All new patches will be approved in our patch policy.

 

This month Microsoft released patches for 63 vulnerabilities with 5 rated “Critical” in severity.

This month brings 63 security updates including 1 zero-day vulnerability. The zero-day is CVE-2025-62215, a Windows Kernel elevation of privilege vulnerability where a race condition in Windows Kernel allows an authorized attacker to gain admin-level rights on Windows devices.

Also noteworthy is CVE-2025-60724 is a remote code execution vulnerability in the Microsoft Graphics Component (GDI+) where a heap-based buffer overflow allows an unauthorized attacker to execute code over a network.

New SSUs for Windows Server 2008/2008R2 and 2012/2012R2.

This month marks the first extended security update (ESU) for Windows 10. Microsoft claims you need to be on version 22H2 but also released a cumulative update for 21H2. Windows 11 version 22H2 reached end of servicing.

 

Disclosed: None

Exploited: CVE-2025-62215

 

Security Update Guide

https://msrc.microsoft.com/update-guide/en-us

 

Microsoft Security Advisories

ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:11/11/2025)

https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001

Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.

NOTE: The Windows 10/11 Security Stack Updates are included in the monthly Cumulative Updates.

 

ADV25258226 | Microsoft Guidance on CVE-2025-9491 Windows LNK File UI Behavior (Published:10/31/2025)

https://msrc.microsoft.com/update-guide/advisory/ADV25258226

Microsoft is aware of CVE-2025-9491 issued by Zero Day Initiative describing a potential issue involving Windows shortcut (.lnk) files. During the user experience, the user is warned several times that proceeding may be harmful.

Reason for Revision: Informational

 

Heads Up – Microsoft released an Out-of-band (OOB) patch for Windows 10 the same day as the expected cumulative update (CU). The OOB is KB5071959 and the CU is KB5068781.

November 11, 2025—KB5071959: Windows 10, version 22H2 (OS Build 19045.6466) Out-of-band

https://support.microsoft.com/en-us/topic/november-11-2025-kb5071959-windows-10-version-22h2-os-build-19045-6466-out-of-band-565c78a7-5b5f-4cbd-8ca8-2a73a48f4e2b

This out-of-band (OOB) update is offered to consumer devices that are not enrolled in the Extended Security Updates (ESU) program for Windows 10. This update is cumulative and includes security fixes and improvements from the October 14, 2025, security update (KB5066791)

 

FYI – Servicing Stack Update (SSU) for Windows Server 2016 is now being released through Windows Update and Microsoft Update as KB5070247. The SSU for Server 2019 is now included in the monthly cumulative update (CU).

 

Notable News – Windows 10 Consumer Extended Security Updates (ESU)

https://www.microsoft.com/en-us/windows/extended-security-updates?r=1

The Extended Security Updates (ESU) program for Windows 10 provides customers with a more secure option to continue using their Windows 10 PCs after October 14, 2025, while they transition to Windows 11. The ESU program helps reduce the risk of malware and cybersecurity attacks by providing access to critical and important security updates as defined by the Microsoft Security Response Center (MSRC) for devices running Windows 10, version 22H2. ESU enrollment does not provide other types of fixes, feature improvements, or product enhancements. It also does not come with technical support.

Windows 10 support has ended. You can enroll in ESU any time until the program ends on October 13, 2026.

Support for Windows Server 2016 will end in January 2027.

Support for Windows Server 2019 will end in January 2029.

 

Known Issues

WSUS will temporarily not display error details. Server 2025 hotpatch may require a restart. SharePoint Server logging may need modification to display event tags properly.

Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.

“Windows Server Update Services (WSUS) does not display error details”

https://support.microsoft.com/en-us/topic/november-11-2025-kb5068779-os-build-25398-1965-3e426beb-da1f-4881-b846-bba30591b368

Affected platforms: Windows Server 2022/2025 (KB5068779,KB5068787,KB5068840,KB5068966,KB5071726)

Symptom: After installing KB5070879 or later updates, Windows Server Update Services (WSUS) does not display synchronization error details within its error reporting.

Workaround: None. This functionality is temporarily removed to address the Remote Code Execution Vulnerability, CVE-2025-59287.

Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287

 

“Some Hotpatch-enabled machines might receive security updates that require a restart”

https://support.microsoft.com/en-us/topic/november-11-2025-hotpatch-kb5068966-os-build-26100-7092-e923cc54-3b4c-4df1-be42-92ae06d12984

Affected platforms: Windows Server 2025 Hotpatch (KB5068966)

Symptom: The out-of-band update for Windows Server 2025 (KB5070881) was briefly offered to all Windows Server 2025 machines, regardless of Hotpatch enrollment.

Machines that installed KB5070881 will temporarily stop receiving Hotpatch updates and will instead receive security updates that require a restart.

Workaround: Machines affected by this issue will resume receiving Hotpatch updates after installing the next baseline update in January 2026. The next planned Hotpatch update will be offered in February 2026.

 

“Users may see ‘4gab5’ event tags logged”

Description of the security update for SharePoint Server Subscription Edition: November 11, 2025 (KB5002800)

https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-sharepoint-server-subscription-edition-november-11-2025-kb5002800-b12617b2-61ed-45d9-9577-bbd40c46e68c

Affected platforms: SharePoint Server 2016/2019/Subscription Edition (KB5002800,KB5002803,KB5002805)

Symptom: Users may see “4gab5” event tags logged in the SharePoint Unified Logging System (ULS) logs when they access sitedirectorysettings.aspx by using ‘set other host’. This issue occurs because of the enhanced security that restricts access to sitedirectorysettings.aspx to the current farm host.

Workaround: To work around this issue, the farm administrator can add the new domain to the AdditionalValidSPFarmHosts in the farm by running the following PowerShell commands:

add-pssnapin *

$f = get-spfarm

$f.AddGenericAllowedListValue("AdditionalValidSPFarmHosts", "your_additional_farm_host")

$f.update()

iisreset

 

Good resource for known issues with Windows 10/11/Server patches. Find the version and click on “Known issues”.

Windows release health

https://docs.microsoft.com/en-us/windows/release-health/

 

Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022,2025 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

 

Security and Quality Rollup

• KB5068905 – Windows Server 2012 R2 (ESU)
• KB5068907 – Windows Server 2012 (ESU)

 

Cumulative Updates

Windows 10

• KB5068781 – Version 21H2 “November 2021 Update” (OS Build 19044) (ESU)
• KB5068781 – Version 22H2 “November 2022 Update” (OS Build 19045) (ESU)

(Versions 1507,1511,1607,1703,1709,1803,1809,1903,1909,2004,20H2,21H1 are no longer under support)

 

Windows 11

• KB5068865 – 23H2 (OS Build 22631)
• KB5068861 – 24H2 (OS Build 26100)
• KB5068861 – 25H2 (OS Build 26200)

(Version 21H2,22H2 are no longer under support)

 

Windows Server

• KB5068864 – Server 2016 (EOS January 2027)
• KB5068791 – Server 2019 (EOS January 2029)
• KB5068787 – Server 2022 (OS Build 20348)
• KB5068779 – Server 23H2 (OS Build 25398)
• KB5068861 – Server 2025 (OS Build 26100)

 

November 2025 updates for Microsoft Office

https://support.microsoft.com/en-us/topic/november-2025-updates-for-microsoft-office-cd14b2b4-6f49-4cfc-9296-1d4da1f8904a

 

Notable CVEs

 

CVE-2025-62215 | Windows Kernel Elevation of Privilege Vulnerability (Cumulative Update/Hotpatch)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62215

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally.

 

CVE-2025-60724 | GDI+ Remote Code Execution Vulnerability (Cumulative Update/Hotpatch)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60724

The Preview Pane is not an attack vector. An attacker could trigger this vulnerability by convincing a victim to download and open a document that contains a specially crafted metafile. In the worst-case scenario, an attacker could trigger this vulnerability on web services by uploading documents containing a specially crafted metafile (AV:N) without user interaction. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk.

 

CVE-2025-60704 | Windows Kerberos Elevation of Privilege Vulnerability

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60704

When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk. In one such scenario for this vulnerability, the attacker could convince a victim to connect to an attacker controlled malicious application (for example, SMB) server. Upon connecting, the malicious server could compromise the protocol. An attacker who successfully exploited this vulnerability could gain administrator privileges.

 

CVE-2025-60716 | DirectX Graphics Kernel Elevation of Privilege Vulnerability (Cumulative Update/Hotpatch)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60716

Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.