Vulnerabilities & Alerts

Microsoft Patch Tuesday – November 2025

by  • 

Fixing 63 Flaws Including 1 Active Zero-Day

You will find below my hot take on this historic Microsoft Patch Tuesday, following the official end of support for Windows 10… I hope you find it useful.

Executive Summary

  • 63 vulnerabilities patched, including an actively exploited zero-day: Microsoft’s November 2025 Patch Tuesday addresses 63 security vulnerabilities across a range of products, one of which is a zero-day flaw that was actively exploited in the wild prior to the patch. Five of the addressed vulnerabilities are rated Critical by Microsoft (encompassing remote code execution and privilege escalation flaws).
  • One exploited vulnerability (CVE-2025-62215) in Windows Kernel: Among the patches is a fix for an Elevation of Privilege vulnerability in the Windows kernel (CVE-2025-62215) that has been observed under active exploitation. This flaw allows a local attacker with basic access to obtain SYSTEM privileges by exploiting a race condition in the kernel. The attack complexity is low, and Microsoft’s threat intelligence teams (MSTIC/MSRC) discovered the issue being used in real attacks.
  • Critical vulnerabilities of high severity: Five vulnerabilities are classified as Critical, including three allowing Remote Code Execution (RCE) and two others with severe impact. Notable critical flaws include an RCE in Microsoft’s GDI+ graphics component (CVE-2025-60724, CVSS 9.8) exploitable via malicious image files, an RCE in Microsoft Office (CVE-2025-62199, CVSS 7.8) via a use-after-free bug triggered by opening a crafted document, a DirectX Graphics Kernel privilege escalation (CVE-2025-60716) that requires winning a race condition in the graphics subsystem, and a critical information disclosure in Nuance PowerScribe 360 (CVE-2025-30398, CVSS 8.1) that could expose sensitive data through an unauthenticated API call. An RCE in Visual Studio (CVE-2025-62214) was also patched, which involved AI Copilot command injection (though this is complex to exploit).
  • Important flaws with higher likelihood of exploitation: Several Important-rated vulnerabilities are highlighted as “Exploitation More Likely” according to Microsoft, meaning they pose a significant risk of being targeted soon. These include privilege escalation bugs in the Customer Experience Improvement Program (CEIP) service (CVE-2025-59512), the Windows Client-Side Caching (CSC) Service (CVE-2025-60705), and three separate EoP flaws in the Windows WinSock driver (CVE-2025-60719, CVE-2025-62217, CVE-2025-62213). While none of the Critical vulnerabilities are currently known to be exploited or considered likely to be exploited imminently, these Important issues should be treated with high priority for patching due to their increased likelihood of exploitation once details become public.

Overview of the November 2025 Patch Tuesday

On November 11, 2025, Microsoft released its monthly batch of security updates fixing 63 vulnerabilities in total. This Patch Tuesday update spans a broad array of Microsoft products and components. Included in this set is one zero-day vulnerability meaning a flaw that was either publicly disclosed or actively exploited before an official fix was available. The rest of the patches address issues of High or Important severity that had been privately reported through responsible disclosure channels.

Microsoft designated five of the 63 patches as Critical, indicating they affect key components or could be exploited by attackers to achieve significant impact such as code execution or full system compromise. The remaining vulnerabilities are rated Important. A breakdown by vulnerability type is as follows: 29 Elevation of Privilege, 16 Remote Code Execution, 11 Information Disclosure, 3 Denial of Service, and 2 Security Feature Bypass/Spoofing issues. This distribution highlights that privilege escalation and code execution remain the dominant classes of issues addressed.

It’s worth noting that this November update marks the first Patch Tuesday after the end-of-support for Windows 10, which officially exited standard support in late October 2025. Accordingly, November 2025 is the first release of Extended Security Updates (ESU) for organizations that have opted into Microsoft’s paid ESU program to continue receiving critical patches on Windows 10. Microsoft strongly advises any remaining Windows 10 users to upgrade to Windows 11 or enroll in ESU to stay protected. In fact, Microsoft shipped an out-of-band fix on Patch Tuesday to resolve an issue preventing some customers from enrolling in the ESU program. Enterprises still running Windows 10 should verify that ESU updates (such as the Windows 10 KB5068781 update) are being applied, or expedite migration plans to avoid unpatched systems moving forward.

