Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack - The Hacker News

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack Ravie LakshmananNov 12, 2025Vulnerability / Patch Tuesday Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild. Of the 63 flaws, four are rated Critical and 59 are rated Important in severity. Twenty-nine of these vulnerabilities are related to privilege escalation, followed by 16 remote code execution, 11 information disclosure, three denial-of-service (DoS), two security feature bypass, and two spoofing bugs. The patches are in addition to the 27 vulnerabilities the Windows maker addressed in its Chromium-based Edge browser since the release of October 2025's Patch Tuesday update. The zero-day vulnerability that has been listed as exploited in Tuesday's update is CVE-2025-62215 (CVSS score: 7.0), a privilege escalation flaw in Windows Kernel. The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have been credited with discovering and reporting the issue. "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally," the company said in an advisory. That said, successful exploitation hinges on an attacker who has already gained a foothold on a system to win a race condition. Once this criterion is satisfied, it could permit the attacker to obtain SYSTEM privileges. "An attacker with low-privilege local access can run a specially crafted application that repeatedly attempts to trigger this race condition," Ben McCarthy, lead cybersecurity engineer at Immersive, said. "The goal is to get multiple threads to interact with a shared kernel resource in an unsynchronized way, confusing the kernel's memory management and causing it to free the same memory block twice. This successful 'double free' corrupts the kernel heap, allowing the attacker to overwrite memory and hijack the system's execution flow." It's currently not known how this vulnerability is being exploited and by whom, but it's assessed to be used as part of a post-exploitation activity to escalate their privileges after obtaining initial access through some other means, such as social engineering, phishing, or exploitation of another vulnerability, Satnam Narang, senior staff research engineer at Tenable, said. "When chained with other bugs this kernel race is critical: an RCE or sandbox escape can supply the local code execution needed to turn a remote attack into a SYSTEM takeover, and an initial low‑privilege foothold can be escalated to dump credentials and move laterally," Mike Walters, president and co-founder of Action1, said in a statement. Also patched as part of the updates are two heap-based buffer overflow flaws in Microsoft's Graphics Component (CVE-2025-60724, CVSS score: 9.8) and Windows Subsystem for Linux GUI (CVE-2025-62220, CVSS score: 8.8) that could result in remote code execution. Another vulnerability of note is a high-severity privilege escalation flaw in Windows Kerberos (CVE-2025-60704, CVSS score: 7.5) that takes advantage of a missing cryptographic step to gain administrator privileges. The vulnerability has been codenamed CheckSum by Silverfort. "The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications," Microsoft said. "An unauthorized attacker must wait for a user to initiate a connection." Silverfort researchers Eliran Partush and Dor Segal, who discovered the shortcoming, described it as a Kerberos constrained delegation vulnerability that allows an attacker to impersonate arbitrary users and gain control over an entire domain by means of an adversary-in-the-middle (AitM) attack. An attacker who is able to successfully exploit the flaw could escalate privileges and move laterally to other machines in an organization. More concerning, threat actors could also gain the ability to impersonate any user in the company, allowing them to gain unfettered access or become a domain administrator. "Any organization using Active Directory, with the Kerberos delegation capability turned on, is impacted," Silverfort said. "Because Kerberos delegation is a feature within Active Directory, an attacker requires initial access to an environment with compromised credentials." Software Patches from Other Vendors In addition to Microsoft, security updates have also been released by other vendors over the past several weeks to rectify several vulnerabilities, including — Adobe Amazon Web Services AMD Apple ASUS Atlassian AutomationDirect Bitdefender Broadcom (including VMware) Cisco Citrix ConnectWise D-Link Dell Devolutions Drupal Elastic F5 Fortinet GitLab Google Android Google Chrome Google Cloud Grafana Hitachi Energy HP HP Enterprise (including Aruba Networking and Juniper Networks) IBM Intel Ivanti Jenkins Lenovo Linux distributions AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Red Hat, Rocky Linux, SUSE, and Ubuntu MediaTek Mitsubishi Electric MongoDB Moxa Mozilla Firefox and Firefox ESR NVIDIA Oracle Palo Alto Networks QNAP Qualcomm Rockwell Automation Ruckus Wireless Samba Samsung SAP Schneider Electric Siemens SolarWinds SonicWall Splunk Spring Framework Supermicro Synology TP-Link WatchGuard, and Zoom Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  cybersecurity, exploit, Information security, Microsoft, patch Tuesday, privilege escalation, remote code execution, Vulnerability, Windows, zero-day Trending News 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack and Vibe-Coded Malware ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine and More Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries Load More ▼ Popular Resources Read CYBER360 2026: From Zero Trust Limits to Data-Centric Security Paths 19,053 Confirmed Breaches in 2025 – Key Trends and Predictions for 2026 Self-Hosted WAF: Block SQLi, XSS, and Bots Before They Reach Your Apps Identity Controls Checklist: Find Missing Protections in Apps