Microsoft's November 2025 Patch Tuesday addresses a range of critical vulnerabilities, with a particular focus on an actively exploited Windows Kernel flaw (CVE-2025-62215). This issue, stemming from a race condition in the Windows Kernel, allows for local elevation of privileges, posing a significant risk to systems running Windows. Microsoft's Threat Intelligence Center (MSTIC) and Security Response Center (MSRC) have flagged the exploitation, indicating that while the code is functional, it is not widely available, making it a targeted threat. Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative, highlights the reliability of such race conditions, often exploited by malware for system takeover. Chris Goettl, VP of Security Product Management at Ivanti, emphasizes the impact on all supported Windows OS editions and Windows 10 Extended Security Updates (ESU), urging users to consider the risks of running Windows 10 beyond its End-of-Life (EoL) without ESU. Microsoft offers an out-of-band update for consumer devices not enrolled in the ESU program, addressing a potential enrollment issue. Goettl also mentions the support status of other Windows products, such as Exchange Server, which receives additional attention due to its 6-month ESU extension. Windows 11 Home and Pro 23H2 have reached their End of Support date, requiring users to take action. Among the vulnerabilities, CVE-2025-60724 stands out as a critical heap-based buffer overflow bug in Graphics Device Interface Plus (GDI+), a subsystem used in Windows applications. An attacker can trigger this vulnerability by downloading and opening a specially crafted metafile, potentially leading to remote code execution without user interaction. Adam Barnett, lead software engineer at Rapid7, underscores the severity of this vulnerability, despite its lower likelihood of exploitation. Another critical issue, CVE-2025-62199, is a use-after-free flaw in Microsoft Office, which can be exploited to achieve code execution on vulnerable systems. The attack vector involves tricking users into downloading and opening malicious files, with the Preview Pane identified as a potential entry point. Barnett highlights the increased likelihood of real-world exploitation due to the ease of bypassing security warnings. CVE-2025-62222 affects Agentic AI and Visual Studio Code, allowing unauthorized attackers to execute code over a network. Ben McCarthy, lead cyber security engineer at Immersive, describes a novel attack chain where an attacker crafts a malicious GitHub issue, exploiting a trusted developer environment. This issue underscores the importance of staying vigilant and proactive in addressing these vulnerabilities to ensure system security.
