Microsoft November 2025 Patch Tuesday Fixes 1 Zero-day, 63 Flaws

Today is Microsoft's November 2025 Patch Tuesday, which includes security updates for 63 flaws, including one actively exploited zero-day vulnerability.

This Patch Tuesday also addresses four "Critical" vulnerabilities, two of which are remote code execution vulnerabilities, one is an elevation of privileges, and the fourth is an information disclosure flaw.

The number of bugs in each vulnerability category is listed below:

When BleepingComputer reports on the Patch Tuesday security updates, we only count those released today by Microsoft. Therefore, the number of flaws does not include Microsoft Edge and Mariner vulnerabilities fixed earlier this month.

Today is also the first extended security update (ESU) for Windows 10, so if you are still utilizing the unsupported operating system, it is strongly advised that you upgrade to Windows 11 or enroll in the ESU program.

For those who are having issues enrolling in the program, Microsoft released an out-of-band update today to fix an bug that prevents enrollments.

To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5066835 and KB5066793 updates and the Windows 10 KB5068781 extended security update.

If you're facing delays, blind spots, or prioritization issues with Patch Tuesday updates, join our December 2 webinar with Action1 to learn how modern patch management helps you patch faster and reduce risk.

This month's Patch Tuesday fixes one actively exploited zero-day flaw in the Windows Kernel.

Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available.

Source: BleepingComputer