Microsoft December 2025 Patch Tuesday – 56 Vulnerabilities Fixed Including 3 Zero-days

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Microsoft released its final Patch Tuesday updates of 2025 on December 9, addressing 56 security vulnerabilities across Windows, Office, Exchange Server, and other components.

This patch includes three zero-day flaws: two publicly disclosed remote code execution issues and one actively exploited elevation of privilege vulnerability.​

The updates tackle two critical remote code execution vulnerabilities in Microsoft Office, both rated critical due to their potential for arbitrary code execution via malicious documents.

Dozens of important-rated issues dominate, primarily elevation of privilege flaws in Windows kernel drivers like Cloud Files Mini Filter Driver and Win32k, alongside remote code execution bugs in RRAS and ReFS. Exploitation likelihood varies, with several marked as “More Likely” or “Detected,” urging immediate patching amid holiday slowdowns.​

Vulnerability Type Count
Remote Code Execution 19
Denial of Service 3
Elevation of Privilege 28
Information Disclosure 4
Spoofing 2
Total 56

No moderate or low-severity flaws appear highlighted, but the focus remains on preventing local privilege escalation and remote attacks. Affected products span Windows 10/11/Server, Office apps (Excel, Word, Outlook, Access), Hyper-V, Azure Monitor Agent, PowerShell, and third-party tools like GitHub Copilot for JetBrains.​

Zero-Day Vulnerabilities

Three zero-days stand out. CVE-2025-64671 in GitHub Copilot for JetBrains enables command injection for local RCE; it is publicly known, but exploitation is less likely. CVE-2025-54100 similarly affects PowerShell via command injection.

CVE-2025-62221, a use-after-free in Windows Cloud Files Mini Filter Driver, shows detected exploitation, marking it actively used in attacks.​

CVE ID Component Type Severity Exploitation Status Description Summary
CVE-2025-62221 Windows Cloud Files Mini Filter Driver Elevation of Privilege Important Detected Use-after-free allows local privilege escalation. Yes (exploited in the wild) ​
CVE-2025-64671 GitHub Copilot for JetBrains Remote Code Execution Important Less Likely Use after free allows local privilege escalation. Yes (exploited in the wild) ​
CVE-2025-54100 PowerShell Remote Code Execution Important Less Likely Command injection enables local code execution. Publicly known.

Organizations should prioritize testing and deploying these updates via Windows Update or the Microsoft Update Catalog, especially for zero-days and “More Likely” exploits. Extended Security Updates remain critical for Windows 10 users post-EOL.

