Overview
On November 12, NSFOCUS CERT detected that Microsoft released the November Security Update patch, which fixed 63 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Azure, and Microsoft Visual Studio, including privilege escalation, high-risk vulnerability types such as remote code execution.
Among the vulnerabilities fixed by Microsoft’s monthly update this month, there are 5 critical (Critical) and 58 important (Important), including 1 0day that has been detected for wild exploitation: Windows Kernel Privilege Escalation Vulnerability (CVE-2025-62215). Please update the patch as soon as possible for protection. For a complete list of vulnerabilities, please refer to the appendix.
Reference link: https://msrc.microsoft.com/update-guide/releaseNote/2025-Nov
Key Vulnerabilities
Based on the product popularity and vulnerability importance, this update contains vulnerabilities with greater impact. Relevant users are requested to pay special attention:
Windows Kernel Privilege Escalation Vulnerability (CVE-2025-62215):
A privilege escalation vulnerability exists in the Windows Kernel. Due to a concurrent synchronization flaw in the Windows kernel’s processing of shared resources, an authenticated local attacker can elevate privileges to SYSTEM by triggering race conditions and double release. The vulnerability has been exploited in the wild.CVSS score 7.0.
Official announcement link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62215
DirectX Graphics Kernel Privilege Escalation Vulnerability (CVE-2025-60716):
There is a privilege escalation vulnerability in the DirectX Graphics Kernel. Because the DirectX graphics kernel does not reset the pointer after releasing GPU resources, an authenticated local attacker can reuse (use-after-free) kernel objects through conditional competition release, thereby escalating privileges to SYSTEM. CVSS score 7.0.
Official announcement link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60716
Nuance PowerScribe 360 Information Disclosure Vulnerability (CVE-2025-30398):
There is an information disclosure vulnerability in Nuance PowerScribe 360. Because PowerScribe lacks authorization for API endpoints, unauthenticated attackers can obtain sensitive information such as PowerScribe configuration by requesting to call specific API endpoints. CVSS score 8.1.
Official announcement link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30398
Microsoft Office Remote Code Execution Vulnerability (CVE-2025-62199):
A remote code execution vulnerability exists in Microsoft Office. Since Microsoft Office does not clear the pointer (use-after-free) after releasing the object, an attacker can trick the user into opening or previewing a pane by delivering a specially crafted file, thereby executing arbitrary code on the user’s computer. CVSS score 7.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62199
Visual Studio Remote Code Execution Vulnerability (CVE-2025-62214):
A remote code execution vulnerability exists in Visual Studio. Since Visual Studio does not escape the special characters in the prompt when calling Copilot to generate a build command, an authenticated local attacker can trigger the build by injecting malicious instructions into Copilot, thereby achieving arbitrary code execution. CVSS score 6.7.
Official announcement link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62214
Customer Experience Improvement Program Privilege Escalation Vulnerability (CVE-2025-59512):
A privilege escalation vulnerability exists in the Customer Experience Improvement Program. Due to improper customer experience improvement program (CEIP) access control, an authenticated local attacker can bypass privilege verification and execute malicious code to elevate privileges to SYSTEM. CVSS score 7.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59512
GDI+ Remote Code Execution Vulnerability (CVE-2025-60724):
There is a remote code execution vulnerability in the Windows GDI+ component. Since the GDI+ component will cause a heap buffer overflow when parsing specially crafted metafile files, an unauthenticated attacker can upload malicious files to the Web service that parses the document to achieve remote code execution. CSS score 9.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-60724
Dynamics 365 Field Service (online) Spoofing Vulnerability (CVE-2025-62210)
A spoofing vulnerability exists in the Dynamics 365 Field Service, which allows an unauthenticated attacker to hijack user sessions by tricking users into clicking on malicious links and injecting and executing arbitrary XSS scripts due to improper handling of user input when generating web pages. CVSS score 8.7.
