ai-security EN

Microsoft Patch Tuesday December 2025, (Tue, Dec 9th)

Updated Source: isc.sans.edu Feed: isc.sans.edu

This release addresses 57 vulnerabilities. 3 of these vulnerabilities are rated critical. One vulnerability was already exploited, and two were publicly disclosed before the patch was released.

CVE-2025-62221: This privilege escalation vulnerability in the Microsoft Cloud Files Mini Filters driver is already being exploited.

CVE-2025-54100: A PowerShell script using Invoke-WebRequest may execute scripts that are included in the response. This is what Invoke-WebRequest is supposed to do. The patch adds a warning suggesting adding the -UseBasicParsing parameter to avoid executing scripts.

CVE-2025-64671: The GitHub Copilot plugin for JetBrains may lead to remote code execution. This is overall an issue with many AI code assistance as they have far-reaching access to the IDE.

The critical vulnerabilities are remote code execution vulnerabilities in Office and Outlook.

Description
CVEDisclosedExploitedExploitability (old versions)current versionSeverityCVSS Base (AVG)CVSS Temporal (AVG)
Application Information Service Elevation of Privilege Vulnerability
CVE-2025-62572NoNo--Important7.86.8
Azure Monitor Agent Remote Code Execution Vulnerability
CVE-2025-62550NoNo--Important8.87.7
DirectX Graphics Kernel Denial of Service Vulnerability
CVE-2025-62463NoNo--Important6.55.7
CVE-2025-62465NoNo--Important6.55.7
DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2025-62573NoNo--Important7.06.1
GitHub Copilot for Jetbrains Remote Code Execution Vulnerability
CVE-2025-64671YesNo--Important8.47.3
Microsoft Access Remote Code Execution Vulnerability
CVE-2025-62552NoNo--Important7.86.8
Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-62469NoNo--Important7.06.1
CVE-2025-62569NoNo--Important7.06.1
Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability
CVE-2025-62223NoNo--Low4.33.8
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-62561NoNo--Important7.86.8
CVE-2025-62563NoNo--Important7.86.8
CVE-2025-62564NoNo--Important7.86.8
CVE-2025-62553NoNo--Important7.86.8
CVE-2025-62556NoNo--Important7.86.8
CVE-2025-62560NoNo--Important7.86.8
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2025-64666NoNo--Important7.56.5
Microsoft Exchange Server Spoofing Vulnerability
CVE-2025-64667NoNo--Important5.34.6
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2025-62455NoNo--Important7.86.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62554NoNo--Critical8.47.3
CVE-2025-62557NoNo--Critical8.47.3
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-62562NoNo--Critical7.86.8
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2025-64672NoNo--Important8.87.7
Microsoft Word Remote Code Execution Vulnerability
CVE-2025-62555NoNo--Important7.06.1
CVE-2025-62558NoNo--Important7.86.8
CVE-2025-62559NoNo--Important7.86.8
PowerShell Remote Code Execution Vulnerability
CVE-2025-54100YesNo--Important7.86.8
Win32k Elevation of Privilege Vulnerability
CVE-2025-62458NoNo--Important7.86.8
Windows Camera Frame Server Monitor Information Disclosure Vulnerability
CVE-2025-62570NoNo--Important7.16.2
Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2025-62466NoNo--Important7.86.8
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2025-62454NoNo--Important7.86.8
CVE-2025-62457NoNo--Important7.86.8
CVE-2025-62221NoYes--Important7.86.8
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-62470NoNo--Important7.86.8
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-64679NoNo--Important7.86.8
CVE-2025-64680NoNo--Important7.86.8
Windows Defender Firewall Service Information Disclosure Vulnerability
CVE-2025-62468NoNo--Important4.43.9
Windows DirectX Information Disclosure Vulnerability
CVE-2025-64670NoNo--Important6.55.7
Windows File Explorer Elevation of Privilege Vulnerability
CVE-2025-64658NoNo--Important7.56.5
CVE-2025-62565NoNo--Important7.36.4
Windows Hyper-V Denial of Service Vulnerability
CVE-2025-62567NoNo--Important5.34.6
Windows Installer Elevation of Privilege Vulnerability
CVE-2025-62571NoNo--Important7.86.8
Windows Projected File System Elevation of Privilege Vulnerability
CVE-2025-62461NoNo--Important7.86.8
CVE-2025-62462NoNo--Important7.86.8
CVE-2025-62464NoNo--Important7.86.8
CVE-2025-55233NoNo--Important7.86.8
CVE-2025-62467NoNo--Important7.86.8
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2025-62472NoNo--Important7.86.8
CVE-2025-62474NoNo--Important7.86.8
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVE-2025-62456NoNo--Important8.87.7
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-62473NoNo--Important6.55.7
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-62549NoNo--Important8.87.7
CVE-2025-64678NoNo--Important8.87.7
Windows Shell Elevation of Privilege Vulnerability
CVE-2025-64661NoNo--Important7.86.8
Windows Storage VSP Driver Elevation of Privilege Vulnerability
CVE-2025-64673NoNo--Important7.86.8
CVE-2025-59516NoNo--Important7.86.8
CVE-2025-59517NoNo--Important7.86.8

Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu

Twitter |