November Patch Tuesday

Hosted by Chris Goettl and Todd Schell
Patch Tuesday Webinar
Wednesday, November 12, 2025

Copyright © 2025 Ivanti. All rights reserved. 2
Agenda
▪ November 2025 Patch Tuesday Overview
▪ In the News
▪ Bulletins and Releases
▪ Between Patch Tuesdays
▪ Q & A

November Patch Tuesday 2025
November 2025 Patch Tuesday brings us a lull in
CVE count from Microsoft. The first update since
the Windows 10 EoL includes one zero-day
exploit which already affects the aforementioned
EoL OS. This means running Windows 10 without
ESU coverage is a real security risk right out of
the gate. Third-party updates from Adobe and
Mozilla round out the security updates this Patch
Tuesday as Google Chrome's PT update
included no reported CVEs.
For more details check out this month's Patch
Tuesday blog.

In the News

In the News
▪ November End-of-Life Continues
▪ Windows 11 23H2 Professional Edition
▪ Impact of Exchange Server EOL
▪ CISA, NSA, Australian Signals Directorate, and others combined their talent
▪ Microsoft Exchange Server Best Practices
▪ Zoom Vulnerabilities Let Attackers Bypass Access Controls to Access Session Data
▪ Patching collaboration platforms and browsers more frequently is recommended
▪ UK cybersecurity bill brings tougher rules for critical infrastructure
▪ Cisco detects new attack variant targeting vulnerable firewalls

▪ CVE-2025-62215 Windows Kernel Elevation of Privilege Vulnerability
▪ CVSS 3.1 Scores: 7.0 / 6.5
▪ Severity: Important
▪ Impact: Elevation of Privilege
▪ Affected Systems: All currently supported Windows operating systems
▪ Per Microsoft: Concurrent execution using shared resource with improper synchronization ('race condition') in
Windows Kernel allows an attacker to elevate privileges locally. An attacker who successfully exploited this
vulnerability could gain SYSTEM privileges.
Known Exploited Vulnerabilities

Ivanti Endpoint Manager (EPM) Ivanti Neurons for MDM
Security Advisory: Ivanti
Endpoint Manager
Endpoint Manager
Neurons for MDM
Ivanti Security Updates
Special thanks to the security researchers, ethical hackers, and the broader security community for
partnering with us to improve the security of our products.
Vulnerabilities:
• CVE-2025-9713 CVSS: 8.8
• CVE-2025-11622 CVSS: 7.8
• CVE-2025-10918 CVSS: 7.1
Affected Versions:
• 2024 SU3 SR1 and prior
Vulnerabilities:
• 13 Reported CVSS: 8.8 – 6.5
Affected Versions:
Vulnerabilities:
• #1* CVSS: 8.0
• #2* CVSS: 8.1
• #3* CVSS: 5.3
* Does not qualify for CVE designation
but reported for transparency. See
advisory for details.
Affected Versions:
• R118 and prior
Ivanti Endpoint Manager (EPM)

CVE-2025-11561
CVSS 3: 8.5
Impact: Red Hat Enterprise Linux and other major
distros
▪ SSSD (System Security Services Daemon) is a
core component for Linux-Active Directory
integration in enterprise environments. This
vulnerability exists in the integration of Active
Directory and the SSSD on Linux systems.
▪ This integration is used to provide centralized
authentication and identity management.
New and Notable Linux Vulnerabilities: 1
▪ In default configurations, the Kerberos local
authentication plugin is enabled, but a fallback
to the an2ln plugin is possible, allowing an
attacker with permission to modify certain AD
attributes to impersonate privileged users,
potentially resulting in unauthorized access or
privilege escalation on domain-joined Linux
hosts.
Mitigation
Ensure the SSSD Kerberos local authentication
plugin (sssd_krb5_localauth_plugin) is configured
and the an2ln plugin is disabled by adding "disable
= an2ln" in a krb5 include file.
Highlighted by TuxCare

CVE-2025-41244
CVSS 3: 7.8
Impact: Multiple Linux distributions, including
Oracle Linux 8, and Ubuntu 20.04, 22.04, 24.04,
and 25.04
▪ On September 29th, 2025, Broadcom disclosed
a local privilege escalation vulnerability impacting
VMware’s guest service discovery features.
NVISO identified zero-day exploitation in the wild
beginning mid-October 2024.
▪ The vulnerability impacts both the VMware Tools
and VMware Aria Operations.
▪ When successful, exploitation of the local
privilege escalation results in unprivileged users
achieving code execution in privileged contexts
(e.g., root).
Mitigation
Upgrade Oracle Linux systems to the patched
version (12.3.5-2.0.1.el810.1) which includes
updated versions of open-vm-tools packages for
both x8664 and aarch64 architectures. Upgrade
Ubuntu to the latest patched version

