Security updates

Security Advisory

Microsoft November Updates- Fixes 63 Vulnerabilities,1 Zero-Day Exploits ; Patch Now

Summary : Microsoft’s November 2025 Patch Tuesday resolves 63 vulnerabilities across multiple Microsoft components. The Microsoft Patch Tuesday also addresses four “Critical” vulnerabilities, two of which are remote code execution vulnerabilities, one is an elevation of privileges and the fourth is an information disclosure flaw.

OEM Microsoft 
Severity Critical 
Date of Announcement 2025-11-11 
No. of Patches 63 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview : Key Updates on Patch Tuesday

The update includes one actively exploited zero-day vulnerability (CVE-2025-62215) in the Windows Kernel and five additional Critical-rated vulnerabilities affecting Office, DirectX, GDI+, Visual Studio, and Nuance PowerScribe. 

This release continues Microsoft’s focus on privilege escalation and remote code execution (RCE) vulnerabilities, highlighting the urgent need for comprehensive patch management across enterprise systems. 

Here are the CVE addresses for Microsoft & non-Microsoft:  

  • 63 Microsoft CVEs addressed 
  • 5 non-Microsoft CVEs addressed (Republished) 

Breakdown of October 2025 Vulnerabilities 

  • 29 Elevation of Privilege (EoP) 
  • 16 Remote Code Execution (RCE) 
  • 11 Information Disclosure 
  • 3 Denial of Service (DoS) 
  • 2 Security Feature Bypass 
  • 2 Spoofing  

Source: Microsoft 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
Windows Kernel Elevation of Privilege Vulnerability (Zero-Day, Exploited in Wild) CVE-2025-62215 Windows 10, 11, Server 2016–2022 Critical 9.0 
Microsoft Office Use-After-Free Remote Code Execution Vulnerability CVE-2025- 62199 Microsoft Office (Word/Excel/Office Suite) Critical 9.8 
Nuance PowerScribe Missing Authorization Information Disclosure Vulnerability CVE-2025-30398 Nuance PowerScribe 360 Critical 9.1 
Windows DirectX Graphics Kernel Use-After-Free Vulnerability CVE-2025-60716 Windows DirectX Graphics Kernel Critical 8.8 
Microsoft GDI+ Heap-Based Buffer Overflow RCE Vulnerability CVE-2025-60724 Microsoft Graphics Component (GDI+) Critical 8.7 
Visual Studio Command Injection Remote Code Execution Vulnerability CVE-2025-62214 Microsoft Visual Studio / Visual Studio Code Critical 8.1 

Technical Summary 

The zero-day is a Windows Kernel bug that lets attackers gain full system control. Other critical & important vulnerabilities include Office and GDI+ vulnerabilities that could allow hackers to run malicious code or steal data.  

Microsoft also patched issues in Visual Studio, DirectX, and Azure services. Users and admins are strongly advised to install these updates right away to stay protected. 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-62215 Windows Kernel Race conditions in shared resource execution enables local attackers to elevate privileges to SYSTEM (Zero-Day; Exploited in Wild) Elevation of Privilege 
CVE-2025-62199 Microsoft Office Use-after-free vulnerability in Office allows RCE via malicious documents, typically delivered through phishing campaigns Remote Code Execution 
CVE-2025-30398 Nuance PowerScribe 360 Missing authorization vulnerability allows disclosure of sensitive medical or user data over the network Information Disclosure 
CVE-2025-60716 Windows DirectX Graphics Kernel Use-after-free conditions allow local attackers to escalate privileges, potentially compromising the entire system Elevation of Privilege 
CVE-2025-60724 Microsoft GDI+ Heap-based buffer overflow allows attackers to execute arbitrary code remotely via crafted network traffic or malicious files Remote Code Execution 
CVE-2025-62214 Visual Studio Command injection vulnerability allows attackers to execute arbitrary code locally in developer environments Remote Code Execution 

Source: Microsoft 

In addition to several other Important severity vulnerabilities were addressed below –  

