464/68 Thursday, November 13, 2025
Microsoft has issued its monthly Patch Tuesday security update, addressing more than 60 vulnerabilities across the company’s products – including a Zero-Day vulnerability actively exploited in the wild on Windows systems. The Zero-Day, CVE-2025-62215, is a Privilege Escalation flaw rated Important, allowing attackers to elevate their privileges to the highest level on a targeted Windows device. The exploit relies on a race condition, enabling a malicious command to execute before a higher-privileged command, thus granting elevated access.
Microsoft stated that the vulnerability was discovered by the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC), confirming that it has been used in real-world attacks, though further details have not yet been disclosed. In addition to the Zero-Day fix, Microsoft has patched four Critical vulnerabilities affecting Windows, Office, Visual Studio, and Nuance PowerScribe 360. Other important fixes cover key products such as Azure Monitor Agent, Configuration Manager, Dynamics 365, OneDrive, SharePoint, and Edge.
This month’s release includes more than 30 elevation-of-privilege vulnerabilities and 22 remote code execution (RCE) flaws. Several other issues could enable spoofing, denial-of-service (DoS), and information disclosure attacks.
Microsoft urges all users and system administrators to apply the latest security patches immediately to protect against attacks exploiting these newly disclosed vulnerabilities.
Source https://www.securityweek.com/microsoft-patches-actively-exploited-windows-kernel-zero-day/
