{ "@context": "https://schema.org", "@graph": [ { "@type": "BreadcrumbList", "itemListElement": [ { "@type": "ListItem", "position": 1, "name": "laptop data recovery", "item": "https://www.1300nerdcore.com.au/laptop-data-recovery" }, { "@type": "ListItem", "position": 2, "name": "nerdcore pc systems - New custom gaming computers", "item": "https://www.1300nerdcore.com.au/custom-pcs-build" }, { "@type": "ListItem", "position": 3, "name": "seagate data recovery prices ", "item": "https://www.1300nerdcore.com.au/data-recovery-prices" }, { "@type": "ListItem", "position": 4, "name": "western digital data recovery prices", "item": "https://www.1300nerdcore.com.au/new-computers-for-sale" }, { "@type": "ListItem", "position": 5, "name": "amd ryzen gaming computer repairs", "item": "https://www.1300nerdcore.com.au/microsoftserver" }, { "@type": "ListItem", "position": 6, "name": "computer virus removal", "item": "https://www.1300nerdcore.com.au/virus-spyware-removal" } ] } ] }
top of page
Search

Microsoft's December 2025 Patch Tuesday addresses 3 zero-day vulnerabilities and 57 flaws.

  • 23 hours ago
  • 7 min read
Microsoft Patch Tuesdat
Microsoft Patch Tuesdat

Microsoft's December 2025 Patch Tuesday addresses 3 zero-day vulnerabilities and 57 flaws.

Microsoft's December 2025 Patch Tuesday addresses 3 zero-day vulnerabilities and 57 flaws.
Microsoft's December 2025 Patch Tuesday addresses 3 zero-day vulnerabilities and 57 flaws.

On this December 2025 Patch Tuesday, Microsoft has released updates addressing 57 flaws, including one that is actively exploited and two publicly disclosed zero-day vulnerabilities.

This update also resolves three "Critical" remote code execution vulnerabilities.

The count of bugs in each vulnerability category is detailed below:


  • 28 Elevation of Privilege Vulnerabilities

  • 19 Remote Code Execution Vulnerabilities

  • 4 Information Disclosure Vulnerabilities

  • 3 Denial of Service Vulnerabilities

  • 2 Spoofing Vulnerabilities

When Nerdcore PC Systems covers Patch Tuesday security updates, we include only those issued by Microsoft today. As a result, the flaw count excludes 15 Microsoft Edge vulnerabilities and Mariner vulnerabilities addressed earlier this month.

To find out more about today's non-security updates, you can check our specific articles on the Windows 11 KB5072033 & KB5071417 cumulative updates.


If you're experiencing delays, blind spots, or prioritization challenges with Patch Tuesday updates, our recent webinar with Action1 shows how modern patch management enables organizations to patch more quickly and reduce risk.

3 zero-days, one exploited

This month's Patch Tuesday addresses one actively exploited and two publicly disclosed zero-day vulnerabilities.

Microsoft defines a zero-day flaw as one that is publicly disclosed or actively exploited without an official fix available.

Microsoft Tuesday Patch
Microsoft Tuesday Patch

The actively exploited zero-day is:

CVE-2025-62221 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability


Microsoft has addressed an actively exploited privilege elevation vulnerability in the Windows Cloud Files Mini Filter Driver.

"Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally," Microsoft explains.


According to Microsoft, successfully exploiting the flaw enables attackers to obtain SYSTEM privileges.


The flaw has been attributed by Microsoft to the Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC), but details on how it was exploited have not been shared.




The publicly disclosed zero-day vulnerabilities include:

CVE-2025-64671 - GitHub Copilot for Jetbrains Remote Code Execution Vulnerability

Microsoft has addressed a GitHub Copilot vulnerability that was publicly disclosed, which allows attackers to execute commands locally.


"Improper neutralization of special elements used in a command ('command injection') in Copilot enables an unauthorized attacker to run code locally," Microsoft explains.

According to Microsoft, the vulnerability can be exploited through a Cross Prompt Injection in untrusted files or MCP servers.


"Through a malicious Cross Prompt Injection in untrusted files or MCP servers, an attacker could execute additional commands by appending them to commands permitted in the user's terminal auto-approve setting," Microsoft continued.


Microsoft credits the discovery of this flaw to Ari Marzuk, who recently revealed it in his "IDEsaster: A Novel Vulnerability Class in AI IDEs" report.


CVE-2025-54100 - PowerShell Remote Code Execution Vulnerability

Microsoft has resolved a PowerShell vulnerability that could lead to the execution of scripts embedded in a webpage when the page is accessed using Invoke-WebRequest.

"Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to run code locally," Microsoft states.

Microsoft has implemented a change that issues a warning when PowerShell uses 'Invoke-WebRequest,' advising users to add the -UseBasicParsing option to prevent code execution.

