Microsoft Monthly Security Update (November 2025)

[Updated on 2026-04-14]

Updated Description, Source and Related Links.

CVE-2025-60710 is being exploited in the wild. Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Microsoft has released monthly security update for their products:

Vulnerable Product	Risk Level	Impacts	Notes
Azure	Medium Risk	Remote Code Execution
Windows	Medium Risk	Elevation of Privilege Information Disclosure Denial of Service Remote Code Execution	CVE-2025-62215 is being exploited in the wild. A local, authenticated attacker could exploit this vulnerability by winning a race condition in order to gain SYSTEM privileges.   CVE-2025-60710 is being exploited in the wild. Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Extended Security Updates (ESU)	Medium Risk	Elevation of Privilege Denial of Service Information Disclosure Remote Code Execution
Microsoft Office	Medium Risk	Information Disclosure Remote Code Execution Elevation of Privilege
Microsoft Dynamics	Medium Risk	Spoofing Information Disclosure
Open Source Software	Medium Risk	Remote Code Execution
System Center	Medium Risk	Elevation of Privilege
SQL Server	Medium Risk	Elevation of Privilege
Developer Tools	Medium Risk	Remote Code Execution Security Restriction Bypass
Other	Medium Risk	Information Disclosure

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 10

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Medium Risk