Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs - Dark Reading

VULNERABILITIES & THREATS CYBER RISK THREAT INTELLIGENCE APPLICATION SECURITY NEWS Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs Security teams may have a less burdensome rollout in November after October's Goliath Patch Tuesday, but shouldn't wait on a few top-priority fixes. Jai Vijayan,Contributing Writer November 11, 2025 4 Min Read SOURCE: SANTI RODRIGUEZ VIA ALAMY STOCK PHOTO With 63 unique CVEs, Microsoft's November security update is considerably slimmer than the company's record-busting patch rollout last month, which contained fixes for as many as 175 vulnerabilities. However, it's not one to sleep on: November's rollout includes fixes for one actively exploited flaw, five that Microsoft rated as more likely to be targeted, and a single critical vulnerability, alongside the usual mix of privilege escalation, remote code execution (RCE), information disclosure, and denial-of-service (DoS) issues. The zero-day bug that attackers are already exploiting is CVE-2025-62215 (CVSS 7.5). It affects the Windows Kernel, and it allows attackers who have already compromised a system to escalate privileges and gain admin-level rights. Microsoft identified the vulnerability as being tied to a race condition, which is something that allows attackers to manipulate the timing of specific operations. Related:Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos "While we don’t have the full scope regarding exploitation, based on the fact that this is a privilege escalation flaw, it was likely used as part of post-exploitation activity by an attacker," said Satam Narang, staff research engineer at Tenable in prepared comments — which means that the attacker leveraged another method to gain initial access. It's a comparative rarity, too: "This is one of 11 privilege escalation bugs patched in the Windows Kernel in 2025," he added. A Single Critical Security Bug in November's Patch Tuesday While Microsoft assessed most of the bugs in the November update — including the one that attackers are actively exploiting — as being of medium severity ("important" in Microsoft parlance), there is the aforementioned critical vulnerability, CVE-2025-60724 (CVSS 9.8). It's an RCE flaw in the GDI+ Windows graphics component. According to Microsoft, an attacker can trigger the vulnerability on Web services by uploading documents containing a malicious metafile. A successful exploit could allow an attacker to execute arbitrary code or steal data from an affected system without any user involvement, the company warned. "The patch for this should be an organization's highest priority," advised Ben McCarthy, lead cybersecurity engineer at Immersive. "While Microsoft assesses this as 'exploitation less likely,' a 9.8-rated flaw in a ubiquitous library like GDI+ is a critical risk," he said in an emailed comment. Patch Now: CVE-2025-60704 Means Broad Risk to Enterprises Another flaw that security teams should prioritize when patching has potentially broad ranging impact: CVE-2025-60704 (CVSS 7.5), a medium-severity elevation-of-privilege bug that affects Windows Kerberos. Researchers at Silverfort, who discovered and reported the bug to Microsoft, have dubbed the vulnerability CheckSum, and perceive it to be more urgent than the severity score alone would suggest.  Related:Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical "Any organization using Active Directory, with the Kerberos delegation capability turned on, is impacted," Silverfort said in a blog post this week. "This means thousands of companies around the world are affected by this vulnerability."  To exploit the vulnerability, an attacker would need initial access to an environment via compromised credentials, Silverfort said. But a successful exploit could enable privilege escalation and lateral movement. "Worse, [cyberattackers] could also gain the ability to impersonate anyone in the company, unlocking untold access or even becoming a domain admin," Silverfort warned. Security researchers also flagged CVE-2025-62220 (CVSS Score: 8.8) as a vulnerability that security teams should get to sooner rather than later. The bug affects Windows Subsystem for Linux GUI and enables RCE. In Microsoft's words, though a successful exploit requires user interaction, "the risk extends beyond local use."   Related:Cisco SD-WAN Zero-Day Under Exploitation for 3 Years "Because this flaw exists at the interface between Windows and Linux environments, the potential impact extends beyond typical user-level compromises," researchers at Automox said in a blog today. "Attackers who successfully exploit this vector can execute code under the context of the logged-in user or escalate privileges for deeper system access." Also, in the list of bugs that Microsoft identified as more exploitable — and therefore needing prompt attention — are CVE-2025-60719; CVE-2025-62213; and CVE-2025-62217. All three bugs have a severity score of 7.0, affect the Windows Ancillary Function Driver of WinSock, and enable privilege escalation.  "If Microsoft thinks an exploit is likely to happen, then organizations should take note," said Nick Carroll, cyber incident response manager at Nightwing. "All three of these vulnerabilities are marked as not requiring user interaction to exploit, and only needing low privileges, which may be part of why Microsoft believes an exploit is more likely to be created for these vulnerabilities.” About the Author Jai Vijayan Contributing Writer Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill. More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars Editor's Choice CYBERSECURITY OPERATIONS Why Stryker's Outage Is a Disaster Recovery Wake-Up Call byJai Vijayan MAR 12, 2026 5 MIN READ APPLICATION SECURITY Microsoft Patches 83 CVEs in March Update byJai Vijayan MAR 11, 2026 4 MIN READ THREAT INTELLIGENCE Commercial Spyware Opponents Fear US Policy Shifting byRob Wright MAR 12, 2026 9 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE