Update Windows ASAP to Fix Another Zero-Day Vulnerability
If you’re a Windows user, this is your monthly reminder to install all available security updates. Microsoft’s November Patch Tuesday patches one actively exploited zero-day vulnerability. A total of 63 vulnerabilities were patched.
As reported by Bleeping Computer , the November Patch Tuesday update addresses 29 privilege escalation vulnerabilities, two security feature bypass vulnerabilities, 16 remote code execution vulnerabilities, 11 information disclosure vulnerabilities, two denial of service vulnerabilities, and three spoofing vulnerabilities. (Note that these figures do not include fixes for Microsoft Edge and Mariner.)
In addition to the zero-day vulnerability, four of the vulnerabilities being patched—two remote code execution flaws and one each of privilege escalation and information disclosure—are marked as “critical.”
The patch addresses one zero-day threat.
It’s important to install all security updates as soon as possible, but especially those that fix zero-day vulnerabilities that are actively exploited or become publicly available before the developer releases an official fix.
Without this month’s update, Windows users are vulnerable to CVE-2025-62215 , a privilege escalation vulnerability in the Windows kernel. This vulnerability allows attackers to gain system privileges by exploiting a race condition or incorrect timing in the Windows kernel.
The vulnerability was discovered by the Microsoft Threat Analysis Center (MSTIC) and the Microsoft Threat Response Center (MSRC), although no further details about the exploit were published.
Other updates for Windows users
Windows 11 users will also see a redesigned Start menu with the Patch Tuesday updates—a new interface with scrollable app categories that adapts to the screen size. Other changes include a refreshed battery icon and improved features for File Explorer, Voice Access, and Click to Do.
Starting on Patch Tuesday last month , Microsoft ended support for Windows 10, although users who signed up for Extended Security Updates (ESU) will continue to receive security fixes until October 13, 2026.