Apply Updates to Address Windows Kernel Zero-Day Vulnerability
This information is intended for U-M IT staff who are responsible for university Windows systems, and is of interest to anyone running Windows on a personal computer.
Summary
Microsoft has reported a zero-day vulnerability (CVE-2025-62215) involving an elevation of privilege flaw in Windows Kernel.
The need for immediate action supersedes the remediation timeframes in Vulnerability Management (DS-21).
Problem
Successful exploitation can enable an attacker to elevate privileges, although it requires an attacker to win a race condition. Once an attacker has these privileges, an attacker can deepen control, disable defenses, and move laterally to other machines within the organization.
Threats
The vulnerability is reportedly being actively exploited in the wild.
Affected Systems
Microsoft Windows systems (all versions)
Action Items
Apply the November 2025 Security Updates as soon as possible after any necessary testing. The update isn't fully installed until a restart occurs.
Note: Microsoft released patches on 11/11/25 to address this Windows kernel zero-day vulnerability along with patches that address more than 60 new security vulnerabilities identified in its software.
Technical Details
Specific technical details are limited, however reports suggest that exploitation of the flaw involves a combination of a race condition and a memory corruption path in kernel code.
How We Protect U-M
ITS provides CrowdStrike Falcon to units, which should be installed on all U-M owned systems (Windows, macOS, and Linux operating systems, whether workstations or servers). Falcon administrators in ITS and in U-M units use the Falcon console to investigate and remediate issues.
MiWorkspace machines are being patched. If you have Microsoft Windows installed on your own devices that are not managed by the university, please apply all Windows security updates immediately.
In general, the best protection for your devices is this: keep your software and apps up-to-date, do not click suspicious links in email, do not open shared documents or email attachments unless you are expecting them and trust the person who sent them, and only use secure, trusted networks. For more information, see Phishing & Scams, Secure Your Devices, and Secure Your Internet Connection on the U-M Safe Computing website.
Questions, Concerns, Reports
Please contact ITS Information Assurance through the ITS Service Center.
References
- Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack (The Hacker News)
- Windows Kernel 0-day Actively Exploited in the Wild to Escalate Privilege (Cybersecurity News)
- Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws (Bleeping Computer)