Microsoft Patch Tuesday, December 2025 Security Update Review
As the year winds down, Microsoft Patch Tuesday in December arrives with essential fixes and enhancements to close vulnerabilities and boost performance. Here’s a quick breakdown of what you need to know.
Microsoft Patch Tuesday for December 2025
This month’s release addresses 72 vulnerabilities, including three critical and 55 important-severity vulnerabilities.
In this month’s updates, Microsoft has addressed three zero-day vulnerabilities. One of them was exploited, and two were publicly disclosed.
Microsoft has addressed 15 vulnerabilities in Microsoft Edge (Chromium-based) in this month’s updates.
Microsoft Patch Tuesday, December edition, includes updates for vulnerabilities in Windows Hyper-V, Windows Message Queuing, Windows Defender Firewall Service, Windows Common Log File System Driver, Windows Remote Access Connection Manager, and more.
From elevation of privilege flaws to remote code execution risks, this month’s patches are essential for organizations aiming to maintain a robust security posture.
The December 2025 Microsoft vulnerabilities are classified as follows:
| Vulnerability Category | Quantity | Severities |
| Spoofing Vulnerability | 3 | Important: 3 |
| Denial of Service Vulnerability | 3 | Important: 3 |
| Elevation of Privilege Vulnerability | 28 | Important: 38 |
| Information Disclosure Vulnerability | 4 | Important: 5 |
| Remote Code Execution Vulnerability | 19 | Critical: 3 Important: 16 |
Zero-day Vulnerabilities Patched in December Patch Tuesday Edition
CVE-2025-64671: GitHub Copilot for JetBrains Remote Code Execution Vulnerability
A command injection flaw in Copilot may allow an unauthenticated attacker to execute code remotely.
CVE-2025-62221: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
A use-after-free flaw in Windows Cloud Files Mini Filter Driver may allow the attacker to gain SYSTEM privileges.
CISA acknowledged the vulnerability’s active exploitation by adding it to its Known Exploited Vulnerabilities Catalog and urging users to patch it before December 30, 2025.
CVE-2025-54100: PowerShell Remote Code Execution Vulnerability
A command injection flaw in the Windows PowerShell allows an unauthorized attacker to execute code remotely.
After installing the updates, using the Invoke-WebRequest command triggers a confirmation prompt that warns users about the potential security risks associated with script execution.
Here is the command prompt:
Security Warning: Script Execution Risk Invoke-WebRequest parses the content of the web page. Script code in the web page might be run when the page is parsed. RECOMMENDED ACTION: Use the -UseBasicParsing switch to avoid script code execution. Do you want to continue? ```
For additional details, see KB5074596: PowerShell 5.1: Preventing script execution from web content.
Critical Severity Vulnerabilities Patched in December Patch Tuesday Edition
CVE-2025-62562: Microsoft Outlook Remote Code Execution Vulnerability
A use-after-free vulnerability in Microsoft Office Outlook may allow an unauthenticated attacker to execute code remotely.
CVE-2025-62554: Microsoft Office Remote Code Execution Vulnerability
A type confusion vulnerability in Microsoft Office may allow an unauthenticated attacker to execute code remotely.
CVE-2025-62557: Microsoft Office Remote Code Execution Vulnerability
A use-after-free vulnerability in Microsoft Office may allow an unauthenticated attacker to execute code remotely.
Other Microsoft Vulnerability Highlights
- CVE-2025-62454 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges.
- CVE-2025-62458 is an elevation of privilege vulnerability in the Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
- CVE-2025-62470 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges.
- CVE-2025-62472 is an elevation of privilege vulnerability in the Windows Remote Access Connection Manager. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
- CVE-2025-59516 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges.
- CVE-2025-59517 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges.
Microsoft Release Summary
This month’s release notes cover multiple Microsoft product families and products/versions affected, including, but not limited to, Windows PowerShell, Windows Projected File System, Windows Storage VSP Driver, Windows Cloud Files Mini Filter Driver, Microsoft Edge for iOS, Windows Resilient File System (ReFS), Windows Win32K – GRFX, Windows Projected File System Filter Driver, Windows DirectX, Windows Client-Side Caching (CSC) Service, Microsoft Brokering File System, Windows Routing and Remote Access Service (RRAS), Azure Monitor Agent, Microsoft Office Access, Microsoft Office Excel, Microsoft Office, Microsoft Office Word, Microsoft Office Outlook, Windows Shell, Windows Camera Frame Server Monitor, Windows Installer, Application Information Services, Microsoft Exchange Server, Microsoft Graphics Component, Copilot, Microsoft Office SharePoint, Storvsp.sys Driver, Windows DWM Core Library, and Microsoft Edge (Chromium-based).
The next Patch Tuesday is scheduled for January 13, and we will provide details and patch analysis at that time. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patches’ webinar.’
Qualys Monthly Webinar Series
The Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys Vulnerability Management Detection Response (VMDR) and Qualys Patch Management. Combining these two solutions can reduce the median time to remediate critical vulnerabilities.
During the webcast, we will discuss this month’s high-impact vulnerabilities, including those that are a part of this month’s Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management.
Join the webinar
This Month in Vulnerabilities & Patches