Microsoft December 2025 Patch Tuesday Fixes 56 Vulnerabilities Fixed and 3 Zero-days

CVE-2025-62554Microsoft Office Remote Code Execution VulnerabilityCriticalRemote Code ExecutionAccess of resource using incompatible type (‘type confusion’) in Microsoft Office allows an unauthorized attacker to execute code locally.CVE-2025-62557Microsoft Office Remote Code Execution VulnerabilityCriticalRemote Code ExecutionUse after free in Microsoft Office allows an unauthorized attacker to execute code locally.CVE-2025-62454Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportantElevation of PrivilegeHeap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.CVE-2025-62456Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportantRemote Code ExecutionHeap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.CVE-2025-62457Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportantElevation of PrivilegeOut-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.CVE-2025-62458Win32k Elevation of Privilege VulnerabilityImportantElevation of PrivilegeHeap-based buffer overflow in Windows Win32K – GRFX allows an authorized attacker to elevate privileges locally.CVE-2025-62466Windows Client-Side Caching Elevation of Privilege VulnerabilityImportantElevation of PrivilegeNull pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.CVE-2025-62469Microsoft Brokering File System Elevation of Privilege VulnerabilityImportantElevation of PrivilegeConcurrent execution using shared resource with improper synchronization (‘race condition’) in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.CVE-2025-62470Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportantElevation of PrivilegeHeap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.CVE-2025-62472Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportantElevation of PrivilegeUse of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.CVE-2025-62473Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportantInformation DisclosureBuffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.CVE-2025-62549Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportantRemote Code ExecutionUntrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.CVE-2025-62561Microsoft Excel Remote Code Execution VulnerabilityImportantRemote Code ExecutionUntrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.CVE-2025-62562Microsoft Outlook Remote Code Execution VulnerabilityImportantRemote Code ExecutionUse after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.CVE-2025-62563Microsoft Excel Remote Code Execution VulnerabilityImportantRemote Code ExecutionUse after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.CVE-2025-62564Microsoft Excel Remote Code Execution VulnerabilityImportantRemote Code ExecutionOut-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.CVE-2025-62571Windows Installer Elevation of Privilege VulnerabilityImportantElevation of PrivilegeImproper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.CVE-2025-62572Application Information Service Elevation of Privilege VulnerabilityImportantElevation of PrivilegeOut-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.CVE-2025-62573DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportantElevation of PrivilegeUse after free in Windows DirectX allows an authorized attacker to elevate privileges locally.CVE-2025-64658Windows File Explorer Elevation of Privilege VulnerabilityImportantElevation of PrivilegeConcurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Shell allows an authorized attacker to elevate privileges locally.CVE-2025-64667Microsoft Exchange Server Spoofing VulnerabilityImportantSpoofingUser interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.CVE-2025-64666Microsoft Exchange Server Elevation of Privilege VulnerabilityImportantElevation of PrivilegeImproper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.CVE-2025-64670Windows DirectX Information Disclosure VulnerabilityImportantInformation DisclosureExposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network.CVE-2025-64673Windows Storage VSP Driver Elevation of Privilege VulnerabilityImportantElevation of PrivilegeImproper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.CVE-2025-59516Windows Storage VSP Driver Elevation of Privilege VulnerabilityImportantElevation of PrivilegeMissing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.CVE-2025-59517Windows Storage VSP Driver Elevation of Privilege VulnerabilityImportantElevation of PrivilegeImproper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.CVE-2025-62455Microsoft Message Queuing (MSMQ) Elevation of Privilege VulnerabilityImportantElevation of PrivilegeImproper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.CVE-2025-62461Windows Projected File System Elevation of Privilege VulnerabilityImportantElevation of PrivilegeBuffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.CVE-2025-62463DirectX Graphics Kernel Denial of Service VulnerabilityImportantDenial of ServiceNull pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.CVE-2025-62462Windows Projected File System Elevation of Privilege VulnerabilityImportantElevation of PrivilegeBuffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.CVE-2025-62464Windows Projected File System Elevation of Privilege VulnerabilityImportantElevation of PrivilegeBuffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.CVE-2025-62465DirectX Graphics Kernel Denial of Service VulnerabilityImportantDenial of ServiceNull pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.CVE-2025-55233Windows Projected File System Elevation of Privilege VulnerabilityImportantElevation of PrivilegeOut-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.CVE-2025-62467Windows Projected File System Elevation of Privilege VulnerabilityImportantElevation of PrivilegeInteger overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.CVE-2025-62468Windows Defender Firewall Service Information Disclosure VulnerabilityImportantInformation DisclosureOut-of-bounds read in Windows Defender Firewall Service allows an authorized attacker to disclose information locally.CVE-2025-62474Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportantElevation of PrivilegeImproper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.CVE-2025-62550Azure Monitor Agent Remote Code Execution VulnerabilityImportantRemote Code ExecutionOut-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.CVE-2025-62552Microsoft Access Remote Code Execution VulnerabilityImportantRemote Code ExecutionRelative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally.CVE-2025-62