Official announcement link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62210
Scope of Impact
The following are the affected product versions of some key vulnerabilities. For the scope of products affected by other vulnerabilities, please refer to the official announcement link.
| Vulnerability Number | Affected product versions |
|---|---|
| CVE-2025-62215 CVE-2025-60716 | Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2025 Windows Server 2025 (Server Core installation) |
| CVE-2025-30398 | Nuance PowerScribe 360 version 4.0.1 Nuance PowerScribe 360 version 4.0.2 Nuance PowerScribe 360 version 4.0.3 Nuance PowerScribe 360 version 4.0.4 Nuance PowerScribe 360 version 4.0.5 Nuance PowerScribe 360 version 4.0.6 Nuance PowerScribe 360 version 4.0.7 Nuance PowerScribe 360 version 4.0.8 Nuance PowerScribe 360 version 4.0.9 Nuance PowerScribe One version 2019.1 Nuance PowerScribe One version 2019.2 Nuance PowerScribe One version 2019.3 Nuance PowerScribe One version 2019.4 Nuance PowerScribe One version 2019.5 Nuance PowerScribe One version 2019.6 Nuance PowerScribe One version 2019.7 Nuance PowerScribe One version 2019.8 Nuance PowerScribe One version 2019.9 Nuance PowerScribe One version 2019.10 PowerScribe One version 2023.1 SP2 Patch 7 |
| CVE-2025-62199 | Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office for Android Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC for Mac 2024 |
| CVE-2025-62214 | Microsoft Visual Studio 2022 version 17.14 |
| CVE-2025-59512 | Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2025 Windows Server 2025 (Server Core installation) |
| CVE-2025-60724 | Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC for Mac 2024 Microsoft Office for Android Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2025 Windows Server 2025 (Server Core installation) |
| CVE-2025-62210 | Dynamics 365 Field Service (online) |
Mitigation
At present, Microsoft has officially released security patches to fix the above vulnerabilities for supported product versions. It is strongly recommended that affected users install patches as soon as possible for protection. The official download link:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Nov
Note: Patch updates for Windows Update may fail due to network problems, computer environment problems, etc. After installing the patch, users should check whether the patch has been successfully updated in time.
Right-click the Windows icon, select “Settings (N)”, select “Update and Security”-“Windows Update”, view the prompt information on this page, or click “View Update History” to view the historical update status.
For updates that have not been successfully installed, you can click the update name to jump to the Microsoft official download page. It is recommended that users click the link on this page and go to the “Microsoft Update Catalog” website to download the independent program package and install it.
Appendix
| Affected products | CVE No. | Vulnerability Title | Severity |
|---|---|---|---|
| Microsoft Office | CVE-2025-62199 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office,Windows | CVE-2025-60724 | GDI+ remote code execution vulnerability | Critical |
| Microsoft Visual Studio | CVE-2025-62214 | Visual Studio Remote Code Execution Vulnerability | Critical |
| Other | CVE-2025-30398 | Nuance PowerScribe 360 Information Disclosure Vulnerability | Critical |
| Windows | CVE-2025-60716 | DirectX Graphics Kernel privilege escalation vulnerability | Critical |
| Azure | CVE-2025-59504 | Azure Monitor Agent Remote Code Execution Vulnerability | Important |
| Microsoft Dynamics | CVE-2025-62206 | Microsoft Dynamics 365 (On-Premises) information disclosure vulnerability | Important |
| Microsoft Dynamics | CVE-2025-62210 | Dynamics 365 Field Service (online) spoofing vulnerability | Important |
| Microsoft Dynamics | CVE-2025-62211 | Dynamics 365 Field Service (online) spoofing vulnerability | Important |
| Microsoft Office | CVE-2025-60726 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2025-60727 | Microsoft Excel remote code execution vulnerability | Important |
| Microsoft Office | CVE-2025-60728 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2025-62216 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-60722 | Microsoft OneDrive for Android Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2025-59240 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2025-62200 | Microsoft Excel remote code execution vulnerability | Important |
| Microsoft Office | CVE-2025-62201 | Microsoft Excel remote code execution vulnerability | Important |
| Microsoft Office | CVE-2025-62202 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2025-62203 | Microsoft Excel remote code execution vulnerability | Important |
| Microsoft Office | CVE-2025-62204 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-62205 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft SQL Server | CVE-2025-59499 | Microsoft SQL Server Privilege Escalation Vulnerability | Important |
