Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: Microsoft Patch Tuesday, November 2025, patches 63 vulnerabilities (5 Critical, 58 Important). Patch immediately.
Image
Publié : 13/11/2025
* Last update: 12/11/2025
* Affected products:
→ Multiple Microsoft products* Type: Several types, ranging from Information Disclosure to Remote Code Execution and Privilege Escalation.
* CVE/CVSS:
Microsoft patched 63 vulnerabilities in its November 2025 Patch Tuesday release, with 5 rated as critical and 58 rated as important, including 1 zero-day vulnerability that was exploited in the wild.Number of CVE by type:
- 29 Elevation of Privilege vulnerabilities
- 16 Remote Code Execution vulnerabilities
- 11 Information Disclosure vulnerabilities
- 3 Denial of Service vulnerabilities
- 2 Spoofing vulnerability
- 2 Security Feature Bypass vulnerabilities
Sources
Microsoft - https://msrc.microsoft.com/update-guide/en-us/releaseNote/2025-Nov
Risks
Microsoft has released multiple patches for vulnerabilities covering a range of its products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software.
Microsoft’s November 2025 Patch Tuesday includes 63 vulnerabilities (5 critical, 58 important) across a wide range of Microsoft products, primarily impacting Microsoft Server and Workstations. This Patch Tuesday includes 1 actively exploited 0-Day vulnerability. Some other vulnerabilities are also more likely to be exploited soon; therefore, urgent patching is advised.
Description
Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software.
The CCB would like to point your attention to following vulnerabilities:
CVE-2025-62215: Windows Kernel (Important, zero-day)
Elevation of Privilege vulnerabilities. A race condition and double-free in the Windows Kernel could allow a local, authorised attacker to elevate from low privileges to SYSTEM. Exploitation requires winning a high-complexity race, but no user interaction is needed. This vulnerability has been exploited in the wild as a zero-day. Successful exploitation could result in high impact to the confidentiality, integrity, and availability of the affected system.
CVE-2025-60724: Microsoft Graphics Component GDI+ (Critical)
Remote Code Execution Vulnerability. A heap-based buffer overflow in the Microsoft Graphics Component (GDI+) could allow an unauthenticated attacker to execute arbitrary code over the network. Exploitation may be achieved by crafting a malicious metafile that, when processed by vulnerable services or applications, enables code execution without requiring user interaction or elevated privileges. Successful exploitation could lead to full compromise of affected systems, data exposure, or service disruption.
CVE-2025-62199: Microsoft Office (Critical)
Remote Code Execution Vulnerability. A use-after-free in Microsoft Office could allow an attacker to execute arbitrary code. Exploitation requires user interaction, such as convincing a victim to open a malicious file, but even the Preview Pane can serve as an attack vector. Meaning a victim doesn’t need to open the file, scrolling through your emails could be enough. While exploitation has not been observed in the wild, a successful attack could result in full compromise of the affected system, including unauthorised access, modification, or destruction of data.
CVE-2025-60719 / CVE-2025-62213 / CVE-2025-62217: Windows Ancillary Function Driver for WinSock (Important)
Elevation of Privilege Vulnerabilities. Three distinct flaws in the WinSock ancillary driver could allow a local, authorised attacker to elevate privileges to SYSTEM. An untrusted pointer dereference (CVE-2025-60719), a use‑after‑free (CVE-2025-62213), and a race condition (CVE-2025-62217). All three require winning a high-complexity race, are assessed as “Exploitation More Likely,” and, if successfully exploited, would result in a high impact on confidentiality, integrity, and availability.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Qualys - https://blog.qualys.com/vulnerabilities-threat-research/2025/11/11/microsoft-patch-tuesday-november-2025-security-update-review
Bleeping Computer - https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2025-patch-tuesday-fixes-1-zero-day-63-flaws/
The Hacker News - https://thehackernews.com/2025/11/microsoft-fixes-63-security-flaws.html
Tenable - https://www.tenable.com/blog/microsofts-november-2025-patch-tuesday-addresses-63-cves-cve-2025-62215
Zero Day Initiative - https://www.zerodayinitiative.com/blog/2025/11/11/the-november-2025-security-update-review