The Small Business Cyber Security Guy | Cybersecurity for SMB & Startups

November Patch Tuesday Storm: Zero‑Days, Exchange Exploits & WSUS Emergency

Listen Later

Graham Falkner delivers an authoritative deep dive into November 2025's Patch Tuesday updates, covering the most critical security vulnerabilities affecting businesses of all sizes. This month brings a perfect storm of actively exploited zero-days, critical Exchange Server flaws, and hundreds of patches across Microsoft, Adobe, Oracle, SAP, and third-party vendors. From Windows kernel exploits to e-commerce platform takeovers, November's vulnerability landscape demands immediate attention from IT teams.

Key Topics Covered
Microsoft Security Updates
  • 89 total vulnerabilities patched (12 critical, 4 zero-days)
  • CVE-2025-0445: Windows Kernel privilege escalation (actively exploited)
  • CVE-2025-0334: Chrome V8/Edge JavaScript engine RCE (actively exploited)
  • CVE-2025-0078: Exchange Server unauthenticated RCE (CRITICAL - affects Exchange 2016/2019/2022)
  • CVE-2025-1789: MSHTML remote code execution via Office documents
  • CVE-2025-59287: WSUS vulnerability (9.8 CVSS, actively exploited, required re-release)
  • 23 remote code execution vulnerabilities across Windows, Office, and developer tools
    • Adobe Security Updates
    • 35+ vulnerabilities patched across multiple products
    • CVE-2025-54236: Adobe Commerce/Magento input validation flaw (9.1 CVSS, actively exploited, Priority 1)
    • CVE-2025-49553: Adobe Connect XSS vulnerability (9.3 CVSS)
    • Patches for Illustrator, FrameMaker, Photoshop, InDesign, Animate, Bridge, Substance 3D
      • Oracle Critical Patch Update (October 2025)
      • 374 new security patches addressing ~260 unique CVEs
      • CVE-2025-61882: Oracle E-Business Suite zero-day (exploited by ransomware groups)
      • 73 patches for Oracle Communications (47 remotely exploitable without authentication)
      • 20 patches for Fusion Middleware (17 remote unauthenticated)
      • 18 fixes for MySQL
      • Updates for PeopleSoft, JD Edwards, Siebel, Oracle Commerce, Database Server
        • SAP Security Updates
        • 18 new security notes plus 1 updated note
        • CVE-2025-42890: SQL Anywhere Monitor hardcoded credentials (10.0 CVSS - PERFECT SCORE)
        • CVE-2025-42887: SAP Solution Manager code injection (9.9 CVSS)
        • CVE-2025-42944: NetWeaver Java insecure deserialisation (updated patch)
        • CVE-2025-42940: CommonCryptoLib memory corruption
          • Mozilla Firefox Updates
          • Firefox 145.0 released November 11th
          • 15 security vulnerabilities fixed (8 high impact)
          • New anti-fingerprinting measures halving trackable users
          • Memory safety and sandbox escape prevention
            • Apple Security Updates
            • iOS/iPadOS 17.1 and macOS 14.1 released
            • 100+ vulnerabilities patched across iPhones, iPads, Macs
            • Critical kernel and WebKit bugs fixed
            • Zero-click exploit prevention
              • Google Security Updates
              • Chrome 142 with 5 security bug fixes
              • Android November 2025 bulletin (patch level 2025-11-01)
              • CVE-2025-48593 and CVE-2025-48581 affecting Android 13-16
                • Third-Party Critical Vulnerabilities
                • WordPress Post SMTP plugin: CVE-2025-11833 (9.8 CVSS, actively exploited, 200,000+ sites affected)
                • WatchGuard Firebox: CVE-2025-9242 (critical out-of-bounds write, 75,000 devices exposed)
                • Cisco IOS/XE routers: CVE-2025-20352 (SNMP service, actively exploited for rootkit deployment)
                  • Critical Action Items for Businesses
                  IMMEDIATE (Deploy Within 24-48 Hours)
                  1. Microsoft Exchange Server - Apply CVE-2025-0078 patch or isolate internet-facing servers
                  2. Adobe Commerce/Magento - Deploy CVE-2025-54236 hotfix immediately if running Magento
                  3. Windows Kernel - Patch CVE-2025-0445 zero-day exploit
                  4. Edge/Chrome - Update browsers to address CVE-2025-0334
                  5. Oracle E-Business Suite - Verify CVE-2025-61882 patch deployed
                  6. WordPress Post SMTP - Update to v3.6.1 or remove plugin
                  7. Cisco routers - Apply CVE-2025-20352 patches and check for compromise
                    8. HIGH PRIORITY (Deploy Within 1 Week)
                    1. SAP systems - Apply critical patches for CVE-2025-42890 and CVE-2025-42887
                    2. WSUS servers - Verify CVE-2025-59287 patch installed correctly
                    3. Adobe Connect - Update to version 12.10
                    4. Firefox, Chrome, Edge - Deploy browser updates organisation-wide
                    5. Android devices - Deploy November 2025 security bulletin
                    6. WatchGuard Firebox - Apply CVE-2025-9242 patch
                      7. STANDARD PRIORITY (Deploy Within 2-4 Weeks)
                      1. All other Microsoft patches - Complete Windows and Office updates
                      2. Adobe Creative Suite - Update Illustrator, Photoshop, InDesign, etc.
                      3. Oracle - Complete October CPU deployment across all Oracle products
                      4. SAP - Apply remaining security notes across SAP landscape
                        5. CVE Quick Reference
                        CVE ID
                        Vendor
                        Severity
                        Status
                        Product
                        CVE-2025-0445
                        Microsoft
                        Critical
                        Actively Exploited
                        Windows Kernel
                        CVE-2025-0334
                        Microsoft
                        Critical
                        Actively Exploited
                        Edge/Chrome V8
                        CVE-2025-0078
                        Microsoft
                        Critical
                        Not Exploited Yet
                        Exchange Server
                        CVE-2025-1789
                        Microsoft
                        Critical
                        Not Exploited Yet
                        MSHTML
                        CVE-2025-59287
                        Microsoft
                        Critical (9.8)
                        Actively Exploited
                        WSUS
                        CVE-2025-54236
                        Adobe
                        Critical (9.1)
                        Actively Exploited
                        Magento/Commerce
                        CVE-2025-49553
                        Adobe
                        Critical (9.3)
                        Not Exploited Yet
                        Adobe Connect
                        CVE-2025-61882
                        Oracle
                        Critical
                        Actively Exploited
                        E-Business Suite
                        CVE-2025-42890
                        SAP
                        Critical (10.0)
                        Not Exploited Yet
                        SQL Anywhere Monitor
                        CVE-2025-42887
                        SAP
                        Critical (9.9)
                        Not Exploited Yet
                        Solution Manager
                        CVE-2025-11833
                        WordPress
                        Critical (9.8)
                        Actively Exploited
                        Post SMTP Plugin
                        CVE-2025-20352
                        Cisco
                        High
                        Actively Exploited
                        IOS/XE SNMP
                        CVE-2025-9242
                        WatchGuard
                        Critical
                        Not Exploited Yet
                        Firebox Firewalls
                        Resources & Links
                        Vendor Security Bulletins
                        • Microsoft Security Update Guide: https://msrc.microsoft.com/update-guide
                        • Adobe Security Bulletins: https://helpx.adobe.com/security.html
                        • Oracle Critical Patch Updates: https://www.oracle.com/security-alerts/
                        • SAP Security Notes: https://support.sap.com/securitynotes
                        • Mozilla Security Advisories: https://www.mozilla.org/security/advisories/
                        • CISA Known Exploited Vulnerabilities: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
                          • Patch Tuesday Resources
                          • Microsoft Tech Community: https://techcommunity.microsoft.com/
                          • Patch Tuesday Dashboard: https://patchtuesdaydashboard.com/
                          • Security Week Patch Tuesday Coverage: https://www.securityweek.com/
                            • Small Business Cybersecurity Resources
                            • Blog: https://thesmallbusinesscybersecurityguy.co.uk
                            • NCSC Small Business Guide: https://www.ncsc.gov.uk/smallbusiness
                            • Cyber Essentials: https://www.ncsc.gov.uk/cyberessentials
                              • Key Statistics
                              • 89 Microsoft vulnerabilities patched
                              • 4 actively exploited zero-days (Microsoft)
                              • 23 remote code execution flaws (Microsoft)
                              • 35+ Adobe vulnerabilities fixed
                              • 374 Oracle security patches
                              • 18 SAP security notes
                              • 200,000+ WordPress sites affected by Post SMTP bug
                              • 75,000 WatchGuard devices exposed online
                                • Narrator