Vulnerabilities Table

CVE Title Severity Impact Description
CVE-2025-62554 Microsoft Office Remote Code Execution Vulnerability Critical Remote Code Execution Access of resource using incompatible type (‘type confusion’) in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62557 Microsoft Office Remote Code Execution Vulnerability Critical Remote Code Execution Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62454 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important Elevation of Privilege Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62456 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important Remote Code Execution Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.
CVE-2025-62457 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important Elevation of Privilege Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62458 Win32k Elevation of Privilege Vulnerability Important Elevation of Privilege Heap-based buffer overflow in Windows Win32K – GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-62466 Windows Client-Side Caching Elevation of Privilege Vulnerability Important Elevation of Privilege Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
CVE-2025-62469 Microsoft Brokering File System Elevation of Privilege Vulnerability Important Elevation of Privilege Concurrent execution using shared resource with improper synchronization (‘race condition’) in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62470 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important Elevation of Privilege Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62472 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important Elevation of Privilege Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-62473 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important Information Disclosure Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-62549 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Remote Code Execution Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-62561 Microsoft Excel Remote Code Execution Vulnerability Important Remote Code Execution Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62562 Microsoft Outlook Remote Code Execution Vulnerability Important Remote Code Execution Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.
CVE-2025-62563 Microsoft Excel Remote Code Execution Vulnerability Important Remote Code Execution Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62564 Microsoft Excel Remote Code Execution Vulnerability Important Remote Code Execution Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62571 Windows Installer Elevation of Privilege Vulnerability Important Elevation of Privilege Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2025-62572 Application Information Service Elevation of Privilege Vulnerability Important Elevation of Privilege Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.
CVE-2025-62573 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important Elevation of Privilege Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2025-64658 Windows File Explorer Elevation of Privilege Vulnerability Important Elevation of Privilege Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2025-64667 Microsoft Exchange Server Spoofing Vulnerability Important Spoofing User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-64666 Microsoft Exchange Server Elevation of Privilege Vulnerability Important Elevation of Privilege Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-64670 Windows DirectX Information Disclosure Vulnerability Important Information Disclosure Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network.
CVE-2025-64673 Windows Storage VSP Driver Elevation of Privilege Vulnerability Important Elevation of Privilege Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-59516 Windows Storage VSP Driver Elevation of Privilege Vulnerability Important Elevation of Privilege Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-59517 Windows Storage VSP Driver Elevation of Privilege Vulnerability Important Elevation of Privilege Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62455 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important Elevation of Privilege Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
CVE-2025-62461 Windows Projected File System Elevation of Privilege Vulnerability Important Elevation of Privilege Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62463 DirectX Graphics Kernel Denial of Service Vulnerability Important Denial of Service Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.
CVE-2025-62462 Windows Projected File System Elevation of Privilege Vulnerability Important Elevation of Privilege Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62464 Windows Projected File System Elevation of Privilege Vulnerability Important Elevation of Privilege Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62465 DirectX Graphics Kernel Denial of Service Vulnerability Important Denial of Service Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.
CVE-2025-55233 Windows Projected File System Elevation of Privilege Vulnerability Important Elevation of Privilege Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62467 Windows Projected File System Elevation of Privilege Vulnerability Important Elevation of Privilege Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62468 Windows Defender Firewall Service Information Disclosure Vulnerability Important Information Disclosure Out-of-bounds read in Windows Defender Firewall Service allows an authorized attacker to disclose information locally.
CVE-2025-62474 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important Elevation of Privilege Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-62550 Azure Monitor Agent Remote Code Execution Vulnerability Important Remote Code Execution Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.
CVE-2025-62552 Microsoft Access Remote Code Execution Vulnerability Important Remote Code Execution Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally.
CVE-2025-62553 Microsoft Excel Remote Code Execution Vulnerability Important Remote Code Execution Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62555 Microsoft Word Remote Code Execution Vulnerability Important Remote Code Execution Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-62556 Microsoft Excel Remote Code Execution Vulnerability Important Remote Code Execution Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62558 Microsoft Word Remote Code Execution Vulnerability Important Remote Code Execution Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-62559 Microsoft Word Remote Code Execution Vulnerability Important Remote Code Execution Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-62560 Microsoft Excel Remote Code Execution Vulnerability Important Remote Code Execution Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62567 Windows Hyper-V Denial of Service Vulnerability Important Denial of Service Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network.
CVE-2025-62569 Microsoft Brokering File System Elevation of Privilege Vulnerability Important Elevation of Privilege Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62570 Windows Camera Frame Server Monitor Information Disclosure Vulnerability Important Information Disclosure Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.
CVE-2025-62565 Windows File Explorer Elevation of Privilege Vulnerability Important Elevation of Privilege Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2025-64661 Windows Shell Elevation of Privilege Vulnerability Important Elevation of Privilege Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2025-64671 GitHub Copilot for Jetbrains Remote Code Execution Vulnerability Important Remote Code Execution Improper neutralization of special elements used in a command (‘command injection’) in Copilot allows an unauthorized attacker to execute code locally.
CVE-2025-64672 Microsoft SharePoint Server Spoofing Vulnerability Important Spoofing Improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2025-64678 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Remote Code Execution Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-64679 Windows DWM Core Library Elevation of Privilege Vulnerability Important Elevation of Privilege Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-64680 Windows DWM Core Library Elevation of Privilege Vulnerability Important Elevation of Privilege Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-54100 PowerShell Remote Code Execution Vulnerability Important Remote Code Execution Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.
CVE-2025-62221 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important Elevation of Privilege Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Monitor CISA’s Known Exploited Vulnerabilities catalog for additions, and segment networks to limit lateral movement from EoP flaws. With year-end holidays approaching, automate patching to mitigate risks from the 1,100+ CVEs patched in 2025.​

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.