM privileges.
The cumulative update, KB5068861, is now available for Windows 11 versions 25H2 and 24H2 and includes additional quality improvements and fixes from October’s optional preview release.
The most significant issue resolved in this cycle is CVE-2025-62215, a Windows Kernel vulnerability that has already been exploited in the wild. Discovered internally by Microsoft’s researchers, this flaw stems from a race condition caused by improper synchronization of shared resources and a double-free vulnerability. It allows local attackers with low privileges to elevate their access to SYSTEM, the highest level of privilege on Windows systems. Although exploitation requires winning a race condition, making it more technically complex, Microsoft has confirmed that attacks using this vector have already been detected in real-world environments.
The update also patches CVE-2025-60724, the only vulnerability this month rated as critical. Found in the Microsoft Graphics Component (GDI+), this heap-based buffer overflow can enable remote code execution without any user interaction or privileges. The flaw could be exploited via specially crafted metafiles uploaded to web services, making it particularly dangerous in environments where document parsing happens automatically.
Microsoft also flagged five other vulnerabilities as “more likely to be exploited” in attacks:
- CVE-2025-59512: A privilege escalation issue in the Customer Experience Improvement Program (CEIP)
- CVE-2025-60705: Local privilege escalation in the Client-Side Caching (CSC) Service
- CVE-2025-60719 and CVE-2025-62213: Two separate elevation-of-privilege flaws in the Ancillary Function Driver for WinSock
- CVE-2025-60723: A denial-of-service vulnerability in DirectX
Beyond security, KB5068861 delivers several reliability and usability fixes across key system components. Notable changes include:
- Resolved power management issues in handheld gaming devices and improved gamepad responsiveness during login.
- Addressed a bug causing Storage Spaces or Storage Spaces Direct to become inaccessible or fail during cluster creation.
- Fixed an issue where Task Manager could linger in memory even after closure, potentially degrading system performance.
- Corrected a failure during initial setup when no microphone is detected.
- Brought the HTTP request parser in line with RFC 9112 by enforcing strict CRLF handling for chunked extensions.
Microsoft states that there are currently no known issues affecting this update. To install the latest Windows update, open Settings > Windows Update, then click ‘Check for updates’ and select ‘Install all’ to begin the process.
After all packages have been installed, a system reboot will be required for the updates to apply. It’s advisable to take backups of your most important data to prevent loss in the event of failure.
Microsoft announced that, due to the upcoming Western holiday season, it will not publish a non-security preview update in December 2025. However, the regular Patch Tuesday security release will still occur.
Leave a Reply