CVE-2025-58438
CVSS 3: 9.4
Impact: Windows and Linux Platforms
▪ Critical directory traversal vulnerability
discovered in the internetarchive Python library's
File.download() method, affecting versions 5.5.0
and below.
▪ Impacts the file download functionality of the
library, affects all operating systems (including
Linux) but is particularly critical for Windows
users.
▪ A maliciously crafted filename could contain path
traversal sequences or illegal characters that,
when processed, would cause the file to be
written outside of the intended target directory
Mitigation
The vulnerability has been patched in version 5.5.1
of the internetarchive library.
The fix includes automatic filename sanitization with
platform-specific rules, path resolution checks to
block directory traversal attacks, and warnings
when filenames are sanitized. There are no safe
workarounds without upgrading

Microsoft Patch Tuesday Updates of Interest
Advisory 990001 Servicing Stack Updates
(SSU)
▪ https://msrc.microsoft.com/update-
guide/en-US/vulnerability/ADV990001
▪ Windows Server 2012/2012 R2
Azure and Development Tool Updates
▪ Azure Monitor
▪ Microsoft Visual Studio Code CoPilot Chat
Extension
▪ Microsoft Visual Studio 2022 version 17.14
▪ Visual Studio Code Source: Microsoft

Windows 11 Lifecycle Awareness
Windows 11 Home and Pro
Version Release Date End of Support Date
25H2 9/30/2025 10/12/2027
24H2 10/1/2024 10/13/2026
23H2 10/31/2023 11/11/2025
Windows 11 Enterprise and Education
Version Release Date End of Support Date
25H2 9/30/2025 10/10/2028
24H2 10/1/2024 10/12/2027
23H2 10/31/2023 11/10/2026
Source: Microsoft

Microsoft Support Ivanti Support
Windows 10 22H2 reached EOS Oct 2025
Three years of ESU support
• Year 1 October 15, 2025 – October 13, 2026
Licensing and Pricing
• Full-year purchase only
• Price doubles each year
• Cloud-based licensing via Windows 365 and Intune
• 5 by 5 licensing via manual key download
ESU support based on Microsoft releases
Available for three major patch products
• Neurons for Patch Management
• Endpoint Manager
• Security Controls
Familiar model
• Concurrent with Microsoft support years
• Offered as special content
• Requires signed EULA addendum
• Tiered pricing based on required endpoints
• Fixed price throughout life of program
Windows 10 Extended Security Updates (ESU)

Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2025 Datacenter and Standard 11/01/2024 10/09/2029 10/10/2034
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
▪ Focused on server long-term stability
▪ Major version releases every 2-3 years
▪ 5 years mainstream and 5 years extended support
▪ Server core or server with desktop experience available
Source: Microsoft

Patch Content Announcements
Announcements Posted on Community Forum Pages
▪ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
▪ Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune

Bulletins and Releases

MFSA 2025-87: Security Update Firefox 145
▪ Maximum Severity: High
▪ Updated Products: Security update to Mozilla Firefox 145.0
▪ Description: This update from Mozilla addresses security vulnerabilities in the Firefox browser on
multiple platforms. Fixes 16 vulnerabilities with 9 rated High, 6 rated Moderate and 1 rated Low.
See https://www.mozilla.org/en-US/security/advisories/mfsa2025-87 for more details.
▪ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, and
Information Disclosure
▪ Fixes 16 Vulnerabilities: CVE-2025-13012, CVE-2025-13013, CVE-2025-13014, CVE-2025-
13015, CVE-2025-13016, CVE-2025-13017, CVE-2025-13018, CVE-2025-13019, CVE-2025-
13025, CVE-2025-13026, CVE-2025-13027
▪ Restart Required: Requires application restart
▪ Known Issues: None
1

MFSA 2025-88: Security Update Firefox 140.5
▪ Updated Products: Security update to Mozilla Firefox 140.5
multiple platforms. Fixes 9 vulnerabilities - 2 rated High, 6 rated Moderate and 1 rated Low. See
https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/ for more details.
▪ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing, and
Information Disclosure
13020
1

