MS Family November 2025 Routine Security Update Advisory

Nov 13 2025

Overview

Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.

Affected Products

Azure Family

Azure Monitor

Developer Tools Suite

Microsoft Visual Studio 2022 version 17.14

Microsoft Visual Studio Code CoPilot Chat Extension

Visual Studio Code

ESU Family

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Microsoft Dynamics Suite

Dynamics 365 Field Service (online)

Microsoft Dynamics 365 (on-premises) version 9.1

Microsoft Office Suite

Microsoft 365 Apps for Enterprise for 32-bit Systems

Microsoft 365 Apps for Enterprise for 64-bit Systems

Microsoft Excel 2016 (32-bit edition)

Microsoft Excel 2016 (64-bit edition)

Microsoft Office 2016 (32-bit edition)

Microsoft Office 2016 (64-bit edition)

Microsoft Office 2019 for 32-bit editions

Microsoft Office 2019 for 64-bit editions

Microsoft Office LTSC 2021 for 32-bit editions

Microsoft Office LTSC 2021 for 64-bit editions

Microsoft Office LTSC 2024 for 32-bit editions

Microsoft Office LTSC 2024 for 64-bit editions

Microsoft Office LTSC for Mac 2021

Microsoft Office LTSC for Mac 2024

Microsoft Office for Android

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Server Subscription Edition

Office Online Server

OneDrive for Android

Open Source Software Suites

Windows Subsystem for Linux GUI

Azl3 libarchive 3.7.7-3 on Azure Linux 3.0

Azl3 libxml2 2.11.5-7 on Azure Linux 3.0

Azl3 nghttp2 1.61.0-2 on Azure Linux 3.0

Azl3 rust 1.75.0-21 on Azure Linux 3.0

Azl3 rust 1.86.0-9 on Azure Linux 3.0

Cbl2 libarchive 3.6.1-7 on CBL Mariner 2.0

Cbl2 libxml2 2.10.4-9 on CBL Mariner 2.0

Cbl2 nghttp2 1.57.0-2 on CBL Mariner 2.0

Cbl2 rust 1.72.0-11 on CBL Mariner 2.0

Other product families

Nuance PowerScribe 360 version 4.0.1

Nuance PowerScribe 360 version 4.0.2

Nuance PowerScribe 360 version 4.0.3

Nuance PowerScribe 360 version 4.0.4

Nuance PowerScribe 360 version 4.0.5

Nuance PowerScribe 360 version 4.0.6

Nuance PowerScribe 360 version 4.0.7

Nuance PowerScribe 360 version 4.0.8

Nuance PowerScribe 360 version 4.0.9

Nuance PowerScribe One version 2019.1

Nuance PowerScribe One version 2019.10

Nuance PowerScribe One version 2019.2

Nuance PowerScribe One version 2019.3

Nuance PowerScribe One version 2019.4

Nuance PowerScribe One version 2019.5

Nuance PowerScribe One version 2019.6

Nuance PowerScribe One version 2019.7

Nuance PowerScribe One version 2019.8

Nuance PowerScribe One version 2019.9

PowerScribe One version 2023.1 SP2 Patch 7

SQL Server Family

Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)

Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack

Microsoft SQL Server 2017 for x64-based Systems (CU 31)

Microsoft SQL Server 2017 for x64-based Systems (GDR)

Microsoft SQL Server 2019 for x64-based Systems (CU 32)

Microsoft SQL Server 2019 for x64-based Systems (GDR)

Microsoft SQL Server 2022 for x64-based Systems (CU 21)

Microsoft SQL Server 2022 for x64-based Systems (GDR)

System Center Suite

Microsoft Configuration Manager 2403

Microsoft Configuration Manager 2409

Microsoft Configuration Manager 2503

Windows Family

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows 11 Version 24H2 for ARM64-based Systems

Windows 11 Version 24H2 for x64-based Systems

Windows 11 Version 25H2 for ARM64-based Systems

Windows 11 Version 25H2 for x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022, 23H2 Edition (Server Core installation)

Windows Server 2025

Windows Server 2025 (Server Core installation)

Resolved Vulnerabilities

4 vulnerabilities rated Critical and 60 rated Important were found.

Azure Family

Critical-rated remote code execution vulnerability in Azure Monitor Agent (CVE-2025-59504)

Developer Tools suite

Critical security feature bypass vulnerability in GitHub Copilot and Visual Studio Code (CVE-2025-62453)

Critical Security Feature Bypass Vulnerability in Visual Studio Code CoPilot Chat Extension (CVE-2025-62449)

Critical remote code execution vulnerability in Visual Studio Code CoPilot Chat Extension (CVE-2025-62222)

Critical remote code execution vulnerability in Visual Studio (CVE-2025-62214)

Microsoft Dynamics Suite

Critical-grade spoofing vulnerabilities in Dynamics 365 Field Service (online) (CVE-2025-62210, CVE-2025-62211)

Critical information disclosure vulnerability in Microsoft Dynamics 365 (on-premises) (CVE-2025-62206)

Microsoft Office Suite

Critical remote code execution vulnerability in Microsoft Graphics Component (CVE-2025-60724)

Critical remote code execution vulnerabilities in Microsoft Office Excel (CVE-2025-60727, CVE-2025-62200, CVE-2025-62201, CVE-2025-62203)

Critical information disclosure vulnerabilities in Microsoft Office Excel (CVE-2025-60726, CVE-2025-60728, CVE-2025-59240, CVE-2025-62202)

Critical remote code execution vulnerability in Microsoft Office SharePoint (CVE-2025-62204)

