If you’re a Windows user, this is your monthly reminder to ensure you install all available security updates. Microsoft’s November Patch Tuesday release fixes one zero-day vulnerability that has been actively exploited in the wild, with 63 flaws patched in total.
As reported by Bleeping Computer, the November Patch Tuesday update addresses 29 elevation of privilege vulnerabilities, 2 security feature bypass vulnerabilities, 16 remote code execution vulnerabilities, 11 information disclosure vulnerabilities, 2 denial of service vulnerabilities, and 3 spoofing vulnerabilities. (Note that these figures do not include patches for Microsoft Edge and Mariner.)
In addition to the zero-day, four of the vulnerabilities being addressed—two remote code execution bugs and one each of the elevation of privilege and information disclosure flaws—are labeled “critical.”
Patch fixes one zero-day threat
All security updates are important to install as soon as possible, but especially those that patch zero-days, which are vulnerabilities that are actively exploited or publicly exposed before the developer makes an official fix available.
Without this month’s patch, Windows users are vulnerable to CVE-2025-62215, an elevation of privilege flaw in the Windows Kernel. The bug allows threat actors to gain system privileges upon winning a “race condition,” or improper synchronization in Windows Kernel.
The vulnerability was identified by the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC), though no additional details about exploitation have been made public.
Other updates for Windows users
Windows 11 users will also see the rollout of the upgraded Start menu alongside Patch Tuesday updates—the new interface is scrollable with app categories and adapts to the size of your screen. Other changes include an redesigned battery icon and improved features for File Explorer, Voice Access, and Click to Do.
As of last month’s Patch Tuesday, Microsoft has ended support for Windows 10, though users who have enrolled in Extended Security Updates (ESU) will continue to get security patches through Oct. 13, 2026.
