Patch Tuesday Archive
Patch Tuesday November 2025
Total CVEs
71
Critical
11
Important
60
Exploited
1
Publicly Disclosed
0
All CVEs this month 71
| CVE | Title | Severity | CVSS | Product | Exploited | Disclosed |
|---|---|---|---|---|---|---|
| CVE-2025-30398 | Nuance PowerScribe 360 Information Disclosure Vulnerability | Critical | 8.1 |
Nuance PowerScribe | - | - |
| CVE-2025-49752 | Azure Bastion Elevation of Privilege Vulnerability | Critical | 10 |
Software for Open Networking in the Cloud (SONiC) | - | - |
| CVE-2025-59245 | Microsoft SharePoint Online Elevation of Privilege Vulnerability | Critical | 9.8 |
Microsoft Office SharePoint | - | - |
| CVE-2025-60716 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Critical | 7 |
Windows DirectX | - | - |
| CVE-2025-62199 | Microsoft Office Remote Code Execution Vulnerability | Critical | 7.8 |
Microsoft Office | - | - |
| CVE-2025-62207 | Azure Monitor Elevation of Privilege Vulnerability | Critical | 8.6 |
Azure Monitor | - | - |
| CVE-2025-62214 | Visual Studio Remote Code Execution Vulnerability | Critical | 6.7 |
Visual Studio | - | - |
| CVE-2025-62459 | Microsoft Defender Portal Spoofing Vulnerability | Critical | 8.3 |
Microsoft Defender Portal | - | - |
| CVE-2025-64655 | Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability | Critical | 8.8 |
Dynamics OmniChannel SDK Storage Containers | - | - |
| CVE-2025-64656 | Azure Application Gateway Elevation of Privilege Vulnerability | Critical | 9.4 |
Application Gateway | - | - |
| CVE-2025-64657 | Azure Application Gateway Elevation of Privilege Vulnerability | Critical | 9.8 |
Azure Application Gateway | - | - |
| CVE-2025-47179 | Configuration Manager Elevation of Privilege Vulnerability | Important | 6.7 |
Microsoft Configuration Manager | - | - |
| CVE-2025-59240 | Microsoft Excel Information Disclosure Vulnerability | Important | 5.5 |
Microsoft Office Excel | - | - |
| CVE-2025-59499 | Microsoft SQL Server Elevation of Privilege Vulnerability | Important | 8.8 |
SQL Server | - | - |
| CVE-2025-59504 | Azure Monitor Agent Remote Code Execution Vulnerability | Important | 7.3 |
Azure Monitor Agent | - | - |
| CVE-2025-59505 | Windows Smart Card Reader Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Smart Card | - | - |
| CVE-2025-59506 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | 7 |
Windows DirectX | - | - |
| CVE-2025-59507 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important | 7 |
Windows Speech | - | - |
| CVE-2025-59508 | Windows Speech Recognition Elevation of Privilege Vulnerability | Important | 7 |
Windows Speech | - | - |
| CVE-2025-59509 | Windows Speech Recognition Information Disclosure Vulnerability | Important | 5.5 |
Windows Speech | - | - |
| CVE-2025-59510 | Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability | Important | 5.5 |
Windows Routing and Remote Access Service (RRAS) | - | - |
| CVE-2025-59511 | Windows WLAN Service Elevation of Privilege Vulnerability | Important | 7.8 |
Windows WLAN Service | - | - |
| CVE-2025-59512 | Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability | Important | 7.8 |
Customer Experience Improvement Program (CEIP) | - | - |
| CVE-2025-59513 | Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability | Important | 5.5 |
Windows Bluetooth RFCOM Protocol Driver | - | - |
| CVE-2025-59514 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | Important | 7.8 |
Microsoft Streaming Service | - | - |
| CVE-2025-59515 | Windows Broadcast DVR User Service Elevation of Privilege Vulnerability | Important | 7 |
Windows Broadcast DVR User Service | - | - |
| CVE-2025-60703 | Windows Remote Desktop Services Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Remote Desktop | - | - |
| CVE-2025-60704 | Windows Kerberos Elevation of Privilege Vulnerability | Important | 7.5 |
