Microsoft has released its November 2025 Patch Tuesday updates, addressing 63 security vulnerabilities across its products, including one actively exploited zero-day (CVE-2025-62215) and four critical issues that could lead to remote code execution, privilege escalation, or information disclosure.

These updates apply to, but are not limited to:

• Windows OS: 11.

• Windows Server: 2016, 2019, 2022, 2025.

• SQL Server 2016, 2017, 2019, 2022.

• Microsoft Office: 2021, 2024.

• Microsoft Edge.

Security Risks

The identified vulnerabilities may allow attackers to gain administrative control, execute malicious code, or compromise sensitive data on affected systems.

For the full list of security patches released by Microsoft, please refer to the Microsoft Security Update Guide. and apply the necessary updates.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and administrators:

1. Apply the latest security patches as soon as possible to prevent unauthorized control over unpatched systems.

2. Upgrade immediately to the latest supported version of installed Microsoft software to continue receiving technical support and security patches.

The following Microsoft software products reached their end-of-life and need to be upgraded immediately:

• Windows Vista, XP, 8, and 7, 10.

• Windows Server 2003, 2003 RE, 2008, 2008 RE, 2008 SP2, 2012, and 2012 R2

• Exchange Server 2003, 2007, 2010, 2013, 2016, and 2019.

• Microsoft SQL Server 2005, 2008, 2012, 2014, and Microsoft Office 2013, 2016, and 2019.

3. Before any updating task, ensure you have a current tested backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailing rwcsirt@ncsa.gov.rw or calling us on 9009.

References

• Microsoft November 2025 Security Release Notes

• Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

• Microsoft Ending Support in 2025