  • CVE-2025-59505: Windows Smart Card Reader – Double-free memory handling vulnerability enabling privilege escalation. 
  • CVE-2025-60704: Windows Kerberos – Missing cryptographic validation allows privilege escalation. 
  • CVE-2025-60719: Windows WinSock Driver – Untrusted pointer dereference enabling SYSTEM-level access. 
  • CVE-2025-59504: Azure Monitor Agent – Heap-based buffer overflow allowing local code execution. 
  • CVE-2025-60714: Windows OLE – Buffer overflow permitting local RCE. 
  • CVE-2025-62452: Windows RRAS – Heap overflow enabling network-based RCE. 
  • CVE-2025-59509: Windows Speech Recognition – Sensitive data exposure vulnerability. 
  • CVE-2025-62208 / CVE-2025-62209: Windows License Manager – Sensitive information insertion into logs. 
  • CVE-2025-62210 / CVE-2025-62211: Dynamics 365 Field Service – Cross-site scripting (XSS) spoofing. 
  • CVE-2025-62449 / CVE-2025-62453: VS Code / GitHub Copilot – Path traversal and AI output validation bypass & Others more Vulnerabilities. 

Source: Microsoft, bleepingcompute, cybersecuritynews 

Key Affected Products and Services 

The November 2025 security updates address critical and important vulnerabilities across a broad range of Microsoft products and services: 

  • Windows Core Components 

Updates for Kernel, Hyper-V, Kerberos, RRAS, WinSock, Smart Card, Bluetooth subsystems. 

  • Microsoft Office Suite 

Patches for Word, Excel, and related components impacted by RCE and Information Disclosure vulnerabilities. 

  • Azure & Cloud Services 

Fixes for Azure Monitor Agent, Dynamics 365, Entra ID, and related connectors. 

  • Graphics Components 

Patches for GDI+, DirectX, WSL GUI. 

  • Developer Tools 

Updates for Visual Studio, Visual Studio Code, and GitHub Copilot. 

  • Third-Party Applications 

Patches for Nuance PowerScribe (Medical domain). 

  • Mobile Platform Technologies 

Updates for Microsoft OneDrive for Android. 

Remediation: 

  • Install the November 2025 Microsoft security updates immediately across all Windows, Office, and Azure systems. 

Here are some recommendations below  

  • Monitor for Indicators of Compromise (IoCs) for privilege escalation attempts, new SYSTEM-level services, or unusual Office file crashes. 
  • Ensure Windows 10 ESU enrollment for extended support systems. 
  • Restrict local admin privileges and enforce least-privilege access. 
  • Leverage EDR/SIEM solutions to detect suspicious kernel and Office activity. 
  • Segment critical systems and disable unused network services (RRAS, SMB). 

Conclusion: 
Microsoft’s November 2025 Patch Tuesday resolves 63 vulnerabilities, including one actively exploited Zero-Day and multiple Critical RCE and EoP vulnerabilities in Office, Windows Kernel, GDI+, and Visual Studio. 

Given the confirmed exploitation and the presence of memory corruption vulnerabilities, immediate patch deployment is necessary to prevent potential ransomware and privilege escalation attacks in our modern cyber world. 

References

Security Advisory

Fortinet Released Security Update’s; Patched Multiple High & Medium Severity Vulnerabilities

Summary: Fortinet disclosed multiple critical security vulnerabilities impacting several of its core products, including FortiPAM, FortiSwitch Manager and FortiOS platforms and patched them.

The vulnerabilities encompass issues such as improper privilege escalation, heap-based buffer overflow, weak authentication, improper certificate validation, denial-of-service risk, and race condition flaws in authentication modules.

One of the high severity issue is a weak authentication mechanism vulnerability (CVE-2025-49201) in FortiPAM & FortiSwitch Manager, and a heap overflow flaw (CVE-2025-57740) in the SSL VPN RDP bookmark functionality.

OEM Fortinet 
Severity High 
CVSS Score 7.8 
CVEs CVE-2025-49201, CVE-2025-58325, CVE-2025-57740, CVE-2025-57741 & others 
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

These vulnerabilities pose significant risks to enterprise environments, potentially allowing attackers to bypass authentication controls or execute arbitrary code within targeted systems. Users & Administrators are urged to update to the patched version. 

                Vulnerability Name CVE ID Product Affected Severity Fixed Version 
Weak Authentication Mechanism CVE-2025-49201 FortiPAM, FortiSwitch Manager  High FortiPAM 1.5.1, 1.4.3 or later / FortiSwitch Manager 7.2.5 or later 
CLI Command Functionality Bypass  CVE-2025-58325 FortiOS High FortiOS 7.6.1+, 7.4.6+, 7.2.11+, 7.0.16+ 
Heap Overflow – Remote Code Execution (FortiProxy SSL VPN Bookmarks) CVE-2025-57741 FortiProxy High FortiProxy 7.2.5+, 7.0.5+ 
Heap Overflow – Remote Code Execution (SSL VPN RDP Bookmark) CVE-2025-57740 FortiOS, FortiProxy, FortiPAM, FortiSwitch Manager. Medium FortiOS 7.4.4+ / 7.2.8+ / 7.0.15+, FortiProxy 7.4.4+ / 7.2.10+, FortiPAM 1.3.0+, FortiSwitch Manager 7.2.4+ 

Technical Summary 

Multiple critical and medium-severity vulnerabilities have been identified across several Fortinet products, including FortiOS, FortiPAM, FortiProxy, FortiAnalyzer, and FortiSwitchManager.

