Microsoft patched an actively exploited Windows Kernel zero-day in its November 2025 security updates. The company also fixed dozens of other security flaws, addressing 63 unique CVEs. These include one actively exploited vulnerability, five flaws attackers are more likely to target, and one critical vulnerability.
CVE-2025-62215, a privilege escalation vulnerability in the Windows Kernel, poses the most pressing concern. The flaw, with a CVSS score of 7.0, lets attackers escalate privileges and gain administrative rights after compromising a system. Microsoft tied the issue to a race condition and a double free error.
Tenable staff research engineer Satam Narang highlighted the flaw’s severity. Narang noted, “While we don’t have the full scope regarding exploitation, based on the fact that this is a privilege escalation flaw, it was likely used as part of post-exploitation activity by an attacker.” He added that this bug is “one of 11 privilege escalation bugs patched in the Windows Kernel in 2025,” indicating a persistent vulnerability area.
The exploited zero-day impacts numerous Microsoft operating systems, including Windows 10 (Version 1809, 21H2, 22H2), Windows 11 (Version 22H3, 23H2, 24H2, 25H2), and Windows Server 2019, 2022, and 2025 editions. Microsoft urges users to apply these updates immediately to mitigate exploitation risks. Users can find detailed information on its Security Response Center website.
Key takeaway: Update to the patched release and review recent kernel-related activity for signs of exploitation.