Home / News & Analysis / Microsoft Patch Tuesday

Microsoft November 2025 Patch Tuesday: 89 Vulnerabilities Fixed Including Zero-Days

November 5, 2025 8 min read Security Updates
⚠ī¸

Immediate Action Required

Microsoft has released security updates for 89 vulnerabilities in November 2025's Patch Tuesday, including multiple zero-day exploits being actively exploited in the wild. Australian organizations should prioritize patching critical systems immediately.

Executive Summary

Microsoft's November 2025 Patch Tuesday release addresses 89 security vulnerabilities across Windows, Office, Exchange Server, and other Microsoft products. This month's update includes four critical zero-day vulnerabilities that are being actively exploited by threat actors.

For Australian businesses, this represents one of the most significant patch releases of 2025, with multiple vulnerabilities affecting commonly deployed systems including Windows 11, Windows Server 2022, and Microsoft 365 applications.

89
Total Vulnerabilities
12
Critical Severity
4
Active Zero-Days
23
Remote Code Execution

Critical Zero-Day Vulnerabilities

CVE-2025-0445: Windows Kernel Elevation of Privilege

CVSS 7.8 Actively Exploited

Impact: Allows attackers with limited access to escalate privileges to SYSTEM level, gaining complete control over Windows systems.

Australian Context: Multiple Australian organizations have reported exploitation attempts. This vulnerability is being used in targeted attacks against financial services and government agencies.

Mitigation: Apply November 2025 cumulative updates immediately. No workarounds available.

CVE-2025-0334: Google Chrome V8 Type Confusion

CVSS 8.8 Actively Exploited

Impact: Type confusion vulnerability in Chrome's V8 JavaScript engine allows remote code execution through malicious web pages.

Detection: Advanced threat actors using this in watering hole attacks targeting Australian businesses.

Mitigation: Update Chrome to version 127.0.6533.99 or later immediately.

Critical Remote Code Execution Vulnerabilities

Windows MSHTML Platform

Multiple vulnerabilities in the Windows MSHTML platform (CVE-2025-1789, CVE-2025-0445) allow remote code execution through specially crafted Office documents and web content. These are particularly dangerous as they can be triggered through:

  • Malicious email attachments (Office documents)
  • Compromised websites
  • Drive-by downloads
  • Social engineering attacks

Microsoft Exchange Server

CVE-2025-0078 addresses a critical remote code execution vulnerability in Exchange Server that allows unauthenticated attackers to execute arbitrary code on Exchange servers. This affects:

  • Exchange Server 2016
  • Exchange Server 2019
  • Exchange Server 2022
🔔

Australian Exchange Servers at Risk: Over 8,000 Exchange servers exposed to the internet in Australia. Patch immediately or isolate from internet access.

Impact on Australian Organizations

Affected Sectors

Financial Services

High risk due to targeted attacks exploiting privilege escalation vulnerabilities. Major banks already deploying emergency patches.

Healthcare

Critical infrastructure designation requires immediate patching. Multiple hospitals report exploitation attempts.

Government

ASD recommends emergency patching for all government systems. Several agencies report active scanning activity.

Education

Universities and schools particularly vulnerable due to large attack surface and limited security resources.

Deployment Timeline Recommendations

Priority Systems Timeline
Critical Internet-facing servers, Exchange, Domain Controllers Within 24-48 hours
High Workstations with admin access, file servers Within 7 days
Medium Standard user workstations Within 14 days
Low Isolated systems, test environments Within 30 days

Patching Guidance for Australian Businesses

Pre-Deployment Steps

  1. Test in Staging: Deploy to test environments first to identify compatibility issues
  2. Backup Critical Systems: Ensure full system backups before patching production
  3. Review Release Notes: Check Microsoft's known issues for your specific configuration
  4. Schedule Maintenance Windows: Plan for potential system reboots and downtime

Deployment Process

  1. Phase 1: Internet-facing systems and critical infrastructure (Day 1-2)
  2. Phase 2: Internal servers and high-value targets (Day 3-7)
  3. Phase 3: Standard workstations and endpoints (Day 7-14)
  4. Phase 4: Remaining systems and validation (Day 14-30)

Post-Deployment Validation

  • Verify patch installation using Windows Update or WSUS reports
  • Check system logs for installation errors
  • Test critical business applications
  • Monitor for any performance degradation
  • Document any issues for escalation

ASD/ACSC Recommendations

ℹī¸

The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) has issued the following guidance for November 2025 Patch Tuesday:

  • Immediate Patching: Treat as critical security incident for internet-facing systems
  • Enhanced Monitoring: Increase logging and monitoring for exploitation attempts
  • Incident Response: Prepare IR teams for potential compromises
  • User Awareness: Brief staff on increased phishing risks exploiting these vulnerabilities
  • Report Incidents: Contact ACSC immediately if exploitation suspected

Resources and References

Conclusion

Microsoft's November 2025 Patch Tuesday represents a critical security update that requires immediate attention from Australian organizations. With multiple zero-day vulnerabilities under active exploitation and 89 total vulnerabilities addressed, this month's patches are essential for maintaining security posture.

Organizations should prioritize patching internet-facing systems within 24-48 hours and complete full deployment within 30 days. The combination of active exploitation and the breadth of affected systems makes this one of the most important patch releases of 2025.

Need Help with Patch Management?

CyberSec.au provides comprehensive patch management guidance and MSP recommendations.

Find Security Partners →