November 2025 Patch Tuesday: One Zero-Day and Five Critical Vulnerabilities Among 63 CVEs

In November 2025, Microsoft's Patch Tuesday addressed 63 vulnerabilities, including a zero-day and five critical ones, marking a significant reduction from October’s 172. The update included critical remote code execution vulnerabilities in Microsoft Graphics Component and Office, as well as an elevation of privilege vulnerability in the Windows kernel, which had been actively exploited. Organizations using Windows 10 must now be enrolled in the Extended Security Update program to continue receiving updates, following its end of life in October. The CrowdStrike Falcon platform provides tools for managing and prioritizing these vulnerabilities, emphasizing the importance of a comprehensive cybersecurity strategy beyond just patching.