Patch Tuesday – November 2025


Microsoft is publishing 66 new vulnerabilities today, which is far fewer than one would expect in recent months. There’s a lone exploited-in-the-wild zero-day vulnerability, which Microsoft assesses as critical severity, although there’s apparently no public disclosure yet.

Three critical remote code execution (RCE) vulnerabilities are patched today; happily, Microsoft currently assesses all three as less likely to see exploitation. Five browser vulnerabilities and a dozen or so fixes for Azure Linux (aka Mariner) have already been published separately this month, and are not included in the total.

Read more…
Source: Rapid7


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Cisco warns of worrying major security flaw in firewall command center – patch now

    August 18, 2025

    Cisco recently fixed a maximum-severity vulnerability in its Secure Firewall Management Center (FMC) product, and urged users to apply either the patch, or the mitigation, as soon as possible. FMC is a centralized platform for configuring, monitoring, and analyzing Cisco Secure Firewalls, where users can manage policies, track threat intelligence, and monitor their deployments across endpoints. ...

  • WinRAR vulnerability exploited by two different groups

    August 12, 2025

    On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats. The vulnerability, tracked ...

  • Apple patches multiple vulnerabilities in iOS and iPadOS. Update now!

    July 30, 2025

    Apple released a security update for iOS and iPadOS to patch multiple vulnerabilities, including one that could leak sensitive information when visiting a malicious website and one that allows an attacker to display false information in the address bar. In total, 29 vulnerabilities were patched, most of them in WebKit, Apple’s web rendering engine that powers ...

  • CVE-2025-53770 – Zero-day exploitation in the wild of Microsoft SharePoint servers

    July 29, 2025

    Microsoft released an advisory for CVE-2025-53770, a critical Remote Code Execution (RCE) vulnerability affecting on-premise SharePoint servers. This vulnerability has been exploited in the wild as a zero-day by an unknown threat actor prior to the disclosure from Microsoft. The vulnerability is described as an unauthenticated deserialization of untrusted data issue, and has a CVSS base ...

  • ToolShell: a story of five vulnerabilities in Microsoft SharePoint

    July 25, 2025

    On July 19–20, 2025, various security companies and national CERTs published alerts about active exploitation of on-premise SharePoint servers. According to the reports, observed attacks did not require authentication, allowed attackers to gain full control over the infected servers, and were performed using an exploit chain of two vulnerabilities: CVE-2025-49704 and CVE-2025-49706, publicly named “ToolShell”. Additionally, ...

  • Disrupting active exploitation of on-premises SharePoint vulnerabilities

    July 23, 2025

    Expanded analysis and threat intelligence from Microsoft continued monitoring of exploitation activity by Storm-2603 leading to the deployment of Warlock ransomware. Based on new information, we have updated the Attribution, Indicators of compromise, extended and clarified Mitigation and protection guidance (including raising Step 6: Restart IIS for emphasis), Detections, and Hunting sections. Read more… Source: Microsoft Sign up for ...