CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Microsoft Releases November and December 2025 Patch Tuesday Updates for Windows 11

First reported
Last updated
1 unique sources, 5 articles

Summary

Hide ▲

Microsoft has released Windows 11 cumulative updates KB5072033 and KB5071417 for versions 25H2/24H2 and 23H2. These updates address security vulnerabilities and various issues, including fixes for browsers, gaming, PowerShell, and Windows Hello. New features introduced include dark mode support for dialogs in File Explorer, new Virtual Workspaces settings, desktop spotlight options, simplified File Explorer context menu, full-screen experience for gaming, haptic feedback for pens, improved keyboard backlight performance, mobile device settings, OneDrive icon in settings, Quick Machine Recovery, updated keyboard settings, updated taskbar animations, sharing apps with Copilot, updated widgets, improved Windows Share, display and graphics performance improvements, Game Pass branding updates, and improved Start menu search panel. The updates also mark the last update for Windows 11 23H2, with support ending in November 2025. Additionally, Microsoft has released the KB5072753 out-of-band cumulative update to fix a known issue causing the November 2025 KB5068966 hotpatch update to reinstall on Windows 11 systems repeatedly. This update is recommended for Windows 11, version 25H2 devices instead of the November 2025 hotpatch update (KB5068966). Microsoft has also announced that it will not release optional updates in December, but Patch Tuesday updates will continue as scheduled. Nvidia has confirmed that the October 2025 Windows 11 updates (KB5066835) cause gaming performance issues on Windows 11 24H2 and 25H2 systems. Nvidia released the GeForce Hotfix Display Driver version 581.94 to address these issues. The October updates also caused other issues such as broken localhost HTTP connections, smart card authentication problems, and broken Windows Recovery Environment (WinRE) on systems with USB mice and keyboards.

Timeline

  1. 09.12.2025 20:31 1 articles · 9h ago

    Microsoft Releases December 2025 Patch Tuesday Updates for Windows 11

    Microsoft has released Windows 11 KB5072033 and KB5071417 cumulative updates for versions 25H2/24H2 and 23H2. These updates address security vulnerabilities, bugs, and introduce new features. New features include dark mode support for dialogs in File Explorer, new Virtual Workspaces settings, desktop spotlight options, simplified File Explorer context menu, full-screen experience for gaming, haptic feedback for pens, improved keyboard backlight performance, mobile device settings, OneDrive icon in settings, Quick Machine Recovery, updated keyboard settings, updated taskbar animations, sharing apps with Copilot, updated widgets, improved Windows Share, display and graphics performance improvements, Game Pass branding updates, and improved Start menu search panel. Microsoft will not release optional updates in December, but Patch Tuesday updates will continue as scheduled.

    Show sources
    Open in new tab
  2. 21.11.2025 20:02 1 articles · 18d ago

    Microsoft Releases KB5072753 Out-of-Band Update for Windows 11

    Microsoft has released the KB5072753 out-of-band cumulative update to fix a known issue causing the November 2025 KB5068966 hotpatch update to reinstall on Windows 11 systems repeatedly. This update is a cumulative update that includes improvements and security fixes from the KB5068966 security update. Microsoft recommends applying the KB5072753 update instead of the November 2025 hotpatch update (KB5068966) for Windows 11, version 25H2 devices.

    Show sources
    Open in new tab
  3. 11.11.2025 20:32 3 articles · 28d ago

    Microsoft Releases November 2025 Patch Tuesday Updates for Windows 11

    Microsoft has released Windows 11 KB5068861 and KB5068865 cumulative updates for versions 25H2/24H2 and 23H2. These updates address security vulnerabilities, bugs, and add new features. New features include a new Start menu UI, battery icons on the lock screen, Microsoft 365 Copilot page, and updated battery icons in the taskbar. The updates also fix issues in various components, including Taskbar, File Explorer, Input, Narrator, Open and Save Dialog, Remote Credential Guard, Sign-in, and Task Manager. This is the last update for Windows 11 23H2 as its support ends in November 2025. Microsoft will not release optional updates in December, but Patch Tuesday updates will continue as scheduled. Additionally, Microsoft has released the KB5072753 out-of-band cumulative update to fix a known issue causing the November 2025 KB5068966 hotpatch update to reinstall on Windows 11 systems repeatedly. This update is recommended for Windows 11, version 25H2 devices instead of the November 2025 hotpatch update (KB5068966).

