Stay secure with patchingandsecuritystuff

Welcome to the Patchingandsecuritystuff blog, your go-to source for the latest security alerts, Microsoft vulnerabilities, and remediation strategies. We provide clear, actionable information to help you protect your Microsoft computers. Join us in staying ahead of cyber threats and ensuring a safer digital environment for everyone.

Read our latest news

November 23, 2025 -

Table of vulnerabilities

November 2025 Security Updates - Release Notes - Security Update Guide - Microsoft

 

Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an extra year of security updates, which is nice because the zero-day flaw and other critical weaknesses affect all versions of Windows, including Windows 10. 

Affected products this month include the Windows OS, OfficeSharePointSQL ServerVisual StudioGitHub Copilot, and Azure Monitor Agent. The zero-day threat concerns a memory corruption bug deep in the Windows innards called CVE-2025-62215. Despite the flaw’s zero-day status, Microsoft has assigned it an “important” rating rather than critical, because exploiting it requires an attacker to already have access to the target’s device.

Microsoft patched a critical bug in Office — CVE-2025-62199 — that can lead to remote code execution on a Windows system. Alex Vovk, CEO and co-founder of Action1, said this Office flaw is a high priority because it is low complexity, needs no privileges, and can be exploited just by viewing a booby-trapped message in the Preview Pane.