Below, we delve into the most significant vulnerabilities patched this month, starting with the actively exploited zero-day and the critical flaws, followed by other notable highlights and guidance for defenders.

Actively Exploited Zero-Day Vulnerability: Windows Kernel (CVE-2025-62215)

CVE-2025-62215 is an elevation of privilege (EoP) vulnerability in the Windows kernel that was found to be actively exploited in the wild prior to the patch. This flaw arises from a concurrency issue (a race condition) in the kernel’s handling of shared resources. An authorized but low-privileged attacker can leverage this race condition to execute code at the kernel level and thereby elevate their privileges to SYSTEM, effectively taking full control of the affected Windows machine.

In practical terms, an attacker who already has a foothold on a Windows system (e.g., via malware running as a regular user) could exploit CVE-2025-62215 to break out of the constraints of that account and gain complete administrative control. The vulnerability has a CVSS 3.1 score of 7.8, reflecting a high severity, though it is not marked Critical by Microsoft since it requires local access. Microsoft notes that the attack complexity is low, meaning the exploit doesn’t require complicated steps or rare conditions – aside from the need to win the timing of the race condition. This typically makes it easier for attackers to develop a reliable exploit.

So far, Microsoft has not disclosed specific details about the observed attacks leveraging this zero-day. However, they have attributed the discovery to the Microsoft Threat Intelligence Center (MSTIC) and the **Microsoft Security Response Center (MSRC), indicating it was likely identified through internal threat intelligence and monitoring efforts. No information was shared on the origin or scope of the attacks, but the very fact it was being exploited underscores the importance of applying this patch immediately.

Organizations should treat this vulnerability as a top patching priority. Until the fix is applied, systems remain at risk of compromise via this local privilege escalation, which could be paired with other exploits (for example, a phishing attack to get initial access, followed by this kernel exploit for full takeover). It is recommended to deploy the relevant Windows updates enterprise-wide as soon as possible, and consider additional detection measures in the interim (for instance, monitoring for unusual processes acquiring SYSTEM privileges).

This zero-day fix is a clear example of why timely patching is crucial: attackers were already ahead of the curve, so defenders must catch up without delay.

Critical Vulnerabilities Patched

Five vulnerabilities patched in November 2025 carry Microsoft’s highest severity rating of Critical. These typically allow for code execution or similar high-impact outcomes, often without requiring authentication. While none of these were reported as exploited at the time of release, they pose significant risk and should be prioritized.
According to Cisco Talos, all five Critical bugs are currently assessed by Microsoft as “Exploitation Less Likely” (meaning no immediate active exploits are expected). Nonetheless, history shows that Critical vulnerabilities can attract adversaries quickly, so swift patching is warranted. A closer look at each Critical issue:

  • GDI+ Remote Code Execution – CVE-2025-60724:
    This is an extremely severe RCE in Microsoft’s Graphics Device Interface (GDI+), with a CVSS score of 9.8. The flaw is a heap-based buffer overflow in the GDI+ component, which an attacker can exploit to execute code on a target system by getting the victim to open a specially crafted image file or document. In practical terms, an adversary could, for example, send a malicious document (containing a malformed metafile image) to a user. If the user opens the document, the embedded image triggers the overflow and allows arbitrary code execution with the user’s privileges.

    What makes CVE-2025-60724 particularly dangerous is that no privileges are required and user interaction can be minimal. Talos notes that even server-side scenarios are possible: an attacker might upload a poisoned image to a web service that processes images, thereby compromising the server without any direct user interaction. Successful exploitation could lead to remote code execution on the server or even data exposure if sensitive info is in memory during the exploit. Microsoft rates the attack complexity as low and, while they consider active exploitation less likely at the moment, the ease of delivery (via documents or uploads) makes this a high-priority patch. All Windows systems with GDI+ (virtually all versions) are likely affected, as are applications that rely on GDI+ for image handling.
  • Microsoft Office Remote Code Execution – CVE-2025-62199:
    This Critical RCE affects Microsoft Office applications and stems from a use-after-free bug that can allow code execution when opening malicious Office files. The vulnerability carries a CVSS 7.8. An attacker could exploit it by sending a specially crafted Office document (Word, Excel, etc.) to a target and convincing them to open it – for instance, via an email phishing attack. Upon opening, the use-after-free condition could be triggered, allowing the attacker’s code to run with the same rights as the victim user.

