Microsoft Patches Zero-Day Vulnerability in Windows Kernel

This week, Microsoft released its November security updates, addressing 63 vulnerabilities across its product line. The most serious among them is CVE-2025-62215, a zero-day flaw in the Windows kernel that attackers are actively exploiting in the wild.

Patch Tuesday Overview

Four vulnerabilities received Critical severity ratings, while 59 were classified as Important. The issues broke down by type as follows:

• 29 privilege escalation vulnerabilities
• 16 remote code execution flaws
• 11 information disclosure bugs
• Several denial-of-service, security feature bypass, and spoofing issues

The Zero-Day: CVE-2025-62215

The actively exploited vulnerability, CVE-2025-62215 (CVSS score: 7.0), is a race condition in the Windows kernel that enables local privilege escalation. Microsoft's own security teams—the Microsoft Threat Intelligence Center (MSTIC) and the Security Response Center (MSRC)—discovered this flaw.

How the exploit works:

First, an attacker must already have low-level access to the target system. From there, they exploit the race condition by forcing multiple threads to access a shared kernel resource simultaneously. When successful, this creates a double-free condition that corrupts the kernel heap. The attacker then overwrites memory to gain SYSTEM-level privileges.

Microsoft has not disclosed who is exploiting CVE-2025-62215 or the specific attack methods being used. Security researchers believe the vulnerability is likely used during post-exploitation—after attackers gain initial system access through phishing, social engineering, or another vulnerability—to escalate their privileges.

Other Critical Vulnerabilities

Microsoft also patched two serious heap buffer overflow vulnerabilities this month:

• CVE-2025-60724 (CVSS score: 9.8) affects a graphical component and allows remote code execution
• CVE-2025-62220 (CVSS score: 8.8) impacts Windows Subsystem for Linux GUI, also enabling remote code execution

Another noteworthy fix addresses CVE-2025-60704 (CVSS score: 7.5), a Kerberos privilege escalation vulnerability that Silverfort has dubbed "CheckSum." This flaw stems from a missing cryptographic validation step in the protocol, which allows attackers to conduct man-in-the-middle attacks and impersonate any user.

Windows 10 Extended Security Update Issues

This month marks the first Extended Security Update (ESU) release for Windows 10, following the end of mainstream support last month. Many users encountered registration problems for the extended update program due to a bug. Microsoft addressed this issue with an out-of-band patch released this week.