Tag :
Cyber Security

Summary

On November 12 (UTC+8), 2025, Microsoft released its November 2025 Security Updates, which included patches for a total of 68 CVEs, a decrease of 115 CVEs compared to the previous month.

In terms of vulnerability severity, there were 4 vulnerabilities marked as "Critical" and 62 vulnerabilities marked as "Important/High". In terms of vulnerability types, there were primarily 21 remote code execution vulnerabilities, 29 privilege escalation vulnerabilities, and 11 information disclosure vulnerabilities.

Statistics

Vulnerability Trend

Vulnerabilities Patched by Microsoft in the Last 12 Months

Figure 1 Vulnerabilities Patched by Microsoft in the Last 12 Months

  • On the whole, Microsoft released 68 patches in November 2025, including 4 critical vulnerability patches.
  • Based on Microsoft's historical vulnerability disclosures and the specific circumstances of this year, Sangfor FarSight Labs estimates that Microsoft will announce a similar number of vulnerabilities in the coming December in comparison to November. We expect a figure of approximately 70 vulnerabilities.

Comparison of Vulnerability Trends

The following figure shows the number of patches released by Microsoft in the month of November from 2022 to 2025.

Number of Windows Patches Released by Microsoft in November from 2022 to 2025

Figure 2 Number of Windows Patches Released by Microsoft in November from 2022 to 2025

The following figure shows the trend and number of vulnerabilities at different severity levels addressed by Microsoft in November from 2022 to 2025.

Number of Vulnerabilities by Severity Level Addressed by Microsoft in November from 2022 to 2025

Figure 3 Number of Vulnerabilities by Severity Level Addressed by Microsoft in November from 2022 to 2025

The following figure shows the number of vulnerabilities by type addressed by Microsoft in November from 2022 to 2025.

Number of Vulnerabilities by Type Addressed by Microsoft in November from 2022 to 2025

Figure 4 Number of Vulnerabilities by Type Addressed by Microsoft in November from 2022 to 2025

Data source: Microsoft security updates

  • Compared to last year, there has been a decrease in terms of the number of vulnerabilities this year. The number of vulnerabilities addressed by Microsoft in November 2025 has decreased. A total of 68 vulnerability patches, including 4 critical ones, have been reported this month.
  • Compared to last year, the number of vulnerabilities at the Critical level addressed by Microsoft remains the same, and that of vulnerabilities at the Important/High level has decreased. Specifically, 4 vulnerabilities at the Critical level have been addressed, the same as last year; and 62 vulnerabilities at the Important/High level have been addressed, a decrease of about 28.7%.
  • In terms of the vulnerability type, both the number of remote code execution (RCE) vulnerabilities and the number of denial-of-service (DoS) vulnerabilities have decreased, whereas the number of elevation of privilege (EoP) vulnerabilities has increased. We should remain highly vigilant because, when combined with social engineering techniques, attackers can exploit RCE vulnerabilities to take over the entire local area network (LAN) and launch attacks.

Details of Key Vulnerabilities

Analysis

GDI+ Remote Code Execution Vulnerability (CVE-2025-60724)

The Graphics Device Interface Plus (GDI+) is a core subsystem in the Windows operating system responsible for graphics and text output. It is used to render graphic elements such as lines, rectangles, fonts, bitmaps, and icons on devices such as monitors and printers. By offering a device-independent drawing interface, GDI+ enables applications to perform drawing tasks without the need to directly operate on hardware. This ensures consistent display across different devices.

A remote code execution vulnerability exists in it, which attackers can exploit to execute arbitrary code on the target system. After assessment, it is considered that this vulnerability is critical in terms of the threat level. We recommend that users promptly update the Microsoft security patches.

Windows Kernel Elevation of Privilege Vulnerability (CVE-2025-62215)

The Windows kernel is the core component of the Windows operating system, responsible for managing the system's fundamental resources and low-level operations. Positioned between the user mode and hardware, it handles crucial tasks such as process scheduling, memory management, device drivers, file system access, security control, and interrupt handling. Its core modules include the kernel mode executive, hardware abstraction layer, and kernel object management mechanism..

An elevation of privilege vulnerability exists in it, which attackers can exploit to gain higher privileges on the target system. After assessment, it is considered that this vulnerability is critical in terms of the threat level. We recommend that users promptly update the Microsoft security patches.

Affected Versions

Vulnerability Name & CVE ID Affected Version
GDI+ Remote Code Execution Vulnerability (CVE-2025-60724)
Windows Server 2025 (Server Core installation)
Windows Server 2025
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 11 Version 25H2 for x64-based Systems
Windows 11 Version 25H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Microsoft Office LTSC for Mac 2024
Microsoft Office LTSC for Mac 2021
Microsoft Office for Android
Windows Kernel Elevation of Privilege Vulnerability (CVE-2025-62215)
Windows Server 2025 (Server Core installation)
Windows Server 2025
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 11 Version 25H2 for x64-based Systems
Windows 11 Version 25H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems

Solutions

Official Solution

Microsoft has released security patches for affected software. Affected users can install the corresponding security patches based on their system versions.

Download Links:

  1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60724
  2. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215

References

https://msrc.microsoft.com/update-guide/releaseNote/2025-Nov

Timeline

On November 12, 2025, Microsoft released a security bulletin.

On November 12, 2025, Sangfor FarSight Labs released a vulnerability alert.

Learn More

Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.

Listen To This Post

Search

Keyword maximum 256 character

Related Articles

Linux Cryptojacking Could be Secretly Draining Your Server Resources

Date : 26 May 2026
Read Now

GoldFactory Targets Vietnam and Thailand with Mobile Banking Fraud

Date : 12 May 2026
Read Now

LiteLLM SQL Injection (CVE-2026-42208)

Date : 29 Apr 2026
Read Now

See Other Product

Platform-X
Sangfor Access Secure - A SASE Solution
Sangfor SSL VPN
Best Darktrace Cyber Security Competitors and Alternatives in 2025
Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure

Meet the Author

Sangfor HQ Building

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
See Author's Detail