    This type of vulnerability is reminiscent of many past Office exploits used in targeted attacks or malware campaigns, where simply opening a rigged file can compromise the system. Microsoft notes the attack complexity is low (the exploit doesn’t require multiple conditions). Although user interaction is required, which often leads Microsoft to rate Office RCEs as Important, this one is listed as Critical in the CVE catalog, likely due to the potential impact. Organizations should ensure Office security updates are rolled out swiftly and remind users to be cautious with unsolicited documents. Up-to-date antivirus or Microsoft Defender can provide some layered protection (e.g., scanning or opening files in Protected View), but the surest remediation is applying the patch.
  • DirectX Graphics Kernel Elevation of Privilege – CVE-2025-60716:
    This is an EoP vulnerability in the DirectX Graphics Kernel component of Windows (part of the graphics subsystem in the OS). It has a CVSS score of 7.0. The flaw is described as a use-after-free that an attacker with local access can exploit to gain higher privileges. In essence, a standard user or a code running as a user could leverage this bug to execute code in kernel mode, thus elevating to SYSTEM. However, unlike the Windows Kernel 0-day discussed earlier, this one requires winning a timing condition – “the attacker has to win a race,” as Microsoft puts it – making it a bit trickier to exploit reliably. The attack complexity is rated high and multiple steps are likely needed, which is good news in terms of immediate risk.

    Despite the complexity, the vulnerability is considered Critical by Microsoft, likely because it affects the core graphics kernel which is ubiquitous and the impact of a successful exploit is total compromise. Talos mentions that none of the critical bugs are labeled “Exploitation More Likely,” and specifically this DirectX issue is tagged as less likely to be exploited. That said, privilege escalation flaws in the Windows kernel are valuable for attackers (e.g., to combine with a browser or document exploit for sandbox escape or system takeover). Patching this vulnerability is important to close that potential path. Until patched, mitigation options are limited (there’s no specific workaround short of disabling graphics drivers, which isn’t practical).
  • Visual Studio Remote Code Execution (AI Command Injection) CVE-2025-62214:
    This Critical vulnerability (CVSS 6.7) targets Microsoft Visual Studio, particularly through the new AI-powered Copilot chat extension. According to the advisory, an attacker can perform an AI prompt injection that ultimately leads to code execution on the developer’s machine. Exploiting this is not straightforward – it requires multiple steps, including tricking the developer’s Copilot into generating malicious code or commands and then somehow executing that code (for example, via the build process). Microsoft describes the attack complexity as high, and indeed this is a rather novel attack vector mixing social engineering with development workflows.

    In practice, one scenario might be an attacker crafting a repository or code snippet that, when a developer’s Copilot processes it, causes the AI to inject unsafe commands. The developer would then have to compile or run the suggested code, triggering the payload. While this may not be a common attack, the vulnerability underscores the need for caution with AI assistants in coding environments. Microsoft fixed the issue in Visual Studio and the GitHub Copilot extension, so developers should update those tools. From a defender standpoint, this is an area to watch as it represents a modern twist on supply chain or developer-targeted attacks. It’s critical to patch, but exploitation “in the wild” is not expected to be widespread due to the multi-layered requirements.
  • Nuance PowerScribe 360 Information Disclosure CVE-2025-30398:
    This vulnerability is rated Critical and affects Nuance PowerScribe 360, a specialized software used in medical dictation and reporting. It has a CVSS score of 8.1. The flaw is essentially an authorization bypass in an API, allowing an unauthenticated attacker to query a particular endpoint and retrieve sensitive information from the PowerScribe server. Potentially, this could expose personally identifiable information (PII) or other confidential data stored in the system’s database, given that medical transcription software often handles patient records and clinical data.

    The attack can be carried out remotely over a network without credentials – for instance, by sending a crafted API call over the internet if the PowerScribe system is accessible. This type of vulnerability could lead to significant data breaches, which is likely why it earned a Critical label. Microsoft indicates the attack complexity is low (the attacker simply needs to know the correct API endpoint and request format). Organizations in healthcare and other sectors using PowerScribe should prioritize applying this patch and consider additional hardening (like ensuring such systems are not exposed to the internet, require VPN access, or have web application firewall rules in place). Given the high confidentiality of data involved, one should also review logs for any unusual API access that might indicate prior exploitation attempts.

