Microsoft Patch Tuesday – November 2025
Contents
⚡ TL;DR | Go Straight to the November 2025 Patch Tuesday Audit Report
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The November 2025 edition of Patch Tuesday brings us 70 new fixes, with 2 rated as critical, 1 of which are actively exploited. We’ve listed the most important changes below.
Windows Kernel Elevation of Privilege Vulnerability
The only exploited vulnerability this month is CVE-2025-62215, a race condition in the Windows Kernel, caused by improper synchronization when accessing shared resources, could allow a local authorized attacker to gain elevated privileges.
Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62199 a use-after-free vulnerability in Microsoft Office could enable an attacker to execute arbitrary code locally without authorization. While the flaw exists, Microsoft assesses exploitation as less likely, and there have been no reports of active exploitation or public disclosure at the time of publication.
Although the CVE title refers to remote code execution, this description reflects the attacker’s location rather than the attack method, the actual exploit occurs locally, requiring code to be executed on the target machine. To take advantage of the flaw, an attacker would need to trick a user into opening a specially crafted malicious file, which could also be triggered through the Preview Pane feature.
GDI+ Remote Code Execution Vulnerability
CVE-2025-60724 ,a heap-based buffer overflow in the Microsoft Graphics Component could allow an attacker to execute code remotely over a network. Microsoft rates exploitation as less likely. The flaw can be triggered by a specially crafted metafile delivered inside a document, for example by convincing a user to download and open the file, and in a worst-case scenario can be abused on web services that parse uploaded documents to achieve remote code execution or information disclosure without any user interaction or privileges. The Preview Pane is not an attack vector for this vulnerability.
Run the Patch Tuesday November 2025 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday November 2025 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2025-62453 | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability |
| CVE-2025-62452 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-62449 | Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability |
| CVE-2025-62222 | Agentic AI and Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2025-62220 | Windows Subsystem for Linux GUI Remote Code Execution Vulnerability |
| CVE-2025-62219 | Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability |
| CVE-2025-62218 | Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability |
| CVE-2025-62217 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-62216 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-62215 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-62214 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2025-62213 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-62211 | Dynamics 365 Field Service (online) Spoofing Vulnerability |
| CVE-2025-62210 | Dynamics 365 Field Service (online) Spoofing Vulnerability |
| CVE-2025-62209 | Windows License Manager Information Disclosure Vulnerability |
| CVE-2025-62208 | Windows License Manager Information Disclosure Vulnerability |
| CVE-2025-62206 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability |
| CVE-2025-62205 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-62204 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2025-62203 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-62202 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2025-62201 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-62200 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-62199 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-60753 | An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash). |
| CVE-2025-60728 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2025-60727 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-60726 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2025-60724 | GDI+ Remote Code Execution Vulnerability |
| CVE-2025-60723 | DirectX Graphics Kernel Denial of Service Vulnerability |
| CVE-2025-60722 | Microsoft OneDrive for Android Elevation of Privilege Vulnerability |
| CVE-2025-60721 | Windows Administrator Protection Elevation of Privilege Vulnerability |
| CVE-2025-60720 | Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability |
| CVE-2025-60719 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-60718 | Windows Administrator Protection Elevation of Privilege Vulnerability |
| CVE-2025-60717 | Windows Broadcast DVR User Service Elevation of Privilege Vulnerability |
| CVE-2025-60716 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| CVE-2025-60715 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-60714 | Windows OLE Remote Code Execution Vulnerability |
| CVE-2025-60713 | Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability |
| CVE-2025-60710 | Host Process for Windows Tasks Elevation of Privilege Vulnerability |
| CVE-2025-60709 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2025-60708 | Storvsp.sys Driver Denial of Service Vulnerability |
| CVE-2025-60707 | Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability |
| CVE-2025-60706 | Windows Hyper-V Information Disclosure Vulnerability |
| CVE-2025-60705 | Windows Client-Side Caching Elevation of Privilege Vulnerability |
| CVE-2025-60704 | Windows Kerberos Elevation of Privilege Vulnerability |
| CVE-2025-60703 | Windows Remote Desktop Services Elevation of Privilege Vulnerability |
| CVE-2025-59515 | Windows Broadcast DVR User Service Elevation of Privilege Vulnerability |
| CVE-2025-59514 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability |
| CVE-2025-59513 | Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability |
| CVE-2025-59512 | Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability |
| CVE-2025-59511 | Windows WLAN Service Elevation of Privilege Vulnerability |
| CVE-2025-59510 | Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability |
| CVE-2025-59509 | Windows Speech Recognition Information Disclosure Vulnerability |
| CVE-2025-59508 | Windows Speech Recognition Elevation of Privilege Vulnerability |
| CVE-2025-59507 | Windows Speech Runtime Elevation of Privilege Vulnerability |
| CVE-2025-59506 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| CVE-2025-59505 | Windows Smart Card Reader Elevation of Privilege Vulnerability |
| CVE-2025-59504 | Azure Monitor Agent Remote Code Execution Vulnerability |
| CVE-2025-59499 | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2025-59240 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2025-47179 | Configuration Manager Elevation of Privilege Vulnerability |
| CVE-2025-30398 | Nuance PowerScribe 360 Information Disclosure Vulnerability |
| CVE-2025-12875 | mruby array.c ary_fill_exec out-of-bounds write |
| CVE-2025-12863 | Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2 |
| CVE-2025-12729 | Chromium: CVE-2025-12729 Inappropriate implementation in Omnibox |
| CVE-2025-12728 | Chromium: CVE-2025-12728 Inappropriate implementation in Omnibox |
| CVE-2025-12727 | Chromium: CVE-2025-12727 Inappropriate implementation in V8 |
| CVE-2025-12725 | Chromium: CVE-2025-12725 Out of bounds write in WebGPU |
Ready to get started?
You’ll be up and running in no time.
Explore all our features, free for 14 days.