Microsoft has released its latest Patch Tuesday update, addressing 63 security vulnerabilities across its products. Among them is a Windows Kernel zero-day flaw that attackers are actively exploiting, making it one of the most critical fixes of this month.
Out of the 63 flaws fixed in this update, four are rated Critical and 59 are rated Important in severity. Here’s how they are categorized:
29 privilege escalation bugs
16 remote code execution (RCE) flaws
11 information disclosure vulnerabilities
3 denial-of-service (DoS) issues
2 security feature bypass bugs
2 spoofing vulnerabilities
In addition, Microsoft also patched 27 vulnerabilities in its Chromium-based Edge browser, which were discovered since the October 2025 Patch Tuesday update.
The most alarming fix this month is CVE-2025-62215, a privilege escalation vulnerability in the Windows Kernel that carries a CVSS score of 7.0. This flaw is already being exploited in real-world attacks.
The issue was discovered by the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC). According to Microsoft, the problem is caused by a race condition—a situation where multiple processes access a shared system resource without proper synchronization.
If exploited, this flaw could allow an attacker with local access to gain SYSTEM-level privileges, effectively taking full control of the affected machine.
Ben McCarthy, Lead Cybersecurity Engineer at Immersive, explained how the attack works:
“An attacker with low-privilege access can run a specially crafted application that triggers the race condition repeatedly. By confusing the system’s memory management, it may free the same memory block twice, corrupting the kernel heap and allowing the attacker to hijack the system’s execution flow.”
While details of active exploitation remain unclear, researchers believe the vulnerability is likely used as part of post-exploitation activity, meaning attackers already have some level of access through methods such as phishing or social engineering.
Mike Walters, President and Co-founder of Action1, noted:
“When combined with other vulnerabilities, this kernel flaw becomes dangerous. For instance, a remote code execution bug could be chained with it to escalate privileges to SYSTEM level, enabling lateral movement and credential dumping across the network.”
Apart from the zero-day, Microsoft patched several other serious issues:
CVE-2025-60724 (CVSS 9.8) – A heap-based buffer overflow in the Microsoft Graphics Component that can lead to remote code execution.
CVE-2025-62220 (CVSS 8.8) – Another buffer overflow found in the Windows Subsystem for Linux (WSL) GUI, also enabling remote code execution.
CVE-2025-60704 (CVSS 7.5) – A privilege escalation vulnerability in Windows Kerberos, codenamed “CheckSum” by researchers at Silverfort.
The Kerberos flaw occurs due to a missing cryptographic verification step that allows attackers to impersonate legitimate users by launching adversary-in-the-middle (AitM) attacks.
Microsoft explained:
“An attacker must inject themselves into the network path between a user and a resource, waiting for the victim to initiate a connection.”
Researchers Eliran Partush and Dor Segal from Silverfort discovered this vulnerability, describing it as a Kerberos constrained delegation flaw that could allow an attacker to take over an entire domain.
The Kerberos vulnerability poses a major threat to organizations using Active Directory with Kerberos delegation enabled. Attackers who gain initial access using stolen credentials could move laterally, impersonate any user, and elevate privileges to domain administrator.
Silverfort warned:
“Any organization using Active Directory with Kerberos delegation turned on is at risk. Once an attacker has access, they can impersonate users and control the entire environment.
Microsoft isn’t the only company rolling out patches this month. Several major vendors have also released updates to fix critical vulnerabilities. These include:
Adobe, Amazon Web Services, AMD, Apple, ASUS, Atlassian, Bitdefender, Broadcom (VMware), Cisco, Citrix, Dell, Fortinet, GitLab, Google (Android, Chrome, Cloud), HP, IBM, Intel, Ivanti, Lenovo, Mozilla Firefox, NVIDIA, Oracle, Palo Alto Networks, SAP, Schneider Electric, Siemens, SonicWall, Splunk, Synology, TP-Link, WatchGuard, Zoom, and various Linux distributions such as Ubuntu, Debian, Red Hat, and SUSE.
This large-scale patch release highlights the continued wave of zero-day attacks and privilege escalation threats targeting enterprise environments.
Security experts strongly advise all users and enterprises to:
Apply Microsoft’s November 2025 patches immediately
Update all third-party software from other affected vendors
Monitor systems for suspicious privilege escalations
Harden user access policies and limit administrative privileges
With attackers actively exploiting kernel-level flaws, delaying updates could expose organizations to serious breaches and ransomware infections.
Interesting Article : CVE-2025-12480, Triofox Users Warned of Active Exploits
Pingback: Silent Fortinet FortiWeb Zero-Day Used to Add Rogue Admins