MFSA 2025-89: Security Update Firefox ESR 115.30
▪ Affected Products: Security update to Mozilla Firefox 115.30
multiple platforms. Fixes 4 vulnerabilities – 1 rated High, 2 rated Moderate, and 1 rated Low.
See https://www.mozilla.org/en-US/security/advisories/mfsa2025-89/ for more details.
▪ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing
▪ Fixes 4 Vulnerabilities: : CVE-2025-13012, CVE-2025-13013, CVE-2025-13014, CVE-2025-
13015
1

▪ Maximum Severity: Critical
▪ Updated Products: Adobe InDesign 20.5.1 and InDesign 21.0
▪ Description: Adobe has released an update for Adobe InDesign for Windows and macOS. This
update addresses 4 vulnerabilities – all rated Critical. See
https://helpx.adobe.com/security/products/indesign/apsb25-106.html for more details. Adobe is
not aware of any exploits in the wild for any of the issues addressed in these updates.
▪ Impact: Arbitrary Code Execution
61832
APSB25-106: Security Update for Adobe InDesign

▪ Updated Products: Adobe InCopy 20.5.1 and InCopy 21
▪ Description: Adobe has released an update for InCopy for Windows and macOS. This update
resolves 3 vulnerabilities – all rated Critical. See for
https://helpx.adobe.com/security/products/incopy/apsb25-107.html more details. Adobe is not
aware of any exploits in the wild for any of the issues addressed in these updates.
▪ Fixes 3 Vulnerabilities: CVE-2025-61816, CVE-2025-61817, CVE-2025-61818
APSB25-107: Security Update for Adobe InCopy

▪ Updated Products: Adobe Photoshop 26.9 and later
▪ Description: Adobe has released an update for Adobe Photoshop for Windows and macOS.
This update resolves 1 vulnerability rated Critical. See
https://helpx.adobe.com/security/products/photoshop/apsb25-108.html for more details. Adobe
is not aware of any exploits in the wild for any of the issues addressed in these updates.
▪ Fixes 1 Vulnerability: CVE-2025-61819
APSB25-108: Security Update for Adobe Photoshop

▪ Updated Products: Adobe Illustrator 29.8.3 and Illustrator 30.0
▪ Description: Adobe has released an update for Adobe Illustrator for Windows and macOS. This
update resolves 2 vulnerabilities – both rated Critical. See
https://helpx.adobe.com/security/products/illustrator/apsb25-109.html for more details. Adobe is
not aware of any exploits in the wild for any of the issues addressed in these updates.
▪ Fixes 2 Vulnerabilities: CVE-2025-61820, CVE-2025-61831
APSB25-109: Security Update for Adobe Illustrator

▪ Affected Products: Microsoft Windows 11 Version 23H2, 24H2, 25H2, Server 2025 and Edge
Chromium
▪ Description: This bulletin references KB 5068865 (23H2) and KB 5068861 (24H2, 25H2, and
Server 2025). See KBs for details of all changes.
▪ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information
Disclosure
▪ Fixes 38 Vulnerabilities: CVE-2025-62215 is known exploited. No CVEs are publicly disclosed.
See the Security Update Guide for the complete list of CVEs.
▪ Restart Required: Requires restart
▪ Known Issues: Per Microsoft Windows Server Update Services (WSUS) does not display
synchronization error details within its error reporting. This functionality is temporarily removed
to address the Remote Code Execution Vulnerability, CVE-2025-59287.
MS25-11-W11: Windows 11 Update

MS25-11-OFF: Security Updates for Microsoft Office
▪ Affected Products: Office LTSC for Mac 2021 & 2024, Office Online Server, and Office for
Android
▪ Description: This security update addresses 9 vulnerabilities in Microsoft Office and supporting
products. This bulletin is based on KB 5002801 for Office Online Server plus release notes for
the Mac updates and others.
▪ Impact: Remote Code Execution, Information Disclosure
▪ Fixes 9 Vulnerabilities: No vulnerabilities are known exploited or publicly disclosed. See the
Security Update Guide for the complete list of CVEs.
▪ Known Issues: None reported
NOTE: Microsoft may periodically release updates for recent EOL components of Office 2016.