Security Warning: Script Execution Risk
Invoke-WebRequest parses the content of the web page. Script code in the web page might be run when the page is parsed.
      RECOMMENDED ACTION:
      Use the -UseBasicParsing switch to avoid script code execution.
      Do you want to continue?
			```
 
For additional details, see [KB5074596: PowerShell 5.1: Preventing script execution from web content](https://support.microsoft.com/help/5072034).

Microsoft credits this vulnerability to several researchers, including Justin Necke, DeadOverflow, Pēteris Hermanis Osipovs, Anonymous, Melih Kaan Yıldız, and Osman Eren Güneş.

Recent updates from other companies

In December 2025, several vendors issued updates or advisories:

  • Adobe provided security updates for ColdFusion, Experience Manager, DNG SDK, Acrobat Reader, and Creative Cloud Desktop.

  • Fortinet issued security updates for various products, including a critical FortiCloud SSO Login Authentication Bypass flaw.

  • Google has published Android's December security bulletin, addressing two actively exploited vulnerabilities.

  • Ivanti issued security patches as part of its December 2025 Patch Tuesday updates, featuring a fix for a 9.6/10 Stored XSS flaw in Ivanti Endpoint Manager.

  • React provided security updates for a critical RCE flaw in React Server Components. This flaw, known as React2Shell, is now widely exploited in attacks.

  • SAP issued the December security updates for multiple products, including a fix for a 9.9/10 code injection flaw in SAP Solution Manager.

Below is the comprehensive list of vulnerabilities resolved in the December 2025 Patch Tuesday updates.

For a detailed description of each vulnerability and the systems affected, you can view the full report here.

Microsoft Tuesday Patch
Microsoft Tuesday Patch

Tag

CVE ID

CVE Title

Severity

Application Information Services

CVE-2025-62572

Application Information Service Elevation of Privilege Vulnerability

Important

Azure Monitor Agent

CVE-2025-62550

Azure Monitor Agent Remote Code Execution Vulnerability

Important

Copilot

CVE-2025-64671

GitHub Copilot for Jetbrains Remote Code Execution Vulnerability

Important

Microsoft Brokering File System

CVE-2025-62569

Microsoft Brokering File System Elevation of Privilege Vulnerability

Important

Microsoft Brokering File System

CVE-2025-62469

Microsoft Brokering File System Elevation of Privilege Vulnerability

Important

Microsoft Edge (Chromium-based)

CVE-2025-13634

Chromium: CVE-2025-13634 Inappropriate implementation in Downloads

Unknown

Microsoft Edge (Chromium-based)

CVE-2025-13721

Chromium: CVE-2025-13721 Race in v8

Unknown

Microsoft Edge (Chromium-based)

CVE-2025-13630

Chromium: CVE-2025-13630 Type Confusion in V8

Unknown

Microsoft Edge (Chromium-based)

CVE-2025-13631

Chromium: CVE-2025-13631 Inappropriate implementation in Google Updater

Unknown

Microsoft Edge (Chromium-based)

CVE-2025-13632

Chromium: CVE-2025-13632 Inappropriate implementation in DevTools

Unknown

Microsoft Edge (Chromium-based)

CVE-2025-13633

Chromium: CVE-2025-13633 Use after free in Digital Credentials

Unknown

Microsoft Edge (Chromium-based)

CVE-2025-13638

Chromium: CVE-2025-13638 Use after free in Media Stream

Unknown

Microsoft Edge (Chromium-based)

CVE-2025-13639

Chromium: CVE-2025-13639 Inappropriate implementation in WebRTC

Unknown

Microsoft Edge (Chromium-based)

CVE-2025-13640

Chromium: CVE-2025-13640 Inappropriate implementation in Passwords

Unknown

Microsoft Edge (Chromium-based)

CVE-2025-13637

Chromium: CVE-2025-13637 Inappropriate implementation in Downloads

Unknown

Microsoft Edge (Chromium-based)

CVE-2025-13720

Chromium: CVE-2025-13720 Bad cast in Loader

Unknown

Microsoft Edge (Chromium-based)

CVE-2025-13635

Chromium: CVE-2025-13635 Inappropriate implementation in Downloads

Unknown

Microsoft Edge (Chromium-based)

CVE-2025-13636

Chromium: CVE-2025-13636 Inappropriate implementation in Split View

Unknown

Microsoft Edge for iOS

CVE-2025-62223

Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability

Low

Microsoft Exchange Server

CVE-2025-64666

Microsoft Exchange Server Elevation of Privilege Vulnerability

Important

Microsoft Exchange Server

CVE-2025-64667

Microsoft Exchange Server Spoofing Vulnerability

Important

Microsoft Graphics Component

CVE-2025-64670

Windows DirectX Information Disclosure Vulnerability

Important

Microsoft Office

CVE-2025-62554

Microsoft Office Remote Code Execution Vulnerability

Critical

Microsoft Office

CVE-2025-62557

Microsoft Office Remote Code Execution Vulnerability

Critical

Microsoft Office Access

CVE-2025-62552

Microsoft Access Remote Code Execution Vulnerability

Important

Microsoft Office Excel

CVE-2025-62560

Microsoft Excel Remote Code Execution Vulnerability

Important

Microsoft Office Excel

CVE-2025-62563

Microsoft Excel Remote Code Execution Vulnerability

Important

Microsoft Office Excel

CVE-2025-62561

Microsoft Excel Remote Code Execution Vulnerability

Important

