Microsoft November Patch Tuesday: Critical Fixes & Updates

When Patching Isn’t Enough: Why November’s Updates Demand a Resilience Strategy

Microsoft’s November 2025 Patch Tuesday delivers 63 security fixes, including 5 Critical and 58 Important vulnerabilities across Windows, Office, Azure, and developer platforms.

“One vulnerability has been confirmed weaponized in the wild, underscoring the continued trend toward exploitation of graphics and scripting components for remote code execution (RCE).” - Robert Brown, Senior Director of Technical Services, Absolute Security

Top 5 Vulnerabilities You Need to Know

1. CVE-2025-60724 – GDI+ Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

• Severity: Important | CVSS Score: 9.8
• Attack Vector: Network (AV:N) | Privileges Required: None (PR:N)
• User Interaction: None (UI:N) | Attack Complexity: Low (AC:L)
• This flaw could enable attackers to trigger remote code execution through crafted image or metafile content handled by network-facing services, making image-parsing endpoints and content distribution systems a top priority for patching.

2. CVE-2025-30398 – Nuance PowerScribe 360 Information Disclosure Vulnerability

Information disclosure in Nuance PowerScribe 360 allows sensitive data to be exposed to an unauthorized actor.

• Severity: Critical | CVSS Score: 8.1
• Attack Vector: Network (AV:N) | Privileges Required: None (PR:N)
• User Interaction: Required (UI:R) | Attack Complexity: Low (AC:L)
• This vulnerability can leak sensitive patient or diagnostic data and may enable follow-on reconnaissance, patch Nuance deployments, review access controls, and enable logging on affected systems.

3. CVE-2025-62199 – Microsoft Office Remote Code Execution Vulnerability

Use-after-free in Microsoft Office allows an attacker to execute code when a user opens a specially crafted file.

• Severity: Critical | CVSS Score: 7.8
• Attack Vector: Local (AV:L) | Privileges Required: None (PR:N)
• User Interaction: Required (UI:R) | Attack Complexity: Low (AC:L)
• A classic document-borne RCE route via phishing attachments or malicious files so enforce Protected View and macro restrictions and deploy the update organization-wide.  The Preview Pane is an attack vector.

4. CVE-2025-60716 – DirectX Graphics Kernel Elevation of Privilege Vulnerability

A DirectX/graphics kernel flaw permits elevation of privilege through improper memory handling in graphics drivers.

• Severity: Important | CVSS Score: 7.0
• Attack Vector: Local (AV:L) | Privileges Required: Low (PR:L)
• User Interaction: None (UI:N) | Attack Complexity: High (AC:H)
• This EoP can be chained after an initial foothold to gain SYSTEM-level access on workstations or VDI hosts - patch graphics stacks and monitor for unusual GPU or driver activity.

5. CVE-2025-62214 – Visual Studio Remote Code Execution Vulnerability

Heap-based buffer overflow in Visual Studio allows an attacker to execute code locally under user context.

• Severity: Critical | CVSS Score: 6.7
• Attack Vector: Local (AV:L) | Privileges Required: Low (PR:L)
• User Interaction: Required (UI:R) | Attack Complexity: High (AC:H)
• Visual Studio Developer endpoints carry high blast radius; this vulnerability risks supply-chain and build-system compromise - update Visual Studio builds and reinforce least-privilege and code-signing controls.

Jump Point Vulnerabilities: Risks for Lateral Movement

These vulnerabilities have Scope = Changed, meaning they can cross trust or privilege boundaries, enabling lateral movement, privilege escalation, or broader system impact.

1. CVE-2025-60724 (GDI+ Remote Code Execution Vulnerability). Important; CVSS 9.8; Exploitation Less Likely.
2. CVE-2025-62199 (Microsoft Office Remote Code Execution Vulnerability). Critical; CVSS 7.8; Exploitation Less Likely.
3. CVE-2025-60716 (DirectX Graphics Kernel Elevation of Privilege Vulnerability). Critical; CVSS 7.0; Exploitation Less Likely.
4. CVE-2025-62214 (Visual Studio Remote Code Execution Vulnerability). Critical; CVSS 6.7; Exploitation Less Likely.
5. CVE-2025-30398 (Nuance PowerScribe 360 Information Disclosure Vulnerability). Critical; CVSS 8.1; Exploitation Less Likely.

These exhibit behavior that can extend control beyond the originally compromised component, particularly through graphics rendering, document parsing, or local privilege elevation chains.

Risk Scoring

November’s Patch Tuesday once again demonstrates that while exploitation rates remain modest, the blast radius of unpatched systems continues to grow. Absolute’s Risk Score highlights these top threats, balancing vendor severity, exploit awareness, and real-world impact to help guide priority and sequencing of your patch rollouts. Download our Guide to November Patch Tuesday Updates.

Key Recommendations:

1. Prioritize RCE and EoP Flaws: Patch GDI+, Office, and DirectX components immediately to block both network-based and file-borne attack vectors.
2. Leverage Endpoint Resilience: Absolute Secure Endpoint enables rapid rehydration to a golden image, restoring thousands of devices in hours rather than days, through firmware-embedded persistence.
3. Monitor Patch Compliance: Maintain continuous visibility of deployment success, detect devices lagging SLA, and block untrusted content to minimize lateral movement risk.

While timely patching remains essential, resilience is the ultimate safeguard.  The ability to rehydrate endpoints to a golden image at scale provides recovery assurance should a patch or attack destabilize operations.

Patch Smart. Happy Patching!