2025-11-11 18:46:8 Author: www.tenable.com(查看原文) 阅读量:8 收藏
November 11, 2025
4 Min Read
- 5Critical
- 58Important
- 0Moderate
- 0Low
Microsoft addresses 63 CVEs including one zero-day vulnerability which was exploited in the wild.
Microsoft patched 63 CVEs in its November 2025 Patch Tuesday release, with five rated critical, and 58 rated as important.
This month’s update includes patches for:
- Azure Monitor Agent
- Customer Experience Improvement Program (CEIP)
- Dynamics 365 Field Service (online)
- GitHub Copilot and Visual Studio Code
- Host Process for Windows Tasks
- Microsoft Configuration Manager
- Microsoft Dynamics 365 (on-premises)
- Microsoft Graphics Component
- Microsoft Office
- Microsoft Office Excel
- Microsoft Office SharePoint
- Microsoft Office Word
- Microsoft Streaming Service
- Microsoft Wireless Provisioning System
- Multimedia Class Scheduler Service (MMCSS)
- Nuance PowerScribe
- OneDrive for Android
- Role: Windows Hyper-V
- SQL Server
- Storvsp.sys Driver
- Visual Studio
- Visual Studio Code CoPilot Chat Extension
- Windows Administrator Protection
- Windows Ancillary Function Driver for WinSock
- Windows Bluetooth RFCOM Protocol Driver
- Windows Broadcast DVR User Service
- Windows Client-Side Caching (CSC) Service
- Windows Common Log File System Driver
- Windows DirectX
- Windows Kerberos
- Windows Kernel
- Windows License Manager
- Windows OLE
- Windows Remote Desktop
- Windows Routing and Remote Access Service (RRAS)
- Windows Smart Card
- Windows Speech
- Windows Subsystem for Linux GUI
- Windows TDX.sys
- Windows WLAN Service
Elevation of privilege (EoP) vulnerabilities accounted for 46% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 25.4%.
CVE-2025-62215 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2025-62215 is an EoP vulnerability in the Windows Kernel. It was assigned a CVSSv3 score of 7.0 and rated important. A local, authenticated attacker could exploit this vulnerability by winning a race condition in order to gain SYSTEM privileges. According to Microsoft, this vulnerability was exploited in the wild as a zero-day.
Including CVE-2025-62215, there have been 11 EoP vulnerabilities patched in the Windows Kernel in 2025, with five of these included in the October 2025 Patch Tuesday release.
CVE-2025-62199 | Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62199 is a RCE vulnerability in Microsoft Office. It was assigned a CVSSv3 score of 7.8, rated critical and assessed as “Exploitation Less Likely” according to Microsoft’s Exploitability Index. An attacker could exploit this flaw through social engineering by sending the malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker.
Despite being flagged as “Less Likely” to be exploited, Microsoft notes that the Preview Pane is an attack vector, which means exploitation does not require the target to open the file.
Microsoft patched two additional Microsoft Office RCEs this month. CVE-2025-62205 and CVE-2025-62216 both were assigned CVSSv3 scores of 7.8 and rated as important. CVE-2025-62205 was assessed as “Exploitation Less Likely” while CVE-2025-62216 was assessed as “Exploitation Unlikely.” In contrast to CVE-2025-62199, the preview pane is not an attack vector for these two vulnerabilities.
CVE-2025-60719, CVE-2025-62213, and CVE-2025-62217 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-60719, CVE-2025-62213 and CVE-2025-62217 are EoP vulnerabilities affecting the Ancillary Function Driver for WinSock for Microsoft Windows. All three were assigned CVSSv3 scores of 7.0, were rated as important and assessed as “Exploitation More Likely.” A local, authenticated attacker could exploit these vulnerabilities to elevate to SYSTEM level privileges.
CVE-2025-60724 | GDI+ Remote Code Execution Vulnerability
CVE-2025-60724 is a RCE vulnerability affecting the Windows Graphics Device Interface (GDI). It was assigned a CVSSv3 score of 9.8, rated as critical and assessed as “Exploitation Less Likely.” A remote attacker could exploit this flaw by convincing a victim to download and open a crafted file which could exploit a heap-based buffer overflow in order to execute arbitrary code.
Tenable Solutions
A list of all the plugins released for Microsoft’s November 2025 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.
For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.
Get more information
- Microsoft's November 2025 Security Updates
- Tenable plugins for Microsoft November 2025 Patch Tuesday Security Updates
Join Tenable's Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
Research Special Operations
The Research Special Operations (RSO) team serves as Tenable’s Forward Logistics Element in the threat landscape, providing customers with the analyses and contextualized exposure intelligence required to manage risks to critical business assets. With over 150 years of collective expertise, this hand-picked group of world-class security researchers is united with one mission: to cut through the noise and deliver critical intelligence about the most dangerous cyber threats emerging right now. Uniting the missions of the Tenable Security Response, Zero-Day Research, and Decision Science Operations teams, RSO disseminates timely, accurate, and actionable information about the latest threats and exposures.
- Exposure Management
- Vulnerability Management
Cybersecurity news you can use
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
如有侵权请联系:admin#unsafe.sh