On November 12, 2025, Microsoft announced patches for 63 new security vulnerabilities across its software. Among these, four are deemed Critical, while 59 are categorized as Important. Notably, one flaw is currently being exploited, raising concerns for users and organizations.
Many of these vulnerabilities involve privilege escalation, allowing unauthorized users to gain higher access rights. For instance, the troublesome CVE-2025-62215, which holds a CVSS score of 7.0, can let attackers elevate their privileges in the Windows Kernel. According to Ben McCarthy, a cybersecurity engineer, this kind of flaw lets attackers manipulate memory to hijack system operations.
Mike Walters, co-founder of Action1, warns that when combined with other vulnerabilities, this flaw can lead to significant security breaches, such as gaining full control of a system.
Another serious issue includes two heap-based buffer overflows linked to Microsoft’s Graphics Component and the Windows Subsystem for Linux GUI. These could allow for remote code execution, with CVSS scores as high as 9.8 for one of the vulnerabilities.
Further, a vulnerability in Windows Kerberos, identified as CVE-2025-60704, could allow attackers to impersonate users and potentially control entire domains. Researchers at Silverfort highlighted that this flaw could be exploited in a man-in-the-middle attack, where an outsider intercepts network communication.
Organizations using Active Directory with Kerberos delegation features are at heightened risk. Once compromised, attackers can navigate through networks undetected, accessing sensitive data and resources.
As for the wider landscape, other tech companies are also addressing flaws in their systems. Vendors such as Adobe, Cisco, and Apple have released updates recently to enhance their security measures.
Experts urge all users to stay vigilant about updates. Cyber threats are constantly evolving, and timely patching is essential to protect personal and organizational information.
For more detailed updates on vulnerabilities and patches, you can visit Microsoft’s security bulletin page [here](https://msrc.microsoft.com/update-guide/releaseNote/2025-Nov).
Source link
cyber security news, cyber news, cyber security news today, cyber security updates, cyber updates, hacker news, hacking news, software vulnerability, cyber attacks, data breach, ransomware malware, how to hack, network security, information security, the hacker news, computer security
