Update Windows now — attacks underway.
NurPhoto via Getty Images
Updated November 14 with details of further Microsoft Windows vulnerabilities that need to be addressed as a matter of some urgency, according to experts, notwithstanding the criticality of the already-exploited Windows Kernel CVE-2025-62215 issue.
At the same time that Google was issuing an emergency update for all Chrome browser users in response to a high-severity security vulnerability, Microsoft issued a security warning of its own. A newly discovered zero-day vulnerability in the Windows Kernel can enable an attacker to gain system privileges. Yes, a Windows kernel zero-day. Yes, attackers have already struck. Yes, you need to update now.
ForbesAll Microsoft Windows Users Warned As New Bot Attacks ConfirmedBy Davey WinderUpdate Windows Now As Microsoft Confirms Kernel Zero-Day Attacks
The latest chapter in the never-ending cybersecurity drama that is Patch Tuesday has been released, and this time it contains no less than 63 vulnerabilities. There’s one, though, that stands out: CVE-2025-62215, an actively exploited zero-day within the Windows Kernel itself.
“While exploitation requires an attacker to win a race condition,” Satnam Narang, a senior staff research engineer at Tenable, said, “Microsoft confirmed that this vulnerability has been actively exploited in the wild.” Narang suggested that this was most likely, considering that CVE-2025-62215 is a privilege escalation flaw, “used as part of post-exploitation activity, following initial access via phishing, social engineering, or another vulnerability.”
While the official Microsoft security advisory confirmed that “concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally,” and that exploitation in the wild had been detected, others have gone further by way of digging into the Windows Kernel vulnerability.
ForbesAmazon CISO Confirms Hacker Exploit Used 2 Zero-Day AttacksBy Davey Winder
“It’s likely to affect just about every asset running Microsoft software,” Adam Barnett, lead software engineer at Rapid7, told me, adding that ”if all the stars align for the attacker, the prize could be remote code execution as system via the network without any need for an existing foothold.” The good news, aside from the fix being available, is that Barnett doesn’t think CVE-2025-62215 is wormable, but that doesn’t stop him from advising that it remains “a top priority for just about anyone considering how to approach this month’s patches.”
The root cause, as confirmed by Microsoft itself, appears to be CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization and CWE-415: Double Free. The two conditions combined, Ben McCarthy, lead cyber security engineer at Immersive, warns, mean that “an attacker with low-privilege local access can run a specially crafted application that repeatedly attempts to trigger this race condition. The goal is to get multiple threads to interact with a shared kernel resource in an unsynchronised way, confusing the kernel’s memory management and causing it to free the same memory block twice.” This then corrupts the kernel heap, the attacker overwrites memory, and the system execution flow is hijacked. Translation: you are in trouble, lots of it. As Jason Soroko, senior fellow at Sectigo, concluded, “CVE-2025-62215 does not open the door by itself, it flings it wide once an attacker is inside.”
Forbes800 Million Compromised Passwords — What You Need To KnowBy Davey WinderCVE-2025-62215 Is Not The Only Microsoft Vulnerability That Needs Your Close Attention
Patch Tuesday is never a one-issue event, no matter how lovely that would be in the fantasy land where cybersecurity is no longer a problem. As already mentioned, the latest monthly security roundup included 63 vulnerabilities. Here are some others that security experts have warned Microsoft users they need to pay particular attention to.
Eliran Partush, a security researcher at Silverfort, thinks that CVE-2025-60704 fits this brief nicely, which is surprising considering that Partush was the person who discovered it. With a Common Vulnerability Scoring System score of 7.5, the Windows Kerberos elevation of privilege vulnerability, or CheckSum as it has ended up being called, can enable an attacker to impersonate users, get hold of sensitive data and, here’s the kicker, remain undetected while so doing. “Kerberos has been trusted for decades as the backbone of enterprise authentication,” Partush said, adding that CVE-2025-60704 highlights “how legacy design choices like weak or outdated checksum mechanisms can quietly undermine even the most well-architected security protocols.”
Meanwhile, Tyler Reguly, associate director of security research and development at Fortra, told me that another vulnerability, with a CVSS 9.8 rating, yes, you read that right, is surely worthy of your attention. CVE-2025-60724, as Microsoft has confirmed, could be triggered without user interaction through malicious documents uploaded to web services. “If I’m a CISO, then CVE-2025-60724 has me worried this month,” Reguly said, “we have a vulnerability that Microsoft and CVSS agree is critical and an attack vector that requires no user interaction and no privileges, just the ability to upload a file.”
ForbesAct Now — Google Chrome Emergency V8 Engine Security Update ConfirmedBy Davey Winder