Service Notices
Microsoft Releases November 2025 Security Updates
Nov 13, 2025 GMT+08:00
I. Overview
Huawei Cloud noticed that Microsoft has released its November 2025 Security Updates. A total of 63 security vulnerabilities have been disclosed, among which 5 are marked as important vulnerabilities. Attackers can leverage these vulnerabilities to execute remote code, escalate privileges, and breach information. The affected applications include Microsoft Windows, Microsoft Office, SQL Server, and Visual Studio.
For details, visit the Microsoft official website:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Nov
The following vulnerabilities require close attention as their details have been disclosed or they have already been exploited by attackers:
Windows Kernel Elevation of Privilege Vulnerability (CVE-2025-62215): A local, authenticated attacker could exploit this vulnerability by winning a race condition in order to gain SYSTEM privileges. This vulnerability has been exploited in the wild, and the risk is high.
5 vulnerabilities (including CVE-2025-60705, CVE-2025-59512, and CVE-2025-62217) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Office, SQL Server, Visual Studio, and other products.
IV. Vulnerability Details
|
CVE ID |
Vulnerability Name |
Severity |
Vulnerability Description |
|
CVE-2025-60724 |
Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability |
Important |
An attacker could trigger this vulnerability by convincing a victim to download and open a document that contains a specially crafted file. Successful exploitation of this vulnerability could lead to arbitrary code execution on the target system. |
|
CVE-2025-30398 |
Nuance PowerScribe 360 Information Leakage Vulnerability |
Important |
Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network. |
|
CVE-2025-62214 |
Visual Studio Remote Code Execution Vulnerability |
Important |
Improper neutralization of special elements used in a command ("command injection") in Visual Studio allows an authorized attacker to execute code locally. |
|
CVE-2025-60716 |
DirectX Graphics Kernel Elevation of Privilege Vulnerability |
Important |
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. |
|
CVE-2025-62199 |
Microsoft Office Remote Code Execution Vulnerability |
Important |
An attacker can send a specially crafted file and induce the target user to open it to trigger the vulnerability. Successful exploitation of this vulnerability may allow the attacker to execute remote code on the target system. |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://msrc.microsoft.com/update-guide
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.