MS25-11-O365: Security Updates for Microsoft 365 Apps
▪ Affected Products: Microsoft 365 Apps, Office LTSC 2021 and Office LTSC 2024
▪ Description: This security update addresses several vulnerabilities in Microsoft Office.
Information on the security updates is available at https://learn.microsoft.com/en-
us/officeupdates/microsoft365-apps-security-updates.
▪ Impact: Remote Code Execution, Information Disclosure
▪ Fixes 11 Vulnerabilities: No vulnerabilities are known exploited or publicly disclosed. See the
Security Update Guide for the complete list of CVEs.
NOTE: Microsoft may periodically release updates for recent EOL components of Office 2019.

MS25-11-SPT: Security Updates for SharePoint Server
▪ Maximum Severity: Important
▪ Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
▪ Description: This security update resolves 1 vulnerability in Microsoft SharePoint Server. This
bulletin references KB 5002800 (Subscription), KB 5002803 (2019), and KB 5002805 (2016).
▪ Impact: Remote Code Execution
▪ Fixes 1 Vulnerability: CVE-2025-62204. This CVE is not publicly disclosed or known exploited.
▪ Known Issues: Users may see “4gab5" event tags logged in the SharePoint Unified Logging
System (ULS) logs when they access sitedirectorysettings.aspx by using ‘set other host’. This
issue occurs because of the enhanced security that restricts access to
sitedirectorysettings.aspx to the current farm host. Workaround: The farm administrator can
add the new domain to the AdditionalValidSPFarmHosts in the farm. See KBs for powershell
commands to implement workaround.

▪ Maximum Severity: Important
▪ Affected Products: Microsoft SQL Server 2016 SP3 (GDR and Azure Connected Feature
Pack), Microsoft SQL Server 2017 (GDR and CU31), Microsoft SQL Server 2019 (GDR and
CU32) and Microsoft SQL Server 2022 (GDR and CU21)
▪ Description: This security update fixes 1 security vulnerability in SQL Server. This bulletin is
based on 8 KB articles.
▪ Impact: Elevation of Privilege
▪ Fixes 1 Vulnerability: CVE-2025-59499. This CVE is not publicly disclosed or known exploited.
▪ Restart Required: Requires restart
MS25-11-SQL: Security Updates for SQL Server
2

Between Patch Tuesdays

Windows Release Summary
▪ Security Updates (with CVEs): Amazon Corretto (4), Google Chrome (3), Docker (1), Firefox (1), Foxit PDF
Reader Enterprise (1), Jabra Direct (1), Java 8 (1), Java Development Kit 11 (1), Java Development Kit 17
(1), Java Development Kit 21 (1), Java Development Kit 25 (1), Opera (1), VirtualBox (1), RedHat OpenJDK
(4), Snagit (1)
▪ Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (2), Amazon WorkSpaces (1),
Azul Zulu (4), Box Edit (1), Cisco Duo Desktop (1), Devolutions Remote Desktop Manager (3), Docker (1),
Dropbox (2), Eclipse Adoptium (3), Git for Windows (1), GoLang (1), IntelliJ IDEA (1), LibreOffice (1),
Notepad++ (1), NextCloud Desktop Client (2), Opera (1), PDF-Xchange PRO (1), PDF-Xchange Editor Plus
(1), Pulse Secure VPN Desktop Client (1), Python (1), PeaZip (1), SeaMonkey (1), Slack Machine-Wide
Installer (1), Snagit (1), Tableau Desktop (1), Tableau Prep Builder (1), Tableau Reader (1), TeamViewer (1),
VSCodium (2), Zoom Workplace Desktop App (2)Zoom Outlook Plugin (1), Zoom Rooms App (1), Zoom
Workplace VDI App (1)
▪ Non-Security Updates: 1Password (1), 8x8 Work Desktop (2), Beyond Compare (1), Box Drive (1), draw.io
(2), Evernote (4), Google Drive File Stream (1), GeoGebra Classic (2), GoTo Connect (1), KeePass Pro (1),
Logi Options plus (1), Poly Lens Desktop App (1), R for Windows (1), RingCentral App (Machine-Wide
Installer) (1), WinMerge (1)

Windows Third Party CVE Information
▪ Google Chrome 141.0.7390.123
▪ CHROME-251021, QGC14107390123
▪ CHROME-251028, QGC1420744460
▪ Fixes 20 Vulnerabilities: CVE-2025-12036, CVE-2025-12428, CVE-2025-12429, CVE-2025-12430,
CVE-2025-12431, CVE-2025-12432, CVE-2025-12433, CVE-2025-12434, CVE-2025-12435,
CVE-2025-12447
▪ CHROME-251105, QGC14207444135
CVE-2025-12729

