Windows Kernel privilege escalation flaw (CVE-2025-62215, actively exploited)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-62215 is an actively exploited Windows Kernel privilege-escalation flaw that can turn a post-compromise foothold into admin-level rights. Microsoft tied the weakness to a race condition and included a fix in its November security update. The exploitation status makes the issue urgent for Windows defenders because compromised systems can be elevated to deeper control.
Related Happenings
Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw
Vulnerability
H score39
First: 10.06.2026 02:11
Last: 10.06.2026 02:11
Sources 1
About this happening:
Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...
Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw
VulnerabilityAbout this happening: Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...
Latest development: 10.06.2026 08:22
The anonymous security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, released a proof-of-concept (PoC) exploit for the Microsoft Defender zero-day RoguePlanet under a new GitHub account named MSNightmare. The race-condition exploit can yield a SYSTEM-level shell and arbitrary code execution when it succeeds, has been tested on Windows 11 and Windows 10 with the June 2026 Patch Tuesday updates installed, and currently does not work on Windows Server without redesign because standard users cannot mount an ISO image.
Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)
Advisory/Mitigation
H score32
First: 20.05.2026 10:31
Last: 20.05.2026 10:31
Sources 1
About this happening:
**Windows BitLocker** **YellowKey** (**CVE-2026-45585**) moved from interim mitigation to patch status after **Microsoft** fixed it in **June 2026 Patch Tuesday**. The **Windows R...
Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)
Advisory/MitigationAbout this happening: **Windows BitLocker** **YellowKey** (**CVE-2026-45585**) moved from interim mitigation to patch status after **Microsoft** fixed it in **June 2026 Patch Tuesday**. The **Windows R...
Latest development: 10.06.2026 12:57
On Tuesday, Microsoft fixed YellowKey (CVE-2026-45585) as part of its June 2026 Patch Tuesday updates and shared mitigation measures for the Windows Recovery Environment backdoor. The flaw affects unpatched Windows 11 and Windows Server 2022/2025 systems and can let attackers with physical access bypass BitLocker protection on targeted devices.
Rising critical Microsoft vulnerabilities across Windows, Azure, Dynamics 365, and Office
Trend
H score19
First: 19.05.2026 17:00
Last: 19.05.2026 17:00
Sources 1
About this happening:
Microsoft’s vulnerability volume stayed broadly stable, but **critical flaws** doubled year over year across **Windows, Azure, Dynamics 365, and Office**, increasing the likelihoo...
Rising critical Microsoft vulnerabilities across Windows, Azure, Dynamics 365, and Office
TrendAbout this happening: Microsoft’s vulnerability volume stayed broadly stable, but **critical flaws** doubled year over year across **Windows, Azure, Dynamics 365, and Office**, increasing the likelihoo...
Windows RPC PhantomRPC local privilege escalation flaw
Vulnerability
H score19
First: 28.04.2026 14:31
Last: 28.04.2026 14:31
Sources 1
About this happening:
**PhantomRPC** in **Windows RPC** can let a local attacker elevate to **System** across **all Windows versions**, creating a high-impact privilege-escalation path. The flaw abuses...
Windows RPC PhantomRPC local privilege escalation flaw
VulnerabilityAbout this happening: **PhantomRPC** in **Windows RPC** can let a local attacker elevate to **System** across **all Windows versions**, creating a high-impact privilege-escalation path. The flaw abuses...
CISA KEV order for BlueHammer patching
Public Sector Action
H score37
First: 23.04.2026 14:05
Last: 23.04.2026 14:05
Sources 1
About this happening:
**CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding the flaw to the **KEV Cat...
CISA KEV order for BlueHammer patching
Public Sector ActionAbout this happening: **CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding the flaw to the **KEV Cat...
Timeline
-
11.11.2025 22:23 2 articles · 7mo ago
Microsoft November security update highlights active Windows Kernel flaw
Initial DisclosureMicrosoft's November security update covers 63 unique CVEs and includes one actively exploited flaw, one critical vulnerability, and five additional bugs Microsoft rates as more likely to be targeted. CVE-2025-62215 affects the Windows Kernel and is already being exploited for post-compromise privilege escalation to admin-level rights, while CVE-2025-60724 is a critical CVSS 9.8 RCE in the GDI+ Windows graphics component that can be triggered on Web services by uploading documents containing a malicious metafile. The update also includes CVE-2025-60704, a Windows Kerberos elevation-of-privilege flaw that Silverfort says can affect organizations using Active Directory with Kerberos delegation enabled, alongside other more exploitable privilege-escalation issues in Windows Subsystem for Linux GUI and the Windows Ancillary Function Driver of WinSock.
Show sources
- Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs — www.darkreading.com — 11.11.2025 22:23
- Microsoft Patch Tuesday, November 2025 Edition — krebsonsecurity.com — 16.11.2025 23:47