Microsoft Fixes 7 High-Risk CVEs Including Zero-Day and Zero-Click Bugs

Microsoft’s November 2025 Patch Tuesday Updates fix 1 actively exploited zero-day, 5 marked as more likely to be exploited, and 1 critical zero-click remote code execution flaw. Security teams are urged to patch immediately due to the severity of some bugs that could enable admin-level privilege escalation, unauthenticated code execution, or cross-platform attacks (Windows/Linux environments).

Severity: Critical

Zero-Day & Zero-Click Bugs

1. CVE-2025-62215
   • Name: Windows Kernel Elevation of Privilege Vulnerability
   • CVSS Score: 7.0
   • Details: Actively Exploited Zero-Day – Local attack that requires Low Privileges but No User Interaction. Caused by a Race Condition (CWE-362) & Double Free (CWE-415).
2. CVE-2025-60724
   • Name: GDI+ Remote Code Execution Vulnerability
   • CVSS Score: 9.8
   • Details: A flaw in the GDI+ Windows graphics component. Caused by Heap-based Buffer Overflow (CWE-122) allows an unauthorized attacker to achieve RCE over a Network. No privileges and no user interaction are required (making it a “zero-click” vulnerability).

High-Priority Elevation Of Privilege Flaws

The following three flaws were highlighted for needing prompt attention because they all affect the Windows Ancillary Function Driver of WinSock, have a CVSS score of 7.0, and allow for local privilege escalation requiring low privileges but no user interaction to exploit: CVE-2025-60719, CVE-2025-62213, and CVE-2025-62217.

Other Notable Vulnerabilities

1. CVE-2025-62220
   • Name: RCE in WSL GUI via Malicious RDP Plugin
   • CVSS Score: 8.8
   • Details: A heap-based buffer overflow in msrdc.exe allows RCE if a user opens a malicious RDP file with a crafted plugin. The flaw bridges Windows and Linux environments, enabling attackers to execute code under user context or escalate privileges.
2. CVE-2025-60704 (nicknamed “CheckSum”)
   • Name: Windows Kerberos Elevation of Privilege Vulnerability.
   • CVSS Score: 7.5
   • Details: The flaw involves a missing cryptographic step (CWE-325) in Windows Kerberos. The vulnerability allows an unauthorized attacker to insert themselves into the delegation path, effectively impersonating a user, and potentially a more privileged one, to access sensitive resources.

Recommendations

1. Apply patches for all 7 CVEs urgently; prioritize CVE-2025-62215, 60724, 60704.
2. Look out for msrdc.exe crashes (access violations), unexpected DLL loads or child processes spawned by msrdc.exe, and new network connections to unknown RDP servers.
3. Enforce least-privilege access so users have only the permissions required for their roles.
4. Train employees on recognizing phishing attempts & warn against unverified downloads.

Source:

• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62215
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60724
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60704
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60719
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62213
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62217
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62220
• https://www.silverfort.com/blog/you-win-some-you-checksum-kerberos-delegation-vulnerability-cve-2025-60704/
• https://www.automox.com/blog/patch-tuesday-november-2025
• https://www.darkreading.com/vulnerabilities-threats/patch-now-microsoft-zero-day-critical-zero-click-bugs

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.