In summary, these Critical vulnerabilities span a variety of attack vectors — from user-targeted to network service exploits. It is crucial for defenders to apply these patches promptly, as they neutralize potential high-impact threats. Even though Microsoft currently assesses them as less likely to be exploited (perhaps due to lack of known active exploits or the complexity involved in some cases), the window of exposure before attackers develop exploits can be unpredictable. Security teams should assume that proof-of-concept code for at least the easier ones (like GDI+ and Office RCE) could emerge within days or weeks, given the attention such flaws receive.

Important Vulnerabilities with High Exploitation Likelihood

While the Critical bugs grab the headlines, Microsoft and Cisco Talos have called attention to a set of Important-rated vulnerabilities that are more likely to be exploited in the near future. These don’t have the highest severity on paper, but the vendor expects adversaries might focus on them — often because they could be useful in post-compromise scenarios or there’s already some interest in the hacking community. In November 2025, the following five vulnerabilities fall into this category (all are Windows elevation of privilege issues):

  • CVE-2025-59512 – Windows CEIP Elevation of Privilege: A flaw in the Windows Customer Experience Improvement Program service that could allow a local user to gain higher privileges. CEIP is the telemetry and analytics component in Windows; a vulnerability here might be exploited by malware to escape limited user contexts.
  • CVE-2025-60705 – Windows CSC Service Elevation of Privilege: A vulnerability in the Client-Side Caching (Offline Files) service. The CSC service manages offline file access; a bug here could be abused to run code as SYSTEM if an attacker is already on the machine.
  • CVE-2025-60719 – Windows WinSock Driver EoP: An elevation of privilege in the Windows Ancillary Function Driver for WinSock, which is a core networking component. Local exploitation could grant admin rights; network-related subsystems are often targeted by malware after initial infection.
  • CVE-2025-62217 – Windows WinSock Driver EoP: Another privilege escalation in the WinSock driver, distinct from the above but in the same component.
  • CVE-2025-62213 – Windows WinSock Driver EoP: A third vulnerability in the WinSock driver allowing local privilege escalation.

These three Winsock driver issues suggest researchers or attackers have been probing Windows networking internals, and multiple avenues for escalation were found. Microsoft’s “Exploitation More Likely” designation means these are the types of bugs that could soon find their way into exploits or malware toolkits, even if they are not as immediately impactful as an RCE. For example, a common pattern is for attackers to combine a remote exploit (to get in as a standard user) with a privilege escalation exploit (to get admin/System). These EoP flaws could serve as that second-stage in an attack chain.

From a defense perspective, organizations should ensure these Important updates are not overlooked. Apply the patches to workstations and servers to cut off these potential escalation paths. If for some reason patching is delayed, consider implementing mitigations or workarounds if available (though none were specifically provided by Microsoft for these, aside from general best practices). Also, enhancing monitoring can help for instance, monitor the Windows Event Logs for any abnormal events in these services (CEIP, CSC) or the loading of suspicious drivers, which might indicate exploitation attempts.

It’s also advisable to review vulnerability reports or penetration test results that might indicate if these components are commonly vulnerable in your environment. Often, when multiple similar flaws are patched together (like the trio in WinSock), attackers quickly test older versions to see if a variant was not patched or if an exploit can be retrofitted. Thus, treat these “likely to be exploited” vulnerabilities with the same urgency as you would treat a Critical one in terms of patch management.

Other Security Updates Released in November 2025

Beyond Microsoft, the broader cybersecurity landscape saw numerous vendors issuing patches and advisories in November 2025. Security teams, especially those managing a heterogeneous environment, should be aware of these concurrent updates:

