Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack
Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild. Of the 63 flaws, four are rated Critical and 59 are rated Important in severity. Twenty-nine of these vulnerabilities are related to privilege escalation, followed by 16 remote code execution, 11 information disclosure, three denial-of-service (DoS), two security feature bypass, and two spoofing bugs.
The patches are in addition to the 27 vulnerabilities the Windows maker addressed in its Chromium-based Edge browser since the release of October 2025’s Patch Tuesday update.
The zero-day vulnerability that has been listed as exploited in Tuesday’s update is CVE-2025-62215 (CVSS score: 7.0), a privilege escalation flaw in Windows Kernel. The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have been credited with discovering and reporting the issue.
„Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Kernel allows an authorized attacker to elevate privileges locally,“ the company said in an advisory.
That said, successful exploitation hinges on an attacker who has already gained a foothold on a system to win a race condition. Once this criterion is satisfied, it could permit the attacker to obtain SYSTEM privileges.
Source: The hacker news / Bleeping computer / Securityweek / CISCO Talos intelligence group / Dark reading / Helpnet security / Infosecurity magazine / SANS internet storm center
Link: https://thehackernews.com/2025/11/microsoft-fixes-63-security-flaws.html
Link: https://www.securityweek.com/microsoft-patches-actively-exploited-windows-kernel-zero-day/
Link: https://blog.talosintelligence.com/microsoft-patch-tuesday-november-2025/
Link: https://www.helpnetsecurity.com/2025/11/12/patch-tuesday-microsoft-cve-2025-62215/
Link: https://www.infosecurity-magazine.com/news/microsoft-windows-kernel-zero-day/
Link: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+for+November+2025/32468/
Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws
Amazon’s threat intelligence team on Wednesday disclosed that it observed an advanced threat actor exploiting two then-zero-day security flaws in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC products as part of attacks designed to deliver custom malware.
„This discovery highlights the trend of threat actors focusing on critical identity and network access control infrastructure – the systems enterprises rely on to enforce security policies and manage authentication across their networks,“ CJ Moses, CISO of Amazon Integrated Security, said in a report shared with The Hacker News.
The attacks were flagged by its MadPot honeypot network, with the activity weaponizing the following two vulnerabilities –
- CVE-2025-5777 or Citrix Bleed 2 (CVSS score: 9.3) – An insufficient input validation vulnerability in Citrix NetScaler ADC and Gateway that could be exploited by an attacker to bypass authentication. (Fixed by Citrix in June 2025)
- CVE-2025-20337 (CVSS score: 10.0) – An unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could allow a remote attacker to execute arbitrary code on the underlying operating system as root. (Fixed by Cisco in July 2025)
While both shortcomings have come under active exploitation in the wild, the report from Amazon sheds light on the exact nature of the attacks leveraging them.
Source: The hacker news / Securityweek / Dark reading / AWS blog
Link: https://thehackernews.com/2025/11/amazon-uncovers-attacks-exploited-cisco.html
Link: https://www.securityweek.com/cisco-ise-citrixbleed-2-vulnerabilities-exploited-as-zero-days-amazon/
Link: https://www.darkreading.com/vulnerabilities-threats/citrixbleed-2-cisco-zero-day-bugs
Link: https://aws.amazon.com/de/blogs/security/amazon-discovers-apt-exploiting-cisco-and-citrix-zero-days/
Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security
Active Directory remains the authentication backbone for over 90% of Fortune 1000 companies. AD’s importance has grown as companies adopt hybrid and cloud infrastructure, but so has its complexity. Every application, user, and device traces back to AD for authentication and authorization, making it the ultimate target. For attackers, it represents the holy grail: compromise Active Directory, and you can access the entire network.
AD serves as the gatekeeper for everything in your enterprise. So, when adversaries compromise AD, they gain privileged access that lets them create accounts, modify permissions, disable security controls, and move laterally, all without triggering most alerts.
