Microsoft’s November 2025 Patch Tuesday Updates fix 1 actively exploited zero-day, 5 marked as more likely to be exploited, and 1 critical zero-click remote code execution flaw. Security teams are urged to patch immediately due to the severity of some bugs that could enable admin-level privilege escalation, unauthenticated code execution, or cross-platform attacks (Windows/Linux environments).
Severity: Critical
Zero-Day & Zero-Click Bugs
- CVE-2025-62215
• Name: Windows Kernel Elevation of Privilege Vulnerability
• CVSS Score: 7.0
• Details: Actively Exploited Zero-Day – Local attack that requires Low Privileges but No User Interaction. Caused by a Race Condition (CWE-362) & Double Free (CWE-415). - CVE-2025-60724
• Name: GDI+ Remote Code Execution Vulnerability
• CVSS Score: 9.8
• Details: A flaw in the GDI+ Windows graphics component. Caused by Heap-based Buffer Overflow (CWE-122) allows an unauthorized attacker to achieve RCE over a Network. No privileges and no user interaction are required (making it a “zero-click” vulnerability).
High-Priority Elevation Of Privilege Flaws
The following three flaws were highlighted for needing prompt attention because they all affect the Windows Ancillary Function Driver of WinSock, have a CVSS score of 7.0, and allow for local privilege escalation requiring low privileges but no user interaction to exploit: CVE-2025-60719, CVE-2025-62213, and CVE-2025-62217.
Other Notable Vulnerabilities
- CVE-2025-62220
• Name: RCE in WSL GUI via Malicious RDP Plugin
• CVSS Score: 8.8
• Details: A heap-based buffer overflow in msrdc.exe allows RCE if a user opens a malicious RDP file with a crafted plugin. The flaw bridges Windows and Linux environments, enabling attackers to execute code under user context or escalate privileges. - CVE-2025-60704 (nicknamed “CheckSum”)
• Name: Windows Kerberos Elevation of Privilege Vulnerability.
• CVSS Score: 7.5
• Details: The flaw involves a missing cryptographic step (CWE-325) in Windows Kerberos. The vulnerability allows an unauthorized attacker to insert themselves into the delegation path, effectively impersonating a user, and potentially a more privileged one, to access sensitive resources.
Recommendations
- Apply patches for all 7 CVEs urgently; prioritize CVE-2025-62215, 60724, 60704.
- Look out for msrdc.exe crashes (access violations), unexpected DLL loads or child processes spawned by msrdc.exe, and new network connections to unknown RDP servers.
- Enforce least-privilege access so users have only the permissions required for their roles.
- Train employees on recognizing phishing attempts & warn against unverified downloads.
Source:
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62215
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60724
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60704
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60719
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62213
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62217
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62220
- https://www.silverfort.com/blog/you-win-some-you-checksum-kerberos-delegation-vulnerability-cve-2025-60704/
- https://www.automox.com/blog/patch-tuesday-november-2025
- https://www.darkreading.com/vulnerabilities-threats/patch-now-microsoft-zero-day-critical-zero-click-bugs
Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn
No related posts found.