Windows Kerberos | - | - |
| CVE-2025-60705 | Windows Client-Side Caching Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Client-Side Caching (CSC) Service | - | - |
| CVE-2025-60706 | Windows Hyper-V Information Disclosure Vulnerability | Important | 5.5 |
Role: Windows Hyper-V | - | - |
| CVE-2025-60707 | Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability | Important | 7.8 |
Multimedia Class Scheduler Service (MMCSS) | - | - |
| CVE-2025-60708 | Storvsp.sys Driver Denial of Service Vulnerability | Important | 6.5 |
Storvsp.sys Driver | - | - |
| CVE-2025-60709 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Common Log File System Driver | - | - |
| CVE-2025-60710 | Host Process for Windows Tasks Elevation of Privilege Vulnerability | Important | 7.8 |
Host Process for Windows Tasks | - | - |
| CVE-2025-60713 | Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Routing and Remote Access Service (RRAS) | - | - |
| CVE-2025-60714 | Windows OLE Remote Code Execution Vulnerability | Important | 7.8 |
Windows OLE | - | - |
| CVE-2025-60715 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8 |
Windows Routing and Remote Access Service (RRAS) | - | - |
| CVE-2025-60717 | Windows Broadcast DVR User Service Elevation of Privilege Vulnerability | Important | 7 |
Windows Broadcast DVR User Service | - | - |
| CVE-2025-60718 | Windows Administrator Protection Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Administrator Protection | - | - |
| CVE-2025-60719 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7 |
Windows Ancillary Function Driver for WinSock | - | - |
| CVE-2025-60720 | Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability | Important | 7.8 |
Windows TDX.sys | - | - |
| CVE-2025-60721 | Windows Administrator Protection Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Administrator Protection | - | - |
| CVE-2025-60722 | Microsoft OneDrive for Android Elevation of Privilege Vulnerability | Important | 6.5 |
OneDrive for Android | - | - |
| CVE-2025-60723 | DirectX Graphics Kernel Denial of Service Vulnerability | Important | 6.3 |
Windows DirectX | - | - |
| CVE-2025-60724 | GDI+ Remote Code Execution Vulnerability | Important | 9.8 |
Microsoft Graphics Component | - | - |
| CVE-2025-60726 | Microsoft Excel Information Disclosure Vulnerability | Important | 7.1 |
Microsoft Office Excel | - | - |
| CVE-2025-60727 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Office Excel | - | - |
| CVE-2025-60728 | Microsoft Excel Information Disclosure Vulnerability | Important | 4.3 |
Microsoft Office Excel | - | - |
| CVE-2025-62200 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Office Excel | - | - |
| CVE-2025-62201 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Office Excel | - | - |
| CVE-2025-62202 | Microsoft Excel Information Disclosure Vulnerability | Important | 7.1 |
Microsoft Office Excel | - | - |
| CVE-2025-62203 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Office Excel | - | - |
| CVE-2025-62204 | Microsoft SharePoint Remote Code Execution Vulnerability | Important | 8 |
Microsoft Office SharePoint | - | - |
| CVE-2025-62205 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Office Word | - | - |
| CVE-2025-62206 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Important | 6.5 |
Microsoft Dynamics 365 (on-premises) | - | - |
| CVE-2025-62208 | Windows License Manager Information Disclosure Vulnerability | Important | 5.5 |
Windows License Manager | - | - |
| CVE-2025-62209 | Windows License Manager Information Disclosure Vulnerability | Important | 5.5 |
Windows License Manager | - | - |
| CVE-2025-62210 | Dynamics 365 Field Service (online) Spoofing Vulnerability | Important | 8.7 |
Dynamics 365 Field Service (online) | - | - |
