Microsoft Patch Tuesday December 2025
This release addresses 57 vulnerabilities. 3 of these vulnerabilities are rated critical. One vulnerability was already exploited, and two were publicly disclosed before the patch was released.
CVE-2025-62221: This privilege escalation vulnerability in the Microsoft Cloud Files Mini Filters driver is already being exploited.
CVE-2025-54100: A PowerShell script using Invoke-WebRequest may execute scripts that are included in the response. This is what Invoke-WebRequest is supposed to do. The patch adds a warning suggesting adding the -UseBasicParsing parameter to avoid executing scripts.
CVE-2025-64671: The GitHub Copilot plugin for JetBrains may lead to remote code execution. This is overall an issue with many AI code assistance as they have far-reaching access to the IDE.
The critical vulnerabilities are remote code execution vulnerabilities in Office and Outlook.
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| Application Information Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-62572 | No | No | - | - | Important | 7.8 | 6.8 |
| Azure Monitor Agent Remote Code Execution Vulnerability | |||||||
| CVE-2025-62550 | No | No | - | - | Important | 8.8 | 7.7 |
| DirectX Graphics Kernel Denial of Service Vulnerability | |||||||
| CVE-2025-62463 | No | No | - | - | Important | 6.5 | 5.7 |
| CVE-2025-62465 | No | No | - | - | Important | 6.5 | 5.7 |
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2025-62573 | No | No | - | - | Important | 7.0 | 6.1 |
| GitHub Copilot for Jetbrains Remote Code Execution Vulnerability | |||||||
| CVE-2025-64671 | Yes | No | - | - | Important | 8.4 | 7.3 |
| Microsoft Access Remote Code Execution Vulnerability | |||||||
| CVE-2025-62552 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | |||||||
| CVE-2025-62469 | No | No | - | - | Important | 7.0 | 6.1 |
| CVE-2025-62569 | No | No | - | - | Important | 7.0 | 6.1 |
| Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability | |||||||
| CVE-2025-62223 | No | No | - | - | Low | 4.3 | 3.8 |
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2025-62561 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-62563 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-62564 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-62553 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-62556 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-62560 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||||
| CVE-2025-64666 | No | No | - | - | Important | 7.5 | 6.5 |
| Microsoft Exchange Server Spoofing Vulnerability | |||||||
| CVE-2025-64667 | No | No | - | - | Important | 5.3 | 4.6 |
| Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | |||||||
| CVE-2025-62455 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Office Remote Code Execution Vulnerability | |||||||
| CVE-2025-62554 | No | No | - | - | Critical | 8.4 | 7.3 |
| CVE-2025-62557 | No | No | - | - | Critical | 8.4 | 7.3 |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||||
| CVE-2025-62562 | No | No | - | - | Critical | 7.8 | 6.8 |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||||
| CVE-2025-64672 | No | No | - | - | Important | 8.8 | 7.7 |
| Microsoft Word Remote Code Execution Vulnerability | |||||||
| CVE-2025-62555 | No | No | - | - | Important | 7.0 | 6.1 |
| CVE-2025-62558 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-62559 | No | No | - | - | Important | 7.8 | 6.8 |
| PowerShell Remote Code Execution Vulnerability | |||||||
| CVE-2025-54100 | Yes | No | - | - | Important | 7.8 | 6.8 |
| Win32k Elevation of Privilege Vulnerability | |||||||
| CVE-2025-62458 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Camera Frame Server Monitor Information Disclosure Vulnerability | |||||||
| CVE-2025-62570 | No | No | - | - | Important | 7.1 | 6.2 |
| Windows Client-Side Caching Elevation of Privilege Vulnerability | |||||||
| CVE-2025-62466 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-62454 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-62457 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-62221 | No | Yes | - | - | Important | 7.8 | 6.8 |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-62470 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||||
| CVE-2025-64679 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-64680 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Defender Firewall Service Information Disclosure Vulnerability | |||||||
| CVE-2025-62468 | No | No | - | - | Important | 4.4 | 3.9 |
| Windows DirectX Information Disclosure Vulnerability | |||||||
| CVE-2025-64670 | No | No | - | - | Important | 6.5 | 5.7 |
| Windows File Explorer Elevation of Privilege Vulnerability | |||||||
| CVE-2025-64658 | No | No | - | - | Important | 7.5 | 6.5 |
| CVE-2025-62565 | No | No | - | - | Important | 7.3 | 6.4 |
| Windows Hyper-V Denial of Service Vulnerability | |||||||
| CVE-2025-62567 | No | No | - | - | Important | 5.3 | 4.6 |
| Windows Installer Elevation of Privilege Vulnerability | |||||||
| CVE-2025-62571 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Projected File System Elevation of Privilege Vulnerability | |||||||
| CVE-2025-62461 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-62462 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-62464 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-55233 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-62467 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||||
| CVE-2025-62472 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-62474 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |||||||
| CVE-2025-62456 | No | No | - | - | Important | 8.8 | 7.7 |
| Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | |||||||
| CVE-2025-62473 | No | No | - | - | Important | 6.5 | 5.7 |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||||
| CVE-2025-62549 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2025-64678 | No | No | - | - | Important | 8.8 | 7.7 |
| Windows Shell Elevation of Privilege Vulnerability | |||||||
| CVE-2025-64661 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Storage VSP Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-64673 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-59516 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-59517 | No | No | - | - | Important | 7.8 | 6.8 |
--
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
Keywords: microsoft patches patch Tuesday
0 comment(s)ISC Stormcast For Tuesday, December 9th, 2025 https://isc.sans.edu/podcastdetail/9730
×
![modal content]()
Diary Archives
Comments