  • Adobe: Released security updates for a range of products including InDesign, InCopy, Photoshop, Illustrator, Substance 3D, Adobe Pass, and Adobe Format. Users of Adobe Creative Cloud and related software should install these patches to fix vulnerabilities that could enable anything from code execution to information leaks.
  • Cisco: Issued patches for multiple networking and security products, such as Cisco ASA (Adaptive Security Appliance), Unified Contact Center, and Identity Services systems. Notably, Cisco also warned that attackers have been seen exploiting older, unpatched flaws in its products this month. This underscores the importance of keeping Cisco devices up to date. Network admins should consult Cisco’s advisories and apply relevant updates, especially on edge devices like ASA that are high-value targets.
  • expr-eval (JavaScript library): Developers of the expr-eval JavaScript library released a patch to fix a critical remote code execution vulnerability. This library is used in some web applications for evaluating mathematical expressions. If your web applications include expr-eval, ensure you update to the patched version to prevent potential RCE via malicious inputs.
  • Fortinet: Published a security update for a medium-severity privilege escalation flaw in FortiOS (the operating system for Fortinet appliances). While not critical, this could allow a user with some access to gain higher privileges on a Fortinet device. Administrators of FortiGate firewalls or FortiOS systems should apply this patch to maintain defense-in-depth.
  • Google Android: Google’s Android November 2025 Security Bulletin was released, addressing vulnerabilities in the Android OS, including two specific flaws. These typically cover issues in the framework and system components (and are incorporated into updates for Pixel and other Android devices). Mobile device administrators should ensure enterprise Android devices receive the November security update. CVE details weren’t listed here, but such bulletins often fix critical kernel or driver bugs in Android.
  • Ivanti: Rolled out its November 2025 Patch Tuesday updates for Ivanti products (which include Pulse Secure, MobileIron, etc. after acquisitions). It’s important to review Ivanti’s release to see which products are affected and apply those patches, as Ivanti software often manages critical infrastructure (device management, network access, etc.).
  • runC (Container Runtime): Security updates for runC were made available, fixing flaws that could allow attackers to escape Docker or Kubernetes containers. Container escapes are a serious concern in cloud and on-premises environments because they can lead to compromise of the host. DevOps and cloud security teams should update runC (usually delivered as part of Docker Engine or container runtimes) on their hosts to ensure container isolation remains intact.
  • QNAP: Issued updates for seven zero-day vulnerabilities that were exploited during the Pwn2Own Ireland 2025 hacking contest to hack QNAP NAS devices. QNAP NAS systems are often targets for ransomware and other attacks, so patching these zero-days is vital if you have QNAP devices. The fact they were exploited at Pwn2Own means working exploits exist (though presumably not public yet), so assume adversaries may also develop them.
  • SAP: Released its November 2025 security updates covering multiple SAP products, including a fix for a critical hardcoded credentials issue (CVSS 10.0) in SAP SQL Anywhere Monitor. SAP administrators should apply these patches as a priority, especially the one scoring 10/10 which indicates an easily exploitable and highly critical issue (hardcoded credentials can allow an attacker to log in with a built-in account).
  • Samsung: Published the November 2025 security update for Samsung devices, which includes fixes for 25 vulnerabilities. These updates often integrate Google’s Android patches plus Samsung-specific fixes. Enterprises with Samsung smartphones should ensure these updates are deployed (through EMM/MDM solutions or encouraging users to update), particularly if any Samsung-specific critical vulnerabilities are mentioned.

This overview demonstrates that November 2025 was a busy month for cybersecurity patches beyond just Microsoft. Patch management teams should incorporate these updates into their workflow. It’s advisable to maintain an internal ledger of all critical assets and software in use and cross-reference it with monthly patch releases from major vendors.

The goal is to reduce the window of exposure across all systems, as attackers will often look for the “weakest link” – an unpatched third-party app can become the entry point if your OS is fully patched, for example.

Recommendations and Best Practices for Defenders

Considering the updates and threats highlighted in the November 2025 Patch Tuesday, here are my key recommendations for security teams (CERTs, SOC analysts, CSIRTs, CISOs, IT Directors, and Patch Management crews):