Other vulnerabilities could allow attackers to escalate privileges, execute unauthorized code, or bypass authentication, threatening system integrity and confidentiality.

Additional flaws may enable unauthenticated users to disrupt services, intercept network traffic, or exploit race conditions to gain improper access within centralized management and authentication platforms. As the Fortinet released the security updates, quick deploy of the patches to ensure resilience against exploitation and to protect enterprise assets. 

CVE ID Component Affected  Vulnerability Details Impact 
 CVE-2025-49201 FortiPAM, FortiSwitch Manager This flaw enables remote attackers to bypass authentication by sending specially crafted HTTP requests, allowing unauthorized code or command execution within privileged access management and switch management interfaces.  Authentication Bypass / Remote Code Execution 
 CVE-2025-57740 FortiOS, FortiProxy, FortiPAM, FortiSwitch Manager This heap-based buffer overflow in the SSL VPN RDP bookmark feature can be triggered by authenticated users through crafted bookmark data, resulting in memory corruption and possible code execution in the VPN context. Remote Code Execution / System Compromise 
CVE-2025-58325 FortiOS A CLI command functionality bypass allows attackers to execute restricted administrative commands through improper input validation, potentially escalating privileges or modifying critical system parameters. Privilege Escalation / Remote Code Execution 
CVE-2025-57741 FortiProxy This heap overflow vulnerability in FortiProxy’s SSL VPN RDP bookmarks can result in memory corruption, giving attackers a pathway to execute arbitrary code remotely during VPN session initialization. Remote Code Execution / Service Compromise 

Additionally, multiple vulnerabilities have been disclosed that enable remote authentication bypass and include other issues with significant impact potential. 

Vulnerability Name CVE ID Affected Component Severity 
 FGFM protocol allows unauthenticated reset of the connection CVE-2025-26008 FortiOS, FortiProxy, FortiPAM, FortiSwitchManager. Medium 
Heap Overflow in fgfmsd CVE-2025-50571 FortiAnalyzer/Cloud, FortiManager/Cloud. Medium 
Heap buffer overflow in websocket CVE-2025-22258 FortiOS,FortiPAM, FortiProxy, FortiSRA Medium 
Improper autorization over static files CVE-2025-54822 FortiOS, FortiProxy Medium 
Insufficient Session Expiration in SSLVPN using SAML authentication CVE-2025-25252 FortiOS Medium 
Missing authentication check in OFTP service CVE-2025-53845 FortiAnalyzer Medium 
Race condion in FortiCloud SSO SAML authentication CVE-2025-54973 FortiAnalyzer Medium 
Stack-based buffer overflow on fortitoken import feature CVE-2025-46718 FortiOS, FortiProxy Medium 

Recommendations 

Update Fortinet products to the following fixed versions as soon as possible and check the updated version from the Fortinet website 

  • FortiPAM: Upgrade to version 1.5.1 or later, or 1.4.3 or latest version 
  • FortiSwitch Manager: Upgrade to version 7.2.5 or higher 
  • FortiOS: Upgrade to versions 7.6.6+, 7.4.9+, 7.2.11+,7.0.16+ depending on the release series 
  • FortiProxy: Upgrade to 7.6.3+, 7.4.9+ and latest version 
  • FortiAnalyzer: Upgrade to 7.6.3+, 7.4.7+, 7.2.11+, 7.0.14+ latest version 

Patches are available and should be applied immediately. For environments where immediate patching is not immediately feasible, you can also follow the below recommendations : 

  • Enable multi-factor authentication (MFA) to reduce unauthorized access risk 
  • Restrict network access to management interfaces to trusted personnel only 
  • Monitor logs for unusual brute-force attempts or anomalous login activity 
  • Apply the principle of least privilege to limit access to VPN and management services 
  • Use firewalls with strict whitelisting to block external attack vectors to vulnerable services 

Conclusion: 
The recent Fortinet advisories underscore the critical importance of timely vulnerability management, particularly for products controlling privileged access and remote connectivity.

