Bangkok Post – Microsoft November Patch fixes critical Zero-Day flaw

Microsoft has released its November Patch Update, addressing a total of 63 security vulnerabilities, including one critical Zero-Day flaw that is actively being exploited. The update, identified as KB5068861 (OS Builds 26200.7171 and 26100.7171), contains fixes for four vulnerabilities classified as Critical, with the remainder falling under the Important category or affecting only specific parts of the system. Users are strongly urged to update immediately to mitigate the risk of compromise.

The single, actively exploited Zero-Day vulnerability is CVE-2025-62215 – Windows Kernel Elevation of Privilege Vulnerability.

This specific flaw resides within the Windows Kernel, the core component of the operating system. Successful exploitation allows an attacker to perform Privilege Escalation, moving from a standard user account to the highest level, SYSTEM. This grants them complete access to files, services, and deep-level system settings.

Microsoft explained that this vulnerability stems from a race condition — a flaw where concurrent processing of unsynchronised resources allows an attacker to inject commands between processes and obtain maximum system privileges. While the company has not yet released full technical details of the ongoing attack, it confirmed that the flaw has already been targeted and that a patch is now available.

Breakdown of vulnerabilities

The 63 vulnerabilities addressed in this month’s update are categorised as follows:

Elevation of Privilege: 29 items

Remote Code Execution (RCE): 16 items

Information Disclosure: 11 items

Denial of Service (DoS): 3 items

Security Feature Bypass: 2 items

Spoofing: 2 items

The security community regards the Remote Code Execution and Elevation of Privilege categories as particularly concerning, as these flaws can directly enable a hacker to take full control of a system if the patch is not applied.

Broader product updates

In addition to the core Windows Kernel fix, several other Microsoft products also received patches:

Microsoft Office and Excel: Multiple fixes for Remote Code Execution and Information Disclosure vulnerabilities.

Visual Studio and Copilot Chat Extension: Patches related to Security Bypass and Remote Execution.

Windows DirectX and Windows OLE: Resolved issues relating to remote code execution and privilege escalation.

Windows Routing and Remote Access Service (RRAS): Patched RCE and DoS vulnerabilities.

Windows Subsystem for Linux (WSL): Fixed a remote code execution vulnerability within the WSL GUI system.

Recommendations for Users and Organisations

Given the active exploitation of the Zero-Day flaw, it is highly recommended that all users update their computers immediately for security. The simplest method is via Windows Update on the device, followed by a necessary restart after installation.

For critical systems or corporate servers, users should perform a data backup before applying the update. Large enterprises should utilise a dedicated Patch Management system to ensure all devices are successfully updated.

To check if your computer has the latest update, navigate to Settings, click on System, scroll down and click on About. Under the Windows specifications section, verify that the OS build number is 26200.7171 or higher.

Source: Microsoft