Windows Kernel, Office, CoPilot, and WSL. Microsoft Patches 63 Holes Across All Its Products
The most critical threat became known too late.
During November's Patch Tuesday, Microsoft addressed 63 vulnerabilities, including one critical zero-day flaw that was already being exploited in attacks. This time, the fixes impacted a wide range of Windows components and Microsoft products, from the operating system kernel to the Office suite and cloud solutions.
According to the company, the most dangerous issue affected the Windows Kernel and allowed for the elevation of privileges through a race condition—it was assigned the identifier CVE-2025-62215. The flaw allowed for local privilege escalation by exploiting improper synchronization when sharing resources. The source of information about its exploitation was Microsoft's internal cyber threat intelligence team.
Among the other vulnerabilities, 29 are related to privilege escalation, 16 allow for remote code execution, 11 enable access to sensitive information, 3 cause system failures, 2 bypass security mechanisms, and another 2 concern data spoofing. Four of the discovered vulnerabilities were rated as "Critical," particularly due to the possibility of remote arbitrary code execution.
The updates affect both modern and legacy versions of Windows. For the first time under its Extended Security Update program, Windows 10 received updates—Microsoft also released an out-of-band fix for an error preventing registration in the ESU program for users of this OS. In addition to the security patches, the corporation also released updates KB5066835 and KB5066793 for Windows 11, and build KB5068781 for Windows 10.
Other vendors released updates in parallel with Microsoft. Adobe patched vulnerabilities in products like InDesign, Illustrator, Photoshop, and others. Cisco addressed flaws in a number of its solutions, including ASA and identity services, and also warned about a new wave of attacks exploiting old vulnerabilities.
A critical remote code execution bug was fixed in the expr-eval library for JavaScript. Fortinet released an update for FortiOS that resolves a privilege escalation issue. Google's November bulletin for Android addressed two vulnerabilities. Furthermore, Ivanti, SAP, Samsung, and QNAP released their monthly updates in sync with Microsoft. Notably, QNAP patched seven zero-day vulnerabilities demonstrated at the Pwn2Own Ireland 2025 hacking competition.
This month, vulnerabilities in Microsoft Office products, including Excel and Word, deserve special attention. These fixes address both information disclosure flaws and bugs that allow malicious code to execute when opening documents. Vulnerabilities were also identified in Windows Kerberos, DirectX components, Bluetooth and Wi-Fi drivers, Remote Desktop, and the Windows Subsystem for Linux GUI. Some issues affected Visual Studio and CoPilot extensions, highlighting the vulnerability of developer tools.
The complete list of patched vulnerabilities is available in Microsoft's official documentation. Given the active exploitation of some of them, it is highly recommended not to delay updating systems to the latest versions.