| Microsoft Visual Studio Code CoPilot Chat Extension | CVE-2025-62222 | Agentic AI and Visual Studio Code Remote Execution Vulnerability | Important |
| Microsoft Visual Studio Code CoPilot Chat Extension | CVE-2025-62449 | Microsoft Visual Studio Code CoPilot Chat Extension security feature bypass vulnerability | Important |
| Open Source Software | CVE-2025-62220 | Windows Subsystem for Linux GUI Remote Code Execution Vulnerability | Important |
| System Center | CVE-2025-47179 | Configuration Manager privilege escalation vulnerability | Important |
| Visual Studio Code | CVE-2025-62453 | GitHub Copilot and Visual Studio Code security feature bypass vulnerability | Important |
| Windows | CVE-2025-59505 | Windows Smart Card Reader privilege escalation vulnerability | Important |
| Windows | CVE-2025-59506 | DirectX Graphics Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2025-59507 | Windows Speech Runtime Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-59508 | Windows Speech Recognition Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-59509 | Windows Speech Recognition Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-59510 | Windows Routing and Remote Access Service (RRAS) Denial of Service | Important |
| Windows | CVE-2025-59511 | Windows WLAN Service Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-59512 | Customer Experience Improvement Program (CEIP) privilege escalation vulnerability | Important |
| Windows | CVE-2025-59513 | Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-60703 | Windows Remote Desktop Services Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-60704 | Windows Kerberos privilege escalation vulnerability | Important |
| Windows | CVE-2025-60705 | Windows Client-Side Caching Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-60706 | Windows Hyper-V Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-60707 | Multimedia Class Scheduler Service (MMCSS) Driver Escalation Vulnerability | Important |
| Windows | CVE-2025-60708 | Storvsp.sys Driver denial of service vulnerability | Important |
| Windows | CVE-2025-60709 | Windows Common Log File System Driver Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-60710 | Host Process for Windows Tasks Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-60719 | Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-62217 | Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-62218 | Microsoft Wireless Provisioning System Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-62219 | Microsoft Wireless Provisioning System Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-62452 | Windows Routing and Remote Access Service (RRAS) Vulnerability | Important |
| Windows | CVE-2025-59514 | Microsoft Streaming Service Proxy Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-59515 | Windows Broadcast DVR User Service Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-60713 | Windows Routing and Remote Access Service (RRAS) privilege escalation vulnerability | Important |
| Windows | CVE-2025-60714 | Windows OLE Remote Code Execution Vulnerability | Important |
| Windows | CVE-2025-60715 | Windows Routing and Remote Access Service (RRAS) Vulnerability | Important |
| Windows | CVE-2025-60717 | Windows Broadcast DVR User Service Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-60718 | Windows Administrator Protection Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-60720 | Windows Transport Driver Interface (TDI) Translation Driver Escalation Vulnerability | Important |
| Windows | CVE-2025-60723 | DirectX Graphics Kernel denial of service vulnerability | Important |
| Windows | CVE-2025-62208 | Windows License Manager Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-62209 | Windows License Manager Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-62215 | Windows Kernel privilege escalation vulnerability | Important |
| Windows | CVE-2025-62213 | Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-60721 | Windows Administrator Protection Privilege Escalation Vulnerability | Important |
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS, a pioneering leader in cybersecurity, is dedicated to safeguarding telecommunications, Internet service providers, hosting providers, and enterprises from sophisticated cyberattacks.
Founded in 2000, NSFOCUS operates globally with over 4000 employees at two headquarters in Beijing, China, and Santa Clara, CA, USA, and over 50 offices worldwide. It has a proven track record of protecting over 25% of the Fortune Global 500 companies, including four of the five largest banks and six of the world’s top ten telecommunications companies.
Leveraging technical prowess and innovation, NSFOCUS delivers a comprehensive suite of security solutions, including the Intelligent Security Operations Platform (ISOP) for modern SOC, DDoS Protection, Continuous Threat Exposure Management (CTEM) Service and Web Application and API Protection (WAAP). All the solutions and services are augmented by the Security Large Language Model (SecLLM), ML, patented algorithms and other cutting-edge research achievements developed by NSFOCUS.
