Share via

Microsoft December 2025 Security Updates / FYI

NICK ADSL UK 25 Reputation points
2025-12-09T18:19:42.36+00:00

Microsoft December 2025 Security Updates

This release consists of the following 57 Microsoft CVEs:

Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

Windows PowerShell CVE-2025-54100  

Windows Projected File System CVE-2025-55233 

Windows Storage VSP Driver CVE-2025-59516 

Windows Storage VSP Driver CVE-2025-59517 

Windows Cloud Files Mini Filter Driver CVE-2025-62221 

Microsoft Edge for iOS CVE-2025-62223 

Windows Cloud Files Mini Filter Driver CVE-2025-62454 

Windows Message Queuing CVE-2025-62455 

Windows Resilient File System (ReFS) CVE-2025-62456 

Windows Cloud Files Mini Filter Driver CVE-2025-62457 

Windows Win32K - GRFX CVE-2025-62458 

Windows Projected File System Filter Driver CVE-2025-62461

Windows Projected File System CVE-2025-62462 

Windows DirectX CVE-2025-62463 

Windows Projected File System CVE-2025-62464 

Windows DirectX CVE-2025-62465 

Windows Client-Side Caching (CSC) Service CVE-2025-62466

Windows Projected File System CVE-2025-62467 

Windows Defender Firewall Service CVE-2025-62468 

Microsoft Brokering File System CVE-2025-62469 

Windows Common Log File System Driver CVE-2025-62470 

Windows Remote Access Connection Manager CVE-2025-62472 

Windows Routing and Remote Access Service (RRAS) CVE-2025-62473 

Windows Remote Access Connection Manager CVE-2025-62474 

Windows Routing and Remote Access Service (RRAS) CVE-2025-62549 

Azure Monitor Agent CVE-2025-62550 

Microsoft Office Access CVE-2025-62552 

Microsoft Office Excel CVE-2025-62553 

Microsoft Office CVE-2025-62554 

Microsoft Office Word CVE-2025-62555 

Microsoft Office Excel CVE-2025-62556 

Microsoft Office CVE-2025-62557 

Microsoft Office Word CVE-2025-62558 

Microsoft Office Word CVE-2025-62559 

Microsoft Office Excel CVE-2025-62560 

Microsoft Office Excel CVE-2025-62561 

Microsoft Office Outlook CVE-2025-62562 

Microsoft Office Excel CVE-2025-62563

Microsoft Office Excel CVE-2025-62564 

Windows Shell CVE-2025-62565 

Windows Hyper-V CVE-2025-62567 

Microsoft Brokering File System CVE-2025-62569 

Windows Camera Frame Server Monitor CVE-2025-62570 

Windows Installer CVE-2025-62571 

Application Information Services CVE-2025-62572 

Windows DirectX CVE-2025-62573 

Windows Shell CVE-2025-64658 

Windows Shell CVE-2025-64661 

Microsoft Exchange Server CVE-2025-64666 

Microsoft Exchange Server CVE-2025-64667 

Microsoft Graphics Component CVE-2025-64670 

Copilot CVE-2025-64671

Microsoft Office SharePoint CVE-2025-64672 

Storvsp.sys Driver CVE-2025-64673 

Windows Routing and Remote Access Service (RRAS) CVE-2025-64678 

Windows DWM Core Library CVE-2025-64679 

Windows DWM Core Library CVE-2025-64680 

We are republishing 13 non-Microsoft CVEs:

CNA Tag CVE FAQs? Workarounds? Mitigations?

Chrome Microsoft Edge (Chromium-based) CVE-2025-13630 

Chrome Microsoft Edge (Chromium-based) CVE-2025-13631 

Chrome Microsoft Edge (Chromium-based) CVE-2025-13632 

Chrome Microsoft Edge (Chromium-based) CVE-2025-13633 

Chrome Microsoft Edge (Chromium-based) CVE-2025-13634 

Chrome Microsoft Edge (Chromium-based) CVE-2025-13635 

Chrome Microsoft Edge (Chromium-based) CVE-2025-13636 

Chrome Microsoft Edge (Chromium-based) CVE-2025-13637 

Chrome Microsoft Edge (Chromium-based) CVE-2025-13638 

Chrome Microsoft Edge (Chromium-based) CVE-2025-13639 

Chrome Microsoft Edge (Chromium-based) CVE-2025-13640 

Chrome Microsoft Edge (Chromium-based) CVE-2025-13720 

Chrome Microsoft Edge (Chromium-based) CVE-2025-13721 

Security Update Guide Blog Posts

Date Blog Post

October 31, 2025 You asked, we delivered: Introducing new features for an improved security experience

October 28, 2025 Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know

October 22, 2025 Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond

November 12, 2024 Toward greater transparency: Publishing machine-readable CSAF files

June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs

April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs

January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API

January 11, 2022 Coming Soon: New Security Update Guide Notification System

February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API

January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners

December 8, 2020 Security Update Guide: Let’s keep the conversation going

November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

  • The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  • Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
  • Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To

5071413 Windows Server 2022 Hotpatch

5072014 Windows Server 2025 Hotpatch

5071504 Windows Server 2008 (Monthly Rollup)

5071507 Windows Server 2008 (Security-only update)

5071542 Windows Server 23H2

5071547 Windows Server 2022

5072033 Windows 11, version 24H2, Windows 11, version 25H2, Server 2025

Released: Dec 9, 2025

https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec

Microsoft Security | Intune | Updates
0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.