Patch Tuesday: November 2025 (Expel’s version)

This Patch Tuesday bulletin highlights 63 new Microsoft CVEs—notably a WSUS unsafe-deserialization RCE (CVE-2025-59287) that has been actively exploited with public exploit code, a Windows kernel zero-day added to CISA's KEV, and other high-severity RCE/elevation issues; the report details observed attacker activity (PowerShell data collection and exfiltration), recommends applying out-of-band patches, blocking WSUS ports 8530/8531, and removing or hardening WSUS where unused.