Today’s Patch Tuesday Alert addresses Microsoft’s November 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.
In-The-Wild & Disclosed CVEs
This privilege escalation vulnerability in the Windows Kernel has been rated by Microsoft as Important. Successful exploitation of this vulnerability will give the attacker SYSTEM privileges. Microsoft has reported this vulnerability as Exploitation Detected.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted
| Tag | CVE Count | CVEs |
| Azure Monitor Agent | 1 | CVE-2025-59504 |
| Windows Smart Card | 1 | CVE-2025-59505 |
| Windows DirectX | 3 | CVE-2025-59506, CVE-2025-60716, CVE-2025-60723 |
| Windows Speech | 3 | CVE-2025-59507, CVE-2025-59508, CVE-2025-59509 |
| Windows Routing and Remote Access Service (RRAS) | 4 | CVE-2025-59510, CVE-2025-62452, CVE-2025-60713, CVE-2025-60715 |
| Windows WLAN Service | 1 | CVE-2025-59511 |
| Customer Experience Improvement Program (CEIP) | 1 | CVE-2025-59512 |
| Windows Bluetooth RFCOM Protocol Driver | 1 | CVE-2025-59513 |
| Windows Remote Desktop | 1 | CVE-2025-60703 |
| Windows Kerberos | 1 | CVE-2025-60704 |
| Windows Client-Side Caching (CSC) Service | 1 | CVE-2025-60705 |
| Role: Windows Hyper-V | 1 | CVE-2025-60706 |
| Multimedia Class Scheduler Service (MMCSS) | 1 | CVE-2025-60707 |
| Storvsp.sys Driver | 1 | CVE-2025-60708 |
| Windows Common Log File System Driver | 1 | CVE-2025-60709 |
| Host Process for Windows Tasks | 1 | CVE-2025-60710 |
| Microsoft Office Excel | 8 | CVE-2025-60726, CVE-2025-60727, CVE-2025-60728, CVE-2025-59240, CVE-2025-62200, CVE-2025-62201, CVE-2025-62202, CVE-2025-62203 |
| Microsoft Office | 2 | CVE-2025-62199, CVE-2025-62216 |
| Microsoft Dynamics 365 (on-premises) | 1 | CVE-2025-62206 |
| Dynamics 365 Field Service (online) | 2 | CVE-2025-62210, CVE-2025-62211 |
| Windows Ancillary Function Driver for WinSock | 3 | CVE-2025-60719, CVE-2025-62217, CVE-2025-62213 |
| OneDrive for Android | 1 | CVE-2025-60722 |
| Microsoft Wireless Provisioning System | 2 | CVE-2025-62218, CVE-2025-62219 |
| Windows Subsystem for Linux GUI | 1 | CVE-2025-62220 |
| Microsoft Edge (Chromium-based) | 5 | CVE-2025-12729, CVE-2025-12726, CVE-2025-12727, CVE-2025-12728, CVE-2025-12725 |
| Microsoft Configuration Manager | 1 | CVE-2025-47179 |
| Microsoft Streaming Service | 1 | CVE-2025-59514 |
| Windows Broadcast DVR User Service | 2 | CVE-2025-59515, CVE-2025-60717 |
| Windows OLE | 1 | CVE-2025-60714 |
| Windows Administrator Protection | 2 | CVE-2025-60718, CVE-2025-60721 |
| Windows TDX.sys | 1 | CVE-2025-60720 |
| Microsoft Graphics Component | 1 | CVE-2025-60724 |
| Microsoft Office SharePoint | 1 | CVE-2025-62204 |
| Microsoft Office Word | 1 | CVE-2025-62205 |
| Windows License Manager | 2 | CVE-2025-62208, CVE-2025-62209 |
| SQL Server | 1 | CVE-2025-59499 |
| Visual Studio | 1 | CVE-2025-62214 |
| Windows Kernel | 1 | CVE-2025-62215 |
| Visual Studio Code CoPilot Chat Extension | 2 | CVE-2025-62222, CVE-2025-62449 |
| GitHub Copilot and Visual Studio Code | 1 | CVE-2025-62453 |
| Nuance PowerScribe | 1 | CVE-2025-30398 |
Other Information
At the time of publication, there were no new advisories included with the November Security Guidance.
