CVE-2025-62215: Windows Kernel LPE zero‑day in November Patch Tuesday — what DFIR should collect and detect
Microsoft’s November 11, 2025 Patch Tuesday addressed 63 vulnerabilities and one actively exploited Windows Kernel local privilege escalation tracked as CVE-2025-62215, a race-condition bug enabling SYSTEM after an attacker wins a concurrency window locally. Microsoft credits MSTIC and MSRC for discovery, and the flaw is rated CVSS 7.0 (important) with active exploitation confirmed. DFIR teams should expect this to be used post-compromise to elevate from a low-priv foothold. Patch fast, and hunt for privilege jumps and follow-on activity. BleepingComputer, The Hacker News, Tenable, NVD.