The flaws in authentication and memory management can jeopardize the security posture of enterprise environments.

Organizations should urgently apply patches, monitor for suspicious login and session activity, and implement proactive security measures to reduce exploitation risks. Proactive response and regular updates are essential to maintaining robust security against evolving threats targeting critical infrastructure. 

References

Hashtags 

#Infosec #CyberSecurity #Fortinet #FortiPAM #SQL #RCE #SecurityAdvisory #Vulnerabilitymanagement # PatchManagement #CISO #CXO #Intrucept  

Security Advisory

Microsoft Updates Patch Tuesday for Feb 2025; Address 67 Vulnerabilities, Includes 2 Exploited Zero-Days 

Summary

Microsoft’s February 2025 Patch Tuesday addresses multiple security vulnerabilities, including four zero-days, with two actively exploited in the wild. This update covers a total of 67 security flaws, with three classified as critical Remote Code Execution (RCE) vulnerabilities.  

Microsoft  issued a revision for an older zero-day that threatens the latest Windows desktop and server versions.

OEM Microsoft 
Severity Critical 
Date of Announcement 2025-02-11
No. of Vulnerabilities Patched 67 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

The affected products include Windows, Microsoft Office, Microsoft Surface, and various network services. Organizations are strongly advised to apply these patches immediately to mitigate security risks and potential cyberattacks. 

  • 63 Microsoft CVEs addressed 
  • 4 non-Microsoft CVEs included 

The highlighted vulnerabilities include 4 zero-day flaws, 2 of which are currently being actively exploited. 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-21418 Windows High 7.8 
Windows Storage Elevation of Privilege Vulnerability  CVE-2025-21391 Windows High 7.1 
Microsoft Surface Security Feature Bypass Vulnerability CVE-2025-21194 Windows High  7.1 
NTLM Hash Disclosure Spoofing Vulnerability CVE-2025-21377 Windows Medium  6.5 

Technical Summary 

CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-21418  Windows server and Windows 10 & 11  Windows ancillary function driver for winsock elevation of privilege vulnerability enables attackers to escalate privileges to SYSTEM level. Specific exploitation details are not disclosed.    Unauthorized access with SYSTEM privileges.  
  CVE-2025-21391  Windows server and Windows 10 & 11 Windows storage elevation of privilege vulnerability allows attackers to delete targeted files on a system, potentially leading to service unavailability. Does not expose confidential data.    Deletion of critical data, leading to service disruption. 
  CVE-2025-21194    Microsoft Surface    Microsoft surface security feature bypass vulnerability allows attackers to bypass UEFI protections, compromising the secure kernel. Likely related to “PixieFail” vulnerabilities affecting the IPv6 network stack in Tianocore’s EDK II firmware.    Bypass of security features, potentially compromising system integrity. 
 CVE-2025-21377  Windows server and Windows 10 & 11 NTLM hash disclosure spoofing vulnerability exposes NTLM hashes when a user interacts with a malicious file. Simply selecting or right-clicking a file could trigger a remote connection, allowing an attacker to capture NTLM hashes for cracking or pass-the-hash attacks.   Potential for attackers to authenticate as the user, leading to unauthorized access. 

Source:  Microsoft       

In addition to the actively exploited vulnerabilities, several other critical flaws were also addressed: 

  • CVE-2025-21376: A Windows Lightweight Directory Access Protocol (LDAP) RCE vulnerability that could allow attackers to execute arbitrary code remotely. 
  • CVE-2025-21379: A DHCP Client Service RCE vulnerability that may enable remote attackers to execute code with elevated privileges. 
  • CVE-2025-21381: An RCE vulnerability in Microsoft Excel that could be triggered through malicious spreadsheet files. 

Remediation

  • Apply Updates: Immediately install the February 2025 Patch Tuesday updates to address these vulnerabilities. 

Conclusion: 

The February 2025 Patch Tuesday release addresses critical security vulnerabilities, including actively exploited zero-days. Timely application of these updates is essential to protect systems from potential threats. Organizations should review the affected products and implement the necessary patches and mitigations to maintain security integrity. 

The attack vector is local, meaning the attacker needs local access — physically or remotely, using SSH method without user interaction and if successful in exploiting, can give the attacker system privileges.

