Today Microsoft released the Patch Tuesday for December 2025 and (as always) it’s worth paying attention to (and not leaving it “for later”). This update fixes 57 vulnerabilities, including one that’s already being actively exploited and two zero‑days that had been publicly disclosed.
In addition, the update bundle brings fixes for three critical remote code execution (RCE) vulnerabilities — the kind that can become a serious problem if your environment isn’t up to date.
In numbers, here’s how the patched flaws break down by type:
28 privilege elevation
19 remote code execution (RCE)
4 information disclosure
3 denial of service
2 spoofing
Important: this count only considers the patches released by Microsoft in this Patch Tuesday. That’s why it does not include the patches for Microsoft Edge (15 vulnerabilities) nor those for Mariner, which were released earlier this month.
This December 2025 Patch Tuesday arrives with a red‑alert: Microsoft fixed three zero‑day vulnerabilities. For Microsoft, a vulnerability is considered zero‑day when it is publicly disclosed or actively exploited before an official patch is available.
Microsoft patched a privilege‑elevation flaw in the Windows Cloud Files Mini Filter Driver that was already being used in attacks. In simple terms: the bug allows an attacker with access to the machine to exploit the system to elevate privileges and reach SYSTEM (the highest level in Windows). This type of vulnerability is often essential in attack chains because it turns a “limited” access into full control of the system.
Microsoft credited the discovery to MSTIC (Microsoft Threat Intelligence Center) and MSRC (Microsoft Security Response Center), although they didn’t share public details about the exploitation method.
Also fixed was a vulnerability publicly disclosed in GitHub Copilot for JetBrains associated with command injection — which can lead to code execution in the local environment. What’s the real risk? In scenarios where untrusted files are handled or there is interaction with MCP servers, a technique like cross‑prompt injection could push extra commands into the permitted flow — especially if the environment is configured in a way that facilitates execution (for example, auto‑approval in the terminal).
Microsoft also resolved a vulnerability in PowerShell that could allow execution of scripts embedded in a web page when retrieved using Invoke‑WebRequest. This hits automation workflows directly: many environments rely on PowerShell for operational tasks, deployment scripts, or integrations. That’s why, if there are workflows that consume web content, it’s wise to update and review those scripts to reduce risk and avoid unexpected behavior.
Read more: Most Exploited Zero-Day Vulnerabilities in 2025
Here’s the full list of vulnerabilities Microsoft fixed:
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Application Information Services | CVE-2025-62572 | Application Information Service Elevation of Privilege Vulnerability | Important |
| Azure Monitor Agent | CVE-2025-62550 | Azure Monitor Agent Remote Code Execution Vulnerability | Important |
| Copilot | CVE-2025-64671 | GitHub Copilot for Jetbrains Remote Code Execution Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-62569 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-62469 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2025-13634 | Chromium: CVE-2025-13634 Inappropriate implementation in Downloads | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13721 | Chromium: CVE-2025-13721 Race in v8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13630 | Chromium: CVE-2025-13630 Type Confusion in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13631 | Chromium: CVE-2025-13631 Inappropriate implementation in Google Updater | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13632 | Chromium: CVE-2025-13632 Inappropriate implementation in DevTools | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13633 | Chromium: CVE-2025-13633 Use after free in Digital Credentials | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13638 | Chromium: CVE-2025-13638 Use after free in Media Stream | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13639 | Chromium: CVE-2025-13639 Inappropriate implementation in WebRTC | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13640 | Chromium: CVE-2025-13640 Inappropriate implementation in Passwords | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13637 | Chromium: CVE-2025-13637 Inappropriate implementation in Downloads | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13720 | Chromium: CVE-2025-13720 Bad cast in Loader | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13635 | Chromium: CVE-2025-13635 Inappropriate implementation in Downloads | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13636 | Chromium: CVE-2025-13636 Inappropriate implementation in Split View | Unknown |
| Microsoft Edge for iOS | CVE-2025-62223 | Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability | Low |
| Microsoft Exchange Server | CVE-2025-64666 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2025-64667 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-64670 | Windows DirectX Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2025-62554 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-62557 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Access | CVE-2025-62552 | Microsoft Access Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62560 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62563 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62561 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62564 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62553 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62556 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2025-62562 | Microsoft Outlook Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2025-64672 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2025-62558 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-62559 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-62555 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Storvsp.sys Driver | CVE-2025-64673 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | Important |
| Windows Camera Frame Server Monitor | CVE-2025-62570 | Windows Camera Frame Server Monitor Information Disclosure Vulnerability | Important |
| Windows Client-Side Caching (CSC) Service | CVE-2025-62466 | Windows Client-Side Caching Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2025-62457 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2025-62454 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2025-62221 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2025-62470 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Defender Firewall Service | CVE-2025-62468 | Windows Defender Firewall Service Information Disclosure Vulnerability | Important |
| Windows DirectX | CVE-2025-62463 | DirectX Graphics Kernel Denial of Service Vulnerability | Important |
| Windows DirectX | CVE-2025-62465 | DirectX Graphics Kernel Denial of Service Vulnerability | Important |
| Windows DirectX | CVE-2025-62573 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2025-64679 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2025-64680 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows Hyper-V | CVE-2025-62567 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Installer | CVE-2025-62571 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Message Queuing | CVE-2025-62455 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
| Windows PowerShell | CVE-2025-54100 | PowerShell Remote Code Execution Vulnerability | Important |
| Windows Projected File System | CVE-2025-62464 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2025-55233 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2025-62462 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2025-62467 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Projected File System Filter Driver | CVE-2025-62461 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2025-62474 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2025-62472 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Resilient File System (ReFS) | CVE-2025-62456 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-62549 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-62473 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-64678 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Shell | CVE-2025-62565 | Windows File Explorer Elevation of Privilege Vulnerability | Important |
| Windows Shell | CVE-2025-64661 | Windows Shell Elevation of Privilege Vulnerability | Important |
| Windows Shell | CVE-2025-64658 | Windows File Explorer Elevation of Privilege Vulnerability | Important |
| Windows Storage VSP Driver | CVE-2025-59517 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | Important |
| Windows Storage VSP Driver | CVE-2025-59516 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | Important |
| Windows Win32K - GRFX | CVE-2025-62458 | Win32k Elevation of Privilege Vulnerability | Important |
Read more: Patch Management: Why is it essential in IT security?
Prioritize patching IT endpoints, admin systems, and critical machines (due to the actively exploited EoP).
If you have development teams, validate the update and strengthen practices around untrusted sources and terminal automations.
Review automations using PowerShell + Invoke‑WebRequest and apply best practices for consuming web content.