Microsoft Warns of Exploited Windows Kernel Zero-Day 

Microsoft has released a fix for an elevation-of-privilege vulnerability in Windows Kernel, as part of its regularly scheduled November security updates.

The important-severity flaw (CVE-2025-62215) has been exploited, said Microsoft, but it didn’t disclose further details. Microsoft described the attack complexity linked to the flaw as “high:” an attacker would need to be local and authenticated to successfully exploit it. They would also need to be able to win a race condition, which stems from concurrent execution using a shared resource with improper synchronization in the Windows Kernel. But if they’re able to do so, they could elevate privileges to gain SYSTEM privileges, according to Microsoft in its Tuesday security update.

“It’s also interesting to note there’s a race condition here, and it shows that some race conditions are more reliable than others,” according to Dustin Childs with Trend Micro’s Zero Day Initiative in a Tuesday writeup of the flaw. “Bugs like these are often paired with a code execution bug by malware to completely take over a system. If you must prioritize, this should be at the top of your list.”

Outside of the Kernel flaw, Microsoft issued patches for over 60 CVEs across its products. These included four critical-severity flaws:

• An information disclosure bug in Nuance Powerscribe 360 (CVE-2025-30398): a missing authorization could allow unauthorized attackers to view “highly sensitive user information,” view Powerscribe config settings, and modify data (users would first need to initiate a connection)
• A remote code execution flaw in Microsoft Office (CVE-2025-62199): the use after free bug could enable unauthorized attackers to execute code locally
• An elevation-of-privilege vulnerability in DirectX Graphics Kernel (CVE-2025-60716): if an attacker wins a race condition, they could gain SYSTEM privileges
• A remote code execution bug in Visual Studio (CVE-2025-62214): For this flaw, Microsoft said “exploitation is not trivial… as it requires multiple steps: prompt injection, Copilot Agent interaction, and triggering a build”

Other flaws of note this month included a remote code execution bug in Agentic AI and Visual Studio Code (ranking 8.8 out of 10 on the CVSS severity scale). The flaw (CVE-2025-6222) stems from improper neutralization of special elements used in a command in the Visual Studio Code CoPilot Chat Extension, and could enable an unauthorized attacker to execute code over a network, said Microsoft’s advisory, which added that exploitation is “less likely.” 

“A remote attacker could create a specially crafted GitHub issue within a user's repository,” according to the advisory. “To exploit this, the user must enable a particular mode on the attacker’s crafted issue, which would execute the issue’s description and enable remote code execution by the attacker.”

The number of flaws addressed in this patch Tuesday is far fewer than the number from October, which contained patches for over 170 vulnerabilities, including three that were being exploited.