The 2024 Change Healthcare breach showed what can happen when AD is compromised. In this attack, hackers exploited a server lacking multifactor authentication, pivoted to AD, escalated privileges, and then executed a highly costly cyberattack. Patient care came to a screeching halt. Health records were exposed. The organization paid millions in ransom.
Once attackers control AD, they control your entire network. And standard security tools often struggle to detect these attacks because they look like legitimate AD operations.
Source: The hacker news
Link: https://thehackernews.com/2025/11/active-directory-under-siege-why.html
Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362
Cisco on Wednesday disclosed that it became aware of a new attack variant that’s designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362.
„This attack can cause unpatched devices to unexpectedly reload, leading to denial-of-service (DoS) conditions,“ the company said in an updated advisory, urging customers to apply the updates as soon as possible.
Both vulnerabilities were disclosed in late September 2025, but not before they were exploited as zero-day vulnerabilities in attacks delivering malware such as RayInitiator and LINE VIPER, according to the U.K. National Cyber Security Centre (NCSC).
While successful exploitation of CVE-2025-20333 allows an attacker to execute arbitrary code as root using crafted HTTP requests, CVE-2025-20362 makes it possible to access a restricted URL without authentication.
Source: The hacker news / Bleeping computer
Link: https://thehackernews.com/2025/11/cisco-warns-of-new-firewall-attack.html
SAP fixes hardcoded credentials flaw in SQL Anywhere Monitor
SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform.
The security problem in SQL Anywhere Monitor is tracked as CVE-2025-42890 and consists of hardcoded credentials. Because of the elevated risk, the vulnerability received the maximum severity score of 10.0.
„SQL Anywhere Monitor (Non-GUI) baked credentials into the code, exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution,“ reads the description for the flaw.
Depending on how they are used, an attacker who obtains the credentials can use them to acceess administrative functions. SQL Anywhere Monitor is a database monitoring and alert tool, part of the SQL Anywhere suite, typically used by organizations managing distributed or remote databases.
Source: Bleeping computer / Securityweek / Onapsis SAP security notes
Link: https://www.securityweek.com/sap-patches-critical-flaws-in-sql-anywhere-monitor-solution-manager/
Link: https://onapsis.com/blog/sap-security-patch-day-november-2025/
Adobe Patches 29 Vulnerabilities
Adobe’s latest round of Patch Tuesday updates addresses 29 vulnerabilities across the company’s InDesign, InCopy, Photoshop, Illustrator, Pass, Substance 3D Stager, and Format Plugins products.
Critical vulnerabilities that can be exploited for arbitrary code execution have been addressed in InDesign, InCopy, Photoshop, Illustrator, Substance 3D Stager, and Format Plugins. A critical security bypass issue has been resolved in Pass. It’s worth noting that Adobe assigns a ‘critical’ severity to issues that, based on their CVSS score, have a ‘high’ severity rating. Adobe says there is no evidence that the vulnerabilities patched this month have been exploited in the wild.
The company has assigned a priority rating of ‘3’ to all of the bugs, which indicates that malicious exploitation is not expected. However, users were warned recently that a critical flaw in Adobe Commerce had been exploited to hack ecommerce websites.
Source: Securityweek
Link: https://www.securityweek.com/adobe-patches-29-vulnerabilities/
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Rockwell, Aveva, Schneider
Industrial giants Siemens, Schneider Electric, Rockwell Automation, and Aveva have released Patch Tuesday advisories informing customers about vulnerabilities in their ICS/OT products.
Siemens published six new advisories. One of them covers two vulnerabilities in the Comos plant engineering software, including a critical code execution flaw, and a high-severity security bypass issue. Vulnerabilities have also been addressed in Siemens Solid Edge (remote MitM, code execution), Altair Grid Engine (code execution), Logo! 8 BM (code execution, DoS, settings tampering), and Sicam P850 (CSRF) products.
Rockwell Automation published five new advisories on November 11, each covering high-severity vulnerabilities found in various products. The company informed customers of its Verve Asset Manager OT security platform that the product is affected by a high-severity access control issue that allows unauthorized read-only users to tamper with other user accounts via an API.
Source: Securityweek