    Show sources
    Open in new tab
  4. 14.10.2025 20:46 3 articles · 1mo ago

    Microsoft Releases October 2025 Patch Tuesday Updates for Windows 11

    Microsoft has released cumulative updates KB5066835 and KB5066793 for Windows 11 versions 25H2/24H2 and 23H2. These updates address security vulnerabilities and various issues, including fixes for browsers, gaming, PowerShell, and Windows Hello. New features introduced include AI actions in File Explorer, improved Narrator accessibility, and enhanced passkey management. The updates also mark the second-to-last update for Windows 11 23H2, with support ending in November 2025. Nvidia has confirmed that the October 2025 Windows 11 updates (KB5066835) cause gaming performance issues on Windows 11 24H2 and 25H2 systems. Nvidia released the GeForce Hotfix Display Driver version 581.94 to address these issues. The October updates also caused other issues such as broken localhost HTTP connections, smart card authentication problems, and broken Windows Recovery Environment (WinRE) on systems with USB mice and keyboards.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Microsoft December 2025 Patch Tuesday addresses 3 zero-days, 56 flaws

Microsoft's December 2025 Patch Tuesday addresses 56 vulnerabilities, including three zero-days. One zero-day (CVE-2025-62221) is actively exploited, allowing privilege escalation in Windows Cloud Files Mini Filter Driver. Two other zero-days (CVE-2025-64671, CVE-2025-54100) are publicly disclosed, affecting GitHub Copilot for JetBrains and PowerShell. The updates also fix 3 critical remote code execution vulnerabilities. Additionally, Microsoft released the KB5071546 extended security update for Windows 10 Enterprise LTSC and ESU program participants, addressing the same vulnerabilities and updating Windows 10 to build 19045.6691 and Windows 10 Enterprise LTSC 2021 to build 19044.6691. The update includes a fix for CVE-2025-54100, a remote code execution zero-day vulnerability in PowerShell, and introduces a confirmation prompt with a security warning for script execution risk when using the Invoke-WebRequest command in PowerShell 5.1. Microsoft patched 1,129 vulnerabilities in 2025, an 11.9% increase from 2024. The zero-day flaw patched today, CVE-2025-62221, affects Windows 10 and later editions and is related to the Windows Cloud Files Mini Filter Driver. The vulnerabilities most likely to be exploited from this month’s patch batch are privilege escalation bugs, including CVE-2025-62458, CVE-2025-62470, CVE-2025-62472, CVE-2025-59516, and CVE-2025-59517. CVE-2025-64671 is part of a broader security crisis called IDEsaster, affecting multiple AI coding platforms. CVE-2025-54100 affects Windows PowerShell on Windows Server 2008 and later.

Open in new tab

Windows 11 KB5070311 Update Addresses File Explorer and Search Issues

Microsoft released the KB5070311 optional preview cumulative update for Windows 11, addressing File Explorer freezes, search issues, and other bugs. The update includes 49 changes and is part of the monthly preview updates that precede Patch Tuesday releases. It fixes issues with explorer.exe process responsiveness, SMB share search problems, and LSASS instability. However, the update also introduces a new bug causing bright white flashes when launching File Explorer in dark mode. Microsoft is working on a fix but has not provided a timeline. The update is available for manual installation and updates Windows 11 25H2 and 24H2 devices to builds 26200.7309 and 26100.7309, respectively. Additionally, Microsoft announced there will be no preview update in December 2025 due to minimal operations during the Western holidays, with normal updates resuming in January 2026.

Open in new tab

Windows 10 update bug triggers incorrect end-of-support alerts

A bug in the October 2025 Windows 10 updates triggers incorrect end-of-support alerts on systems running Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021, and Windows 10 22H2 enrolled in the Extended Security Updates program. The bug causes affected devices to display 'Your version of Windows has reached the end of support' messages, despite the systems still being under active support or security coverage. Microsoft has deployed a cloud configuration update to correct the erroneous message, but some devices may not receive it due to connectivity or configuration issues. IT administrators can use Known Issue Rollback (KIR) to remove the incorrect messages on enterprise-managed devices. Microsoft released the first Windows 10 extended security update (KB5068781) on November 11, 2025, to address the bug for all customers enrolled in the Extended Security Updates (ESU) program. However, the KB5068781 update was failing to install with 0x800f0922 errors on devices with corporate licensing. Microsoft has now released an emergency Windows 10 KB5072653 out-of-band update on November 17, 2025, to resolve these installation issues. Some corporate Windows admins have reported that WSUS and SCCM are not correctly indicating that a Windows 10 device needs the extended security update, even when it is correctly enrolled in the program. Microsoft plans to release a new Scan Cab with updated metadata to address this issue.

