Microsoft’s November 2025 Patch Tuesday was today, and it contains security patches for 63 vulnerabilities, including a zero-day vulnerability that is already being actively exploited.
Four “Critical” vulnerabilities are also fixed in this Patch Tuesday: two are remote code execution vulnerabilities, one is a privilege escalation, and the fourth is an information disclosure vulnerability.
The following list shows how many flaws there are in each vulnerability category:
29 Elevation of Privilege Vulnerabilities
16 Remote Code Execution Vulnerabilities
11 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
2 Security Feature Bypass Vulnerabilities
2 Spoofing Vulnerabilities
BleepingComputer exclusively counts the security upgrades that Microsoft published today when reporting on Patch Tuesday. Consequently, Microsoft Edge and Mariner vulnerabilities that were resolved earlier this month are not included in the total number of issues.
It is highly recommended that you upgrade to Windows 11 or sign up for the ESU program if you are still using the unsupported operating system, as today is also the first extended security update (ESU) for Windows 10.
Microsoft released an out-of-band update today to address a fault that blocks enrolments for those who are experiencing problems with the program.
Check out our specialised articles on the Windows 10 KB5068781 extended security update and the Windows 11 KB5066835 and KB5066793 updates to find out more about the non-security updates that were issued today.
The zero-days that was exploited is a Microsoft vulnerability with a fix in the Windows kernel that was used to obtain SYSTEM privileges on Windows PCs.
“Concurrent execution using shared resource with improper synchronisation (‘race condition’) in Windows Kernel allows an authorised attacker to elevate privileges locally,” states Microsoft.
According to Microsoft, the vulnerability requires an attacker to prevail in a race scenario before granting them system privileges.
Microsoft has blamed the Microsoft Security Response Centre (MSRC) and Microsoft Threat Intelligence Centre (MSTIC) for the vulnerability, although they haven’t disclosed how it was exploited.
For this month’s Patch Security Updates, here is the link to access the full description of each vulnerability and the systems it affects and also to
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