Windows Third Party CVE Information (cont)
▪ Docker For Windows 4.49.0
▪ DOCKER-251023, QDOCKER4490
▪ Firefox 144.0.2
▪ FF-251028, QFFE14402
▪ Foxit PDF Reader Enterprise 2025.2.1.33197
▪ FPDFRE-251029, QFPDFRES202521
▪ Jabra Direct 6.25.29101
▪ JABRA-251030, QJD62529101

▪ Corretto 21.0.9.10.1
▪ CRTO21-251022, QCRTOJDK2109
▪ Corretto 17.0.17.10.1
▪ Corretto 11.0.29.7.1
▪ Corretto 8.472.08.1
▪ CRTO8-251022, QCRTOJDK8472 and QCRTOJRE8472

▪ Java Development Kit 21 Update 21.0.9
▪ JDK21-251021, QJDK2109
▪ Fixes 4 Vulnerabilities: CVE-2025-53057, CVE-2025-53066, CVE-2025-61748, CVE-2025-61755
▪ JDK17-251021, QJDK17017
▪ JDK11-251021, QJDK11029
▪ Java 8 Update 471 – JRE and JDK
▪ JAVA8-251021, QJDK8U471 and QJRE8U471

▪ RedHat OpenJDK 21.0.9.0
▪ RHTJDK21-251026, QRHTJDK210910 and QRHTJRE210910
▪ RedHat OpenJDK 17.0.17.0
▪ RHTJDK17-251026, QRHTJDK170170 and QRHTJRE170170
▪ RedHat OpenJDK 8.0.472
▪ RHTJDK8-251027, QRHTJDK180472

▪ Opera 123.0.5669.47
▪ OPERA-251105, QOP1230566947
▪ VirtualBox 7.2.4
▪ OVB72-251022, QOVB7240
▪ Snagit 2023.2.7
▪ SNAG23-251107, QSNAG202327

Apple Release Summary
▪ Security Updates (with CVEs): Apple Safari for Sonoma (1), Apple Safari for Sequoia (1),
Apple macOS Sonoma (2), Apple macOS Sequoia (2), Apple macOS Tahoe (2), Docker
Desktop (1), Firefox (1), Google Chrome (2), Microsoft Edge (3), Opera (1)
▪ Security Updates (w/o CVEs): None
▪ Non-Security Updates: 1Password (1), Adobe Acrobat DC and Acrobat Reader DC (1), Brave
(3), Docker Desktop (1), draw.io (2), Evernote (4), Microsoft Office Excel (2), Figma (1), Google
Drive (1), Go (1), Grammarly (5), Hazel (1), IntelliJ IDEA (1), Krisp (1), Microsoft AutoUpdate
(1), Microsoft Edge (2), OneDrive (1), Microsoft Office OneNote (2), Opera (1), Microsoft Office
Outlook (2), Parallels Desktop (1), Poly Lens Desktop (1), Microsoft Office PowerPoint (1),
PowerShell (1), Slack (1), SeaMonkey (1), Spotify (1), Microsoft Teams (1), VSCodium for Mac
(2), Webex Teams (1), Microsoft Office Word (2), Zoom Client (2)

Apple Updates with CVE Information
▪ macOS Sonoma 14.8.2
▪ Fixes 46 Vulnerabilities: See Apple security bulletin for details
▪ macOS Sequoia 15.7.2
▪ macOS Tahoe 26.1
▪ Safari 26.1 for macOS Sonoma and macOS Sequoia

Apple Third Party CVE Information
▪ CHROMEMAC-251022
▪ CHROME-251028
CVE-2025-12447
▪ Docker For Mac 4.49.0
▪ DOCKERMAC-251023

Apple Third Party CVE Information (cont)
▪ Firefox 144.0.2
▪ MFSA2025-86
▪ Opera 123.0.5669.23
▪ OPERAMAC-251105

Apple Third Party CVE Information (cont)
▪ Microsoft Edge 141.0.3537.85
▪ MEDGEMAC-251017
▪ MEDGEMAC-251031
CVE-2025-12447, CVE-2025-60711
▪ MEDGEMAC-251106

Q & A

Chris Goettl and Todd Schell
Thank You!

November Patch Tuesday

More Related Content

Similar to November Patch Tuesday

More from Ivanti

Recently uploaded

November Patch Tuesday