  1. Urgently apply Microsoft’s November 2025 patches across your environment. In particular, prioritize patching CVE-2025-62215 (Windows Kernel EoP) on all Windows systems since it’s actively exploited. Similarly, deploy fixes for all Critical vulnerabilities (GDI+ RCE, Office RCE, DirectX EoP, etc.) as top priority given their high severity. Ensure that client systems (Windows 10 and 11 workstations) and servers (especially those handling image processing, Office files, or running Visual Studio) are updated to mitigate these critical flaws.
  2. Address “Important” vulnerabilities flagged as likely to be exploited: Do not overlook the five Important-rated Windows privilege escalation bugs (CEIP, CSC, and the three Winsock driver issues) marked as “Exploitation More Likely”. Include these in your patch priority list, right after the zero-day and critical patches. These could soon become weapons for attackers aiming to elevate privileges once inside a network. By patching them, you deny adversaries easy post-compromise escalation paths.
  3. Verify Windows 10 ESU coverage or migrate to Windows 11: If your organization still has Windows 10 systems in operation, confirm that they are enrolled in Microsoft’s Extended Security Updates (ESU) program to receive these and future patches. This Patch Tuesday was the first to require ESU for Windows 10, so ensure the KB5068781 ESU update (for example) is applied where needed. If you encountered enrollment issues, apply Microsoft’s out-of-band fix to resolve ESU enrollment bugs. In parallel, strongly consider accelerating plans to upgrade to Windows 11, as it will continue to receive full support and updates.
  4. Update third-party software and devices: Alongside Microsoft patches, incorporate the other vendor updates into your patch cycle. Apply Adobe updates to user endpoints (to prevent exploits via malicious PDFs, images, etc.). Update Cisco network device firmware and software to fix known issues and protect against the exploited older flaws Cisco warned about. If you use software like SAP, QNAP, Fortinet, Ivanti products, etc., ensure their November patches are reviewed and applied where relevant. Container infrastructure should be updated (for runC) to secure cloud and dev environments. Mobile device updates (Android, Samsung) should be pushed to users or managed devices to guard against mobile threats. A comprehensive patch management strategy covering all these fronts will significantly harden your security posture.
  5. Deploy detection rules and monitor for exploit attempts: As patches roll out, assume that determined attackers might try to exploit unpatched systems. Use available threat detection capabilities to your advantage. Notably, Cisco Talos has released new Snort rules to detect attempts to exploit several of the vulnerabilities fixed this month (Snort SIDs 65496–65501, 65507–65510 and Snort3 SIDs 301343–301345, 301347, 301348). If you utilize Snort or compatible IDS/IPS, update your rulesets to include these detections. Additionally, monitor logs and alerts closely: for instance, watch for signs of the kernel EoP exploit (such as unexpected processes gaining SYSTEM rights or crash dumps which might indicate failed race condition attempts) and any anomalies in services like CEIP, CSC, or unusual driver loads that could hint at exploit activity. Establish baseline behavior for critical servers and flag deviations that could be exploitation.
  6. Implement defense-in-depth and temporary mitigations: Where immediate patching is not possible (due to operational constraints or testing requirements), consider interim mitigations. For document-based exploits (Office, GDI+), you can enable features like Office Protected View or block certain file formats at the email gateway to reduce risk while patches are pending. For server-side issues, consider disabling or isolating vulnerable services if feasible (e.g., if Nuance PowerScribe is vulnerable and cannot be patched promptly, ensure it’s not accessible from the internet and restrict its network access). Application whitelisting and memory protection solutions (like EDR with exploit prevention) can also thwart certain exploit techniques, buying time until patches are in place.
  7. User and Admin awareness: Inform your user base (especially developers in the case of the Visual Studio issue, and general staff for the Office exploit vector) about these vulnerabilities and remind them of vigilance. Encourage users to promptly restart or leave their PCs on for updates, as required by your patch deployment process, to ensure patches apply correctly. For administrators, highlight the importance of updating network devices and specialized systems (like NAS, SAP, etc.) which might fall outside routine WSUS/Windows Update processes. Every team should know their role in this patch cycle – from server admins to desktop support to network engineers – ensuring no critical update is missed.
  8. Review and test: After deploying patches, monitor systems for any issues (occasionally, patches, especially those for kernel or drivers, can have side effects). Microsoft’s updates this month include the first ESU patch, so verify those machines continue to function as expected post-update. Test critical applications against the patches if you have staging environments, particularly for something like the DirectX or GDI+ changes, to catch any compatibility issues early. It’s rare but not unheard of for graphics or kernel updates to affect certain software or older hardware drivers.

By following these recommendations, organizations can significantly reduce the risk posed by the November 2025 vulnerabilities. The key themes this month are the active exploitation of a Windows kernel flaw making rapid patching non-negotiable and the presence of multiple elevation of privilege bugs that could become attackers’ favorites for moving laterally or gaining persistence. A holistic approach that combines timely patching, threat detection updates, and user awareness will help ensure that your networks and systems remain secure against both the exploits already in the wild and those likely to emerge. Remember that Patch Tuesday is a recurring opportunity to reinforce your defenses; staying disciplined and proactive during each cycle is one of the best strategies to keep threat actors at bay.

Don’t Think, Just Patch !

Enjoy !

Sources:
Microsoft Security Response Center (MSRC) Update Guide;
BleepingComputer (Lawrence Abrams);
Cisco Talos Intelligence (Ashley Shen).