Microsoft's November 2025 Patch Tuesday addresses 63 security flaws, including one actively exploited zero-day in the Windows Kernel, with critical updates for various vulnerabilities across Microsoft products. The update emphasizes the importance of upgrading from unsupported Windows 10 to Windows 11 and highlights recent security patches from other vendors. A webinar on modern patch management is also promoted.
Microsoft released mandatory Windows 11 KB5068861 and KB5068865 cumulative updates for versions 25H2/24H2 and 23H2, including security patches, bug fixes, and new features like a redesigned Start menu UI, updated battery icons, and enhanced security protections. The updates also mark the end of support for Windows 11 23H2 and will continue to roll out gradually, with no known new issues.
Microsoft's November Windows 11 update (KB5068861) introduces a more customizable Start menu, improvements to the battery icon, and fixes for the Task Manager bug that caused it to run in the background, along with various other system fixes.
Microsoft has released critical security updates addressing a record 196 vulnerabilities, including two zero-day exploits (CVE-2025-59230 and CVE-2025-24990), with the Cybersecurity and Infrastructure Security Agency (CISA) urging federal agencies to update within two weeks to mitigate risks.
Microsoft's October 2025 Patch Tuesday addresses 172 security flaws, including six zero-day vulnerabilities, with critical fixes for remote code execution and privilege escalation. Notably, it marks the end of free support for Windows 10, which can now only receive extended security updates. The update also patches publicly disclosed zero-days in Windows SMB Server and SQL Server, and removes a vulnerable Agere Modem driver, warning that hardware functionality may be affected. The patches cover a wide range of Microsoft products, emphasizing ongoing efforts to improve security across their ecosystem.
Microsoft's August Patch Tuesday update for Windows 11 version 24H2 may fail to install via WSUS, with the issue causing security patches to be delayed; Microsoft is working on a fix, and manual installation or group policies are suggested as temporary workarounds.
Microsoft released a security update fixing 111 vulnerabilities across its products, including a publicly known zero-day in Windows Kerberos (CVE-2025-53779) that could allow privilege escalation and domain compromise, along with critical flaws in Azure, Windows graphics, and other services. The update addresses multiple high-severity issues, with some already remediated, emphasizing the importance of timely patching to prevent exploitation.
Microsoft's August 2025 Patch Tuesday addresses 107 security flaws, including one publicly disclosed zero-day vulnerability in Windows Kerberos, with fixes for critical remote code execution and privilege escalation vulnerabilities across various Microsoft products.
Microsoft released updates fixing 130 vulnerabilities in its products, including critical flaws in SPNEGO and SQL Server, ending a streak of patching exploited zero-days; the most severe is a remote code execution flaw in SPNEGO that could be wormable, requiring immediate attention from users and administrators.
Microsoft's July 2025 Patch Tuesday addresses 137 security flaws, including one publicly disclosed zero-day in SQL Server, fixing critical remote code execution vulnerabilities across various products like Office, SharePoint, and Windows, with detailed updates available in the full report.
Microsoft's June 2025 security updates for Windows Server have caused DHCP service to freeze on some systems, affecting IP address renewals. Microsoft is working on a fix and has addressed other issues in recent updates, including authentication problems and container launch failures.
Microsoft's June 2025 Patch Tuesday addresses 66 security flaws, including one actively exploited zero-day (CVE-2025-33053 in WebDAV) and another publicly disclosed (CVE-2025-33073 in SMB), fixing critical remote code execution and privilege escalation vulnerabilities across various Windows components and Microsoft Office products.
Microsoft has confirmed a zero-day vulnerability, CVE-2024-49138, affecting all Windows OS editions back to Server 2008, which is actively being exploited. The U.S. Cybersecurity and Infrastructure Security Agency has added it to the Known Exploited Vulnerability Catalog, urging immediate updates due to significant risks. The vulnerability is a heap-based buffer overflow in the Windows Common Log File System driver, with a CVSSv3.1 score of 7.8, making it a critical priority for users to patch their systems.
Microsoft has disclosed a critical vulnerability (CVE-2024-49115) in Windows Remote Desktop Services, allowing remote code execution on affected systems. The flaw, with a CVSS score of 8.1, arises from improper memory handling and use-after-free conditions. It affects multiple Windows Server versions, including 2016, 2019, 2022, and 2025. Although no active exploits have been reported, Microsoft has released patches as part of December 2024's Patch Tuesday updates. Users are urged to install these updates immediately to mitigate risks.
Microsoft's November 2024 Patch Tuesday update addresses 90 security vulnerabilities, including two actively exploited flaws in Windows NTLM and Task Scheduler. The update includes fixes for critical remote code execution bugs and a cryptographic protocol flaw in Windows Kerberos. Microsoft also announced the adoption of the Common Security Advisory Framework (CSAF) for improved vulnerability disclosure. Other tech companies like Adobe, Apple, and Google have also released security updates recently.