References

Security Advisory

Critical Security Updates: Microsoft Jan 2025 Patch Tuesday Fixes 8 Zero-Days & 159 Vulnerabilities 

Summary 

Microsoft has released its January 2025 Patch Tuesday updates, delivering critical fixes. Key products impacted include Windows Telephony Service, Windows Digital Media, and MSMQ, among others.

Key take away:

  • Microsoft addressed 159 vulnerabilities across multiple products, including eight zero-day flaws, with three actively exploited in the January 2025 Patch Tuesday updates.
  • Key vulnerabilities include privilege escalation flaws in Hyper-V and remote code execution bugs in Microsoft Excel.
  • This marks highest number of fixes in a single month since at least 2017.
OEM Microsoft 
Severity Critical 
Date of Announcement 2025-01-14 
No. of Vulnerabilities Patched 159 
Actively Exploited yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

Critical updates were issued for Windows Hyper-V, Windows Themes, Microsoft Access, and Windows App Package Installer. The vulnerabilities include elevation of privilege, remote code execution, and spoofing attacks, impacting various systems. The patch targets a range of critical issues across Microsoft products, categorized as follows: 

  • 58 Remote Code Execution (RCE) Vulnerabilities 
  • 40 Elevation of Privilege (EoP) Vulnerabilities 
  • 22 Information Disclosure Vulnerabilities 
  • 20 Denial of Service (DoS) Vulnerabilities 
  • 14 Security Feature Bypass 
  • 5 Spoofing Vulnerabilities 

The highlighted vulnerabilities include 8 zero-day flaws, 3 of which are currently being actively exploited. 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
Elevation of privilege vulnerability  CVE-2025-21333CVE-2025-21334CVE-2025-21335 Windows High 7.8 
Elevation of Privilege Vulnerability CVE-2025-21275 Windows High 7.8 
Remote Code Execution Vulnerability CVE-2025-21186,CVE-2025-21366, CVE-2025-21395 Windows High 7.8 
Spoofing Vulnerability CVE-2025-21308 Windows Medium 6.5 

Technical Summary 

CVE ID System Affected Vulnerability Details Impact 
 CVE-2025-21333CVE-2025-21334CVE-2025-21335  Windows Hyper-V NT Kernel No information has been released on how elevation of privilege vulnerabilities in Windows Hyper-V NT Kernel Integration VSP, which allow attackers to gain SYSTEM privileges, were exploited in attacks, as they were disclosed anonymously.    Allow attackers to gain SYSTEM privileges 
  CVE-2025-21275  Windows App Package Installer Elevation of privilege vulnerability in the Windows App Package Installer, potentially leading to SYSTEM privileges.   Attackers could gain SYSTEM privileges 
 CVE-2025-21186,CVE-2025-21366, CVE-2025-21395   Microsoft Access  Remote code execution vulnerabilities in Microsoft Access, exploitable via specially crafted Access documents.   Remote Code Execution 
 CVE-2025-21308   Windows Themes Spoofing vulnerability in Windows Themes; viewing a specially crafted theme file in Windows Explorer can lead to NTLM credential theft.   NTLM credential theft 

Source:  Microsoft       

Additional Critical Patches Address High-Severity Vulnerabilities 

  • Eight of this month’s patches address Virtual Secure Mode components, requiring administrators to follow Microsoft’s guidance for updating virtualization-based security (VBS) issues. (CVE-2025-21280, CVE-2025-21284, CVE-2025-21299, CVE-2025-21321, CVE-2025-21331, CVE-2025-21336, CVE-2025-21340, CVE-2025-21370). 
  • Windows NTLM V1 Elevation of Privilege Vulnerability (CVE-2025-21311). 
  • Windows OLE Remote Code Execution Vulnerability (CVE-2025-21298). 

Remediation

  • Apply Updates: Immediately install the January 2025 Patch Tuesday updates to address these vulnerabilities. 
  • Disable NTLM: For CVE-2025-21308, consider disabling NTLM or enabling the “Restrict NTLM: Outgoing NTLM traffic to remote servers” policy to mitigate the risk.  
  • Exercise Caution with Untrusted Files: Avoid opening or interacting with files from untrusted sources, especially those with extensions associated with Microsoft Access. 

Conclusion: 

The January 2025 Patch Tuesday release addresses critical vulnerabilities that could allow attackers to gain elevated privileges, execute arbitrary code, or steal credentials. Prompt application of these updates is essential to maintain system security. Additionally, implementing recommended mitigations, such as disabling NTLM, can provide further protection against potential exploits. 

References

https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan

Scroll to top