1.0 Introduction
Microsoft has released its November 2025 Patch Tuesday security updates addressing a total of 68 vulnerabilities across multiple products and services. The update includes one actively exploited zero-day vulnerability, five critical vulnerabilities, and 64 important vulnerabilities affecting core components such as Windows Kernel, Microsoft Office, Visual Studio, DirectX, SQL Server, Windows Hyper-V, and Edge (Chromium-based).
2.0 Impact
Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code, gain system privileges, expose sensitive information, or compromise system integrity.
3.0 Affected Products
Actively Exploited Zero-Days vulnerability
- CVE-2025-62215 - Windows Kernel Elevation of Privilege
Critical Vulnerabilities
- CVE-2025-60724 – GDI+ Component
- CVE-2025-62199 – Microsoft Office
- CVE-2025-60716 – DirectX Graphics Kernel
- CVE-2025-62214 – Visual Studio
- CVE-2025-30398 – Nuance PowerScribe 360
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the Microsoft MSRC Security Update Guide and apply the necessary updates.
Kindly refer to the following URL: https://msrc.microsoft.com/update-guide/releaseNote/2025-Nov
Generally, we advise users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web:
https://www.cybersecurity.my
5.0 References