Microsoft has released patches for 63 vulnerabilities as part of its November 2025 Patch Tuesday update, addressing five critical and 58 important flaws across its product portfolio. The number represents a 62 percent decrease from the 167 vulnerabilities fixed in October, but security experts warn the drop should not be mistaken for a lower threat level.
According to Microsoft’s security update summary, elevation of privilege vulnerabilities made up nearly half of this month’s fixes at 46 percent, followed by remote code execution flaws at just over 25 percent. Among the patched issues, one zero-day vulnerability had already been exploited in the wild.
The zero-day, tracked as CVE-2025-62215, is an elevation of privilege vulnerability in the Windows Kernel. Microsoft confirmed that attackers had exploited the flaw before a fix was available. The vulnerability requires an attacker to win a race condition, which can make exploitation more complex, but its confirmed use in active attacks highlights its importance.
Satnam Narang, Senior Staff Research Engineer at Tenable, said the vulnerability was likely used as part of a post-exploitation chain. “While we don’t have the full scope regarding exploitation, based on the fact that this is a privilege escalation flaw, it was likely used as part of post-exploitation activity by an attacker, meaning they leveraged some other method to gain access to their target system, such as social engineering, phishing, or exploitation of another vulnerability,” Narang said. He noted that this flaw is one of 11 privilege escalation bugs patched in the Windows Kernel so far in 2025.
Microsoft also addressed CVE-2025-62222, a remote code execution vulnerability in the Microsoft Visual Studio Code CoPilot Chat Extension. The issue stems from a command injection flaw that could allow an attacker to execute arbitrary code. While the company rated the vulnerability as less likely to be exploited, it highlights growing attention to vulnerabilities in generative AI and AI-assisted development tools. “It underscores a growing interest in finding bugs in generative AI or agentic AI, which includes large language models, whether foundational models or open source models, and the AI-assisted code editing tools,” Narang added.
Despite the lower overall volume of fixes, November’s Patch Tuesday continues to reflect the complexity of modern attack surfaces, with privilege escalation and AI-related vulnerabilities standing out as key trends. Security teams are urged to prioritize the latest updates, particularly those addressing privilege escalation in the Windows Kernel and any vulnerabilities affecting AI-driven development environments.