| CVE-2025-62211 | Dynamics 365 Field Service (online) Spoofing Vulnerability | Important | 8.7 |
Dynamics 365 Field Service (online) | - | - |
| CVE-2025-62213 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7 |
Windows Ancillary Function Driver for WinSock | - | - |
| CVE-2025-62215 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7 |
Windows Kernel | Yes | - |
| CVE-2025-62216 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Office | - | - |
| CVE-2025-62217 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7 |
Windows Ancillary Function Driver for WinSock | - | - |
| CVE-2025-62218 | Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Wireless Provisioning System | - | - |
| CVE-2025-62219 | Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Wireless Provisioning System | - | - |
| CVE-2025-62220 | Windows Subsystem for Linux GUI Remote Code Execution Vulnerability | Important | 8.8 |
Windows Subsystem for Linux GUI | - | - |
| CVE-2025-62222 | Agentic AI and Visual Studio Code Remote Code Execution Vulnerability | Important | 8.8 |
Visual Studio Code CoPilot Chat Extension | - | - |
| CVE-2025-62449 | Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability | Important | 6.8 |
Visual Studio Code CoPilot Chat Extension | - | - |
| CVE-2025-62452 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8 |
Windows Routing and Remote Access Service (RRAS) | - | - |
| CVE-2025-62453 | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | Important | 5 |
GitHub Copilot and Visual Studio Code | - | - |
| CVE-2025-64660 | GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability | Important | 8 |
GitHub Copilot and Visual Studio Code | - | - |
Threat Categories 6
| Threat Category | CVEs | Critical |
|---|---|---|
| Elevation of Privilege | 34 | 6 |
| Remote Code Execution | 18 | 3 |
| Information Disclosure | 11 | 1 |
| Spoofing | 3 | 1 |
| Denial of Service | 3 | - |
| Security Feature Bypass | 2 | - |
Affected Products 46
| Product | CVEs | Exploited |
|---|---|---|
| Microsoft Office Excel | 8 | - |
| Windows Routing and Remote Access Service (RRAS) | 4 | - |
| Windows DirectX | 3 | - |
| Windows Speech | 3 | - |
| Windows Ancillary Function Driver for WinSock | 3 | - |
| Microsoft Office SharePoint | 2 | - |
| Microsoft Office | 2 | - |
| Windows Broadcast DVR User Service | 2 | - |
| Windows Administrator Protection | 2 | - |
| Windows License Manager | 2 | - |
| Dynamics 365 Field Service (online) | 2 | - |
| Microsoft Wireless Provisioning System | 2 | - |
| Visual Studio Code CoPilot Chat Extension | 2 | - |
| GitHub Copilot and Visual Studio Code | 2 | - |
| Nuance PowerScribe | 1 | - |
| Software for Open Networking in the Cloud (SONiC) | 1 | - |
| Azure Monitor | 1 | - |
| Visual Studio | 1 | - |
| Microsoft Defender Portal | 1 | - |
| Dynamics OmniChannel SDK Storage Containers | 1 | - |
| Application Gateway | 1 | - |
| Azure Application Gateway | 1 | - |
| Microsoft Configuration Manager | 1 | - |
| SQL Server | 1 | - |
| Azure Monitor Agent | 1 | - |
| Windows Smart Card | 1 | - |
| Windows WLAN Service | 1 | - |
| Customer Experience Improvement Program (CEIP) | 1 | - |
| Windows Bluetooth RFCOM Protocol Driver | 1 | - |
| Microsoft Streaming Service | 1 | - |
| Windows Remote Desktop | 1 | - |
| Windows Kerberos | 1 | - |
| Windows Client-Side Caching (CSC) Service | 1 | - |
| Role: Windows Hyper-V | 1 | - |
| Multimedia Class Scheduler Service (MMCSS) | 1 | - |
| Storvsp.sys Driver | 1 | - |
| Windows Common Log File System Driver | 1 | - |
| Host Process for Windows Tasks | 1 | - |
| Windows OLE | 1 | - |
| Windows TDX.sys | 1 | - |
| OneDrive for Android | 1 | - |
| Microsoft Graphics Component | 1 | - |
| Microsoft Office Word | 1 | - |
| Microsoft Dynamics 365 (on-premises) | 1 | - |
| Windows Kernel | 1 | 1 |
| Windows Subsystem for Linux GUI | 1 | - |