                                Graham Falkner brings his distinctive voice to The Small Business Cyber Security Guy Podcast's research segments. With a background as a former movie trailer narrator and Shakespearean actor, Graham delivers technical security information with gravitas and authority, providing the factual foundation for Noel and Mauven's practical discussions.

                                About The Small Business Cyber Security Guy Podcast

                                The Small Business Cyber Security Guy Podcast translates enterprise-grade cybersecurity into practical, affordable solutions for small and medium businesses. Hosted by Noel Bradford (40+ years IT/cybersecurity veteran) and Mauven MacLeod (ex-NCSC government analyst), the show combines deep technical expertise with authentic British humour to make cybersecurity accessible, actionable, and entertaining.

                                Target Audience: UK small businesses (5-50 employees) who need practical cybersecurity advice within real-world budget and resource constraints.

                                Connect With Us
                                • Website: https://thesmallbusinesscybersecurityguy.co.uk
                                • Subscribe: Available on Apple Podcasts, Spotify, and all major podcast platforms
                                • Social Media: Follow us on LinkedIn for daily cybersecurity insights
                                • Contact: [email protected]

                                  •  

                                  Help us spread the word about practical cybersecurity for small businesses:

                                  • ⭐ Subscribe to never miss an episode
                                  • ⭐ Leave a review on Apple Podcasts or Spotify
                                  • ⭐ Share this episode with other business owners who need to hear this
                                  • ⭐ Comment below with topics you'd like us to cover next
                                  • ⭐ Visit the blog at thesmallbusinesscybersecurityguy.co.uk for written guides and resources
                                    • Disclaimer

                                    This podcast provides educational information about cybersecurity topics. While we strive for accuracy, the threat landscape changes rapidly. Information is current as of November 2025 but may become outdated. Always verify patch information with official vendor sources and test updates in your specific environment before deployment. The hosts are not liable for any actions taken based on this information. Always implement cybersecurity measures appropriate to your business needs and risk profile.

                                    Next Episode

                                    Stay tuned for our next episode where Noel and Mauven discuss practical patch management strategies for small businesses, including how to prioritise updates when you can't deploy everything immediately.

                                    Episode Length: 10-11 minutes

                                    Difficulty Level: Intermediate to Advanced
                                    Best For: IT managers, business owners, MSP clients, anyone responsible for patching

                                    The Small Business Cyber Security Guy Podcast - Making Enterprise Cybersecurity Practical for Small Businesses

                                    ...more
                                    View all episodesView all episodes
                                    Download on the App Store
                                    The Small Business Cyber Security Guy | Cybersecurity for SMB & StartupsBy The Small Business Cyber Security Guy