On November 12, 2025, Microsoft released critical security updates as part of its regular Patch Tuesday. These updates address significant vulnerabilities in Windows 10, Windows 11, Windows Server, and Microsoft Office.
Security Updates Overview
One of the key fixes addresses Remote Code Execution (RCE) bugs in Microsoft Graphics and Office. These flaws could potentially allow attackers to execute malicious code if users open a specially crafted file.
Moreover, Microsoft tackled a zero-day Windows Kernel Elevation of Privilege (EoP) vulnerability. This flaw, which involves a race condition, allows attackers with local access to escalate their privileges to admin level by chaining attacks.
Specific Vulnerability Insights
Another significant issue fixed is the CVE-2025-60724 bug in the GDI+ component of Microsoft Graphics. Rated at 9.8 out of 10 in severity, this vulnerability is a heap-based buffer overflow. Attackers could exploit it by persuading users to open a crafted metafile or by uploading a malicious file to a susceptible web service.
The updates bring essential protection to users by closing these vulnerabilities, mitigating the risks of unauthorized access and data breaches.
Steps for Updating
- Access the Start menu and open Settings.
- Navigate to Windows Update.
- Select 'Check for updates' and download available patches.
- Restart your PC if prompted and ensure Windows Update indicates "You're up to date."
By promptly applying these updates, users can enhance their security posture and protect their systems from active threats.
