- Microsoft issued patches for 63 security flaws, including one actively exploited.
- The zero-day vulnerability CVE-2025-62215 allows local privilege escalation via a race condition in the Windows Kernel.
- Critical remote code execution flaws were fixed in the Graphics Component and Windows Subsystem for Linux GUI.
- A Kerberos privilege escalation flaw (CVE-2025-60704) enables attacker impersonation through an adversary-in-the-middle attack.
- Multiple vendors, including Adobe, Cisco, and Google, released various security updates recently.
Microsoft released security patches on November 12, 2025, addressing 63 vulnerabilities in its software. These include one actively exploited zero-day flaw. Of the vulnerabilities, four are rated Critical and 59 Important, covering privilege escalation, remote code execution, information disclosure, denial-of-service, security feature bypass, and spoofing issues. These updates follow fixes for 27 vulnerabilities in the Chromium-based Edge browser since the October patch.
The exploited zero-day, identified as CVE-2025-62215 with a CVSS score of 7.0, is a local privilege escalation vulnerability in the Windows Kernel triggered by a race condition. Discovered by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC), it allows an attacker with existing local access to execute a specially crafted application to exploit unsynchronized access to shared kernel memory. According to Microsoft, this can elevate privileges to SYSTEM level.
Additional critical patches include two heap-based buffer overflow vulnerabilities permitting remote code execution. These affect the Microsoft Graphics Component (CVE-2025-60724, CVSS 9.8) and the Windows Subsystem for Linux GUI (CVE-2025-62220, CVSS 8.8).
Another notable update fixes a high-severity privilege escalation flaw in Windows Kerberos (CVE-2025-60704, CVSS 7.5), known as CheckSum by Silverfort. It results from a missing cryptographic step and allows attackers positioned between a user and requested resource to modify or read network communications. Microsoft states that an attacker requires the user to establish a connection to exploit this flaw. According to Silverfort, this attack can lead to domain-wide user impersonation and administrative control in Active Directory environments with Kerberos delegation enabled.
Several other technology providers have rolled out security updates recently. These include Adobe, Amazon Web Services, AMD, Apple, Cisco, Google, Intel, Lenovo, NVIDIA, and Oracle, among others. Various Linux distributions, such as Debian, Red Hat, and Ubuntu, have also published security advisories. Complete details on vendor patches are available on their respective security bulletin pages.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Trump Proposes 50-Year Mortgage Plan, Sparks Wealth Concerns
- Bitcoin, Ethereum Plunge as Crypto Investors Flee for Equities
- Visa pilots stablecoin payouts for faster global freelancer payments
- Google Launches Private AI Compute for Enhanced Cloud Privacy
- JP Morgan Launches JPM Coin for Instant Institutional USD Transfers
