Patch Tuesday – November 2025


Microsoft is publishing 66 new vulnerabilities today, which is far fewer than one would expect in recent months. There’s a lone exploited-in-the-wild zero-day vulnerability, which Microsoft assesses as critical severity, although there’s apparently no public disclosure yet.

Three critical remote code execution (RCE) vulnerabilities are patched today; happily, Microsoft currently assesses all three as less likely to see exploitation. Five browser vulnerabilities and a dozen or so fixes for Azure Linux (aka Mariner) have already been published separately this month, and are not included in the total.

Read more…
Source: Rapid7


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Patch now! New Chrome update for two critical vulnerabilities

    October 30, 2024

    Google has released an update for its Chrome browser which includes patches for two critical vulnerabilities. The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never ...

  • Exploring CVE-2024-38227 vulnerability in Microsoft SharePoint

    October 25, 2024

    On September 10, Microsoft released another batch of updates addressing 79 vulnerabilities in its products. Among the patches that caught our attention were those for Microsoft SharePoint, an extensive content management system (CMS). Four out of the five SharePoint vulnerabilities covered by the September release allowed remote code execution (RCE) and one of them posed ...

  • Tor Browser and Firefox users should update to fix actively exploited vulnerability

    October 16, 2024

    Mozilla has announced a security fix for its Firefox browser which also impacts the closely related Tor Browser. The new version fixes one critical security vulnerability which is reportedly under active exploitation. To address the flaw, both Mozilla and Tor recommend that users update their browsers to the most current versions available. Firefox users that have ...

  • Exploited Vulnerability in Multiple Fortinet Products

    October 10, 2024

    Fortinet has released a security advisory to address a critical vulnerability in the FortiOS fgfmd daemon. CVE-2024-23113 is a ‘use of externally-controlled format string’ vulnerability with a CVSSv3 score of 9.8. A remote unauthenticated attacker could send specially crafted requests to execute arbitrary code (ACE) or commands. Affected organisations are encouraged to review Fortinet PSIRT Advisory ...

  • iPhone flaw could read your saved passwords out loud – update now

    October 7, 2024

    Apple has issued security updates for iOS 18.0.1 and iPadOS 18.0.1 which includes a fix for a bug that could allow a user’s saved passwords to be read aloud by its VoiceOver feature. VoiceOver allows users to use their iPhone or iPad even if they can’t see the screen. It gives audible descriptions of what’s on ...

  • CISA flags major Ivanti security flaw – patch now

    October 3, 2024

    The US Cybersecurity and Infrastructure Security Agency (CISA) has added a known Ivanti bug to its Known Exploited Vulnerabilities (KEV) catalog, signalling that it’s being actively abused in the wild. The bug that was just added is an SQL Injection vulnerability, found this spring in the Core server of Ivanti Endpoint Manager (EPM) 2022 SU5 and ...