Microsoft addressed 63 vulnerabilities affecting its underlying systems and core products, including one actively exploited zero-day, the company said in its latest monthly security update.
The zero-day vulnerability — CVE-2025-62215 — affects the Windows Kernel and has a CVSS rating of 7.0 due to a high attack complexity, according to Microsoft. Exploitation, which could allow an attacker to gain system privileges, requires an attacker to win a race condition, the company said. Microsoft did not provide any further details about the scope of exploitation.
The race condition is notable because it indicates some race conditions are more reliable than others, Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, said in a blog post. Race conditions in vulnerabilities, which involve multiple simultaneous processes designed to trigger errors, often impede exploitation.
“Bugs like these are often paired with a code execution bug by…
https://cyberscoop.com/microsoft-patch-tuesday-november-2025/