Critical-grade remote code execution vulnerability in Microsoft Office Word (CVE-2025-62205)

Urgent-grade remote code execution vulnerability in Microsoft Office (CVE-2025-62199)

Critical-grade remote code execution vulnerability in Microsoft Office (CVE-2025-62216)

Critical-grade privilege escalation vulnerability in OneDrive for Android (CVE-2025-60722)

Open Source Software Suites

Moderate vulnerability in Mariner (CVE-2025-60753, CVE-2025-12875)

Critical-rated vulnerability in Mariner (CVE-2025-12863)

Critical-rated remote code execution vulnerability in the Windows Subsystem for Linux GUI (CVE-2025-62220)

Other Products

Critical information disclosure vulnerability in Nuance PowerScribe (CVE-2025-30398)

SQL Server Family

Critical elevation of privilege vulnerability in SQL Server (CVE-2025-59499)

System Center Suite

Critical elevation of privilege vulnerability in Microsoft Configuration Manager (CVE-2025-47179)

Windows Family

Critical elevation of privilege vulnerability in Customer Experience Improvement Program (CEIP) (CVE-2025-59512)

Critical elevation of privilege vulnerability in Host Process for Windows Tasks (CVE-2025-60710)

Critical elevation of privilege vulnerability in Microsoft Streaming Service (CVE-2025-59514)

Critical elevation of privilege vulnerability in Microsoft Wireless Provisioning System (CVE-2025-62218, CVE-2025-62219)

Critical elevation of privilege vulnerability in Multimedia Class Scheduler Service (MMCSS) (CVE-2025-60707)

Role: Critical information disclosure vulnerability in Windows Hyper-V (CVE-2025-60706)

Critical Denial of Service Vulnerability in Storvsp.sys Driver (CVE-2025-60708)

Critical elevation of privilege vulnerabilities in Windows Administrator Protection (CVE-2025-60718, CVE-2025-60721)

Critical elevation of privilege vulnerabilities in Windows Ancillary Function Driver for WinSock (CVE-2025-60719, CVE-2025-62217, CVE-2025-62213)

Critical information disclosure vulnerability in Windows Bluetooth RFCOM Protocol Driver (CVE-2025-59513)

Critical elevation of privilege vulnerabilities in Windows Broadcast DVR User Service (CVE-2025-59515, CVE-2025-60717)

Critical elevation of privilege vulnerability in Windows Client-Side Caching (CSC) Service (CVE-2025-60705)

Critical elevation of privilege vulnerability in the Windows Common Log File System Driver (CVE-2025-60709)

Urgent elevation of privilege vulnerability in Windows DirectX (CVE-2025-60716)

Critical elevation of privilege vulnerability in Windows DirectX (CVE-2025-59506)

Critical-grade denial-of-service vulnerability in Windows DirectX (CVE-2025-60723)

Critical elevation of privilege vulnerability in Windows Kerberos (CVE-2025-60704)

Critical elevation of privilege vulnerability in Windows Kernel (CVE-2025-62215)

Critical information disclosure vulnerabilities in Windows License Manager (CVE-2025-62208, CVE-2025-62209)

Critical remote code execution vulnerability in Windows OLE (CVE-2025-60714)

Critical elevation of privilege vulnerability in Windows Remote Desktop (CVE-2025-60703)

Critical elevation of privilege vulnerability in Windows Routing and Remote Access Service (RRAS) (CVE-2025-60713)

Critical-grade denial-of-service vulnerability in Windows Routing and Remote Access Service (RRAS) (CVE-2025-59510)

Critical remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) (CVE-2025-62452, CVE-2025-60715)

Critical elevation of privilege vulnerability in Windows Smart Card (CVE-2025-59505)

Critical elevation of privilege vulnerabilities in Windows Speech (CVE-2025-59507, CVE-2025-59508)

Critical information disclosure vulnerability in Windows Speech (CVE-2025-59509)

Critical elevation of privilege vulnerability in Windows TDX.sys (CVE-2025-60720)

Critical elevation of privilege vulnerability in Windows WLAN Service (CVE-2025-59511)

Vulnerability Patches

The November 11, 2025 Update provided the following product-specific vulnerability patches Please use the Windows Update feature for automatic installation or refer to the URLs in the product information below to download and install.

MS Family November 2025 Routine Security Update Advisory

Overview

Affected Products

Azure Family

Developer Tools Suite

ESU Family

Microsoft Dynamics Suite

Microsoft Office Suite

Open Source Software Suites

Other product families

SQL Server Family

System Center Suite

Windows Family

Resolved Vulnerabilities

Azure Family

Developer Tools suite

Microsoft Dynamics Suite

Microsoft Office Suite

Open Source Software Suites

Other Products

SQL Server Family

System Center Suite

Windows Family

Vulnerability Patches

Adobe Family November 2025 Routine Security Update Advisory

Fortinet Product Security Update Advisory (CVE-2025-64446)

Overview

Affected Products

Azure Family

Developer Tools Suite

ESU Family

Microsoft Dynamics Suite

Microsoft Office Suite

Open Source Software Suites

Other product families

SQL Server Family

System Center Suite

Windows Family

Resolved Vulnerabilities

Azure Family

Developer Tools suite

Microsoft Dynamics Suite

Microsoft Office Suite

Open Source Software Suites

Other Products

SQL Server Family

System Center Suite

Windows Family

Vulnerability Patches

Tags:

Adobe Family November 2025 Routine Security Update Advisory

Fortinet Product Security Update Advisory (CVE-2025-64446)