Microsoft Office Excel

CVE-2025-62564

Microsoft Excel Remote Code Execution Vulnerability

Important

Microsoft Office Excel

CVE-2025-62553

Microsoft Excel Remote Code Execution Vulnerability

Important

Microsoft Office Excel

CVE-2025-62556

Microsoft Excel Remote Code Execution Vulnerability

Important

Microsoft Office Outlook

CVE-2025-62562

Microsoft Outlook Remote Code Execution Vulnerability

Critical

Microsoft Office SharePoint

CVE-2025-64672

Microsoft SharePoint Server Spoofing Vulnerability

Important

Microsoft Office Word

CVE-2025-62558

Microsoft Word Remote Code Execution Vulnerability

Important

Microsoft Office Word

CVE-2025-62559

Microsoft Word Remote Code Execution Vulnerability

Important

Microsoft Office Word

CVE-2025-62555

Microsoft Word Remote Code Execution Vulnerability

Important

Storvsp.sys Driver

CVE-2025-64673

Windows Storage VSP Driver Elevation of Privilege Vulnerability

Important

Windows Camera Frame Server Monitor

CVE-2025-62570

Windows Camera Frame Server Monitor Information Disclosure Vulnerability

Important

Windows Client-Side Caching (CSC) Service

CVE-2025-62466

Windows Client-Side Caching Elevation of Privilege Vulnerability

Important

Windows Cloud Files Mini Filter Driver

CVE-2025-62457

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Important

Windows Cloud Files Mini Filter Driver

CVE-2025-62454

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Important

Windows Cloud Files Mini Filter Driver

CVE-2025-62221

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Important

Windows Common Log File System Driver

CVE-2025-62470

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Important

Windows Defender Firewall Service

CVE-2025-62468

Windows Defender Firewall Service Information Disclosure Vulnerability

Important

Windows DirectX

CVE-2025-62463

DirectX Graphics Kernel Denial of Service Vulnerability

Important

Windows DirectX

CVE-2025-62465

DirectX Graphics Kernel Denial of Service Vulnerability

Important

Windows DirectX

CVE-2025-62573

DirectX Graphics Kernel Elevation of Privilege Vulnerability

Important

Windows DWM Core Library

CVE-2025-64679

Windows DWM Core Library Elevation of Privilege Vulnerability

Important

Windows DWM Core Library

CVE-2025-64680

Windows DWM Core Library Elevation of Privilege Vulnerability

Important

Windows Hyper-V

CVE-2025-62567

Windows Hyper-V Denial of Service Vulnerability

Important

Windows Installer

CVE-2025-62571

Windows Installer Elevation of Privilege Vulnerability

Important

Windows Message Queuing

CVE-2025-62455

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

Important

Windows PowerShell

CVE-2025-54100

PowerShell Remote Code Execution Vulnerability

Important

Windows Projected File System

CVE-2025-62464

Windows Projected File System Elevation of Privilege Vulnerability

Important

Windows Projected File System

CVE-2025-55233

Windows Projected File System Elevation of Privilege Vulnerability

Important

Windows Projected File System

CVE-2025-62462

Windows Projected File System Elevation of Privilege Vulnerability

Important

Windows Projected File System

CVE-2025-62467

Windows Projected File System Elevation of Privilege Vulnerability

Important

Windows Projected File System Filter Driver

CVE-2025-62461

Windows Projected File System Elevation of Privilege Vulnerability

Important

Windows Remote Access Connection Manager

CVE-2025-62474

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Important

Windows Remote Access Connection Manager

CVE-2025-62472

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Important

Windows Resilient File System (ReFS)

CVE-2025-62456

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Important

Windows Routing and Remote Access Service (RRAS)

CVE-2025-62549

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Important

Windows Routing and Remote Access Service (RRAS)

CVE-2025-62473

Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Important

Windows Routing and Remote Access Service (RRAS)

CVE-2025-64678

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Important

Windows Shell

CVE-2025-62565

Windows File Explorer Elevation of Privilege Vulnerability

Important

Windows Shell

CVE-2025-64661

Windows Shell Elevation of Privilege Vulnerability

Important

Windows Shell

CVE-2025-64658

Windows File Explorer Elevation of Privilege Vulnerability

Important

Windows Storage VSP Driver

CVE-2025-59517

Windows Storage VSP Driver Elevation of Privilege Vulnerability

Important

Windows Storage VSP Driver

CVE-2025-59516

Windows Storage VSP Driver Elevation of Privilege Vulnerability

Important

Windows Win32K - GRFX

CVE-2025-62458

Win32k Elevation of Privilege Vulnerability

Important

Update 12/10/25: Our subsection title regarding the zero-days incorrectly stated that two were exploited,

instead of one.

Microsoft Tuesday Patch
Microsoft Tuesday Patch

Ask your question

  • Write an answer

  • Write an answer


Comments

bottom of page