Information security
fromZero Day Initiative
18 hours agoZero Day Initiative - The November 2025 Security Update Review
Adobe fixed 29 CVEs across creative apps with no known exploits; Microsoft released 63 Windows-related CVEs in November 2025.
September's Patch Tuesday won't require Microsoft users to rapidly repair rancid software, but SAP users need to move fast to address extremely dangerous bugs. Microsoft did find two bugs worthy of urgent attention. CVE-2025-55234 allows relay attacks and escalation of privileges against SMB Server. Admins can ameliorate these by using Server signing and the Extended Protection for Authentication (EPA) but it's better to patch and be safe than sorry.