Open in new tab

Active Exploitation of Critical Microsoft WSUS Flaw

A critical vulnerability in Microsoft Windows Server Update Service (WSUS), CVE-2025-59287, is being actively exploited in the wild. This flaw, with a CVSS score of 9.8, allows attackers to drop malicious payloads and execute arbitrary commands on infected hosts. The vulnerability affects WSUS versions 3.32.x and was discovered by Eye Security and Huntress. The Cybersecurity and Infrastructure Security Agency (CISA) has ordered U.S. government agencies to patch the flaw, which was added to the Known Exploited Vulnerabilities catalog. Organizations using WSUS are advised to apply the out-of-band security updates provided by Microsoft to mitigate the risk of exploitation. The flaw was originally patched by Microsoft as part of its Patch Tuesday updates, but attackers have since weaponized it to deploy .NET executables and Base64-encoded PowerShell scripts. Shadowserver is tracking over 2,800 WSUS instances with default ports exposed online. The vulnerability is a deserialization of untrusted data flaw that allows unauthenticated attackers to achieve remote code execution with system privileges by sending malicious encrypted cookies to the GetCookie() endpoint. A compromised WSUS server could potentially be used to distribute malicious updates to the entire network of client computers, making it particularly dangerous for large enterprises. Huntress advised isolating network access to WSUS and blocking inbound traffic to TCP ports 8530 and 8531 as remediation steps. The out-of-band (OOB) security update KB5070881 for CVE-2025-59287 broke hotpatching on some Windows Server 2025 devices. Microsoft has released a new update, KB5070893, to address the issue without disrupting hotpatching. Administrators are advised to install this update to maintain hotpatching functionality.

Open in new tab

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 183 flaws

Microsoft's October 2025 Patch Tuesday marks the end of free security updates for Windows 10, with the release of the final cumulative update KB5066791. This update addresses 183 vulnerabilities, including six zero-day flaws, and is mandatory for all Windows 10 users. Extended Security Updates (ESU) are available for purchase for up to three years for enterprise users and one year for consumers. The patches cover a range of vulnerabilities, including critical remote code execution and elevation of privilege issues. The zero-day vulnerabilities affect various components, such as Windows SMB Server, Microsoft SQL Server, Windows Agere Modem Driver, Windows Remote Access Connection Manager, AMD EPYC processors, and TCG TPM 2.0. Some of these flaws have been publicly disclosed or actively exploited. The update also includes fixes for vulnerabilities in third-party components, such as IGEL OS and AMD EPYC processors. Additionally, Microsoft Office users should be aware of CVE-2025-59227 and CVE-2025-59234, which exploit the Preview Pane. The update is the largest on record for Microsoft, with 183 CVEs, pushing the number of unique vulnerabilities released so far this year to more than 1,021. The update includes fixes for a wide range of vulnerabilities, including remote code execution (RCE), elevation of privilege, data theft, denial of service (DoS), and security feature bypass issues. The update also marks the end of life for Windows 10, meaning Microsoft will no longer issue regular patches for vulnerabilities in the operating system as part of its regular Patch Tuesday updates. Exchange Server 2016, Exchange Server 2019, Skype for Business 2016, Windows 11 IoT Enterprise Version 22H2, and Outlook 2016 are also reaching end-of-life. Windows 10 users can opt for Extended Security Updates (ESU) for one year at a cost of $30, or install Linux as an alternative. Linux Mint is recommended for Windows 10 users transitioning to Linux, with compatibility for most computers from the last decade. The October 2025 Windows security updates cause smart card authentication and certificate issues across all Windows 10, Windows 11, and Windows Server releases. The issue is due to a security fix designed to address a security feature bypass vulnerability (CVE-2024-30098) in the Windows Cryptographic Services. Affected users may experience various symptoms, including the inability to sign documents, failures in applications using certificate-based authentication, and smart cards not being recognized as CSP providers in 32-bit apps. The issue can be detected by the presence of Event ID 624 in the System event logs for the Smart Card Service prior to installing the October 2025 Windows security update. The fix is enabled by setting the DisableCapiOverrideForRSA registry key value to 1 to isolate cryptographic operations from the Smart Card implementation. Users experiencing authentication problems can manually resolve the issue by disabling the DisableCapiOverrideForRSA registry key. The DisableCapiOverrideForRSA registry key will be removed in April 2026, and users are advised to work with their application vendors to resolve the underlying problem. Microsoft also fixed another known issue breaking IIS websites and HTTP/2 localhost (127.0.0.1) connections after installing recent Windows security updates. Microsoft has released out-of-band (OOB) security updates for a critical-severity Windows Server Update Service (WSUS) vulnerability (CVE-2025-59287) with publicly available proof-of-concept exploit code. The vulnerability can be exploited remotely in low-complexity attacks that do not require user interaction, allowing threat actors without privileges to target vulnerable systems and run malicious code with SYSTEM privileges. Microsoft has released security updates for all impacted Windows Server versions, including Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012. Workarounds for admins who can't immediately install these emergency patches include disabling the WSUS Server Role or blocking all inbound traffic to Ports 8530 and 8531 on the host firewall. The OOB update supersedes all previous updates for affected versions, and users are advised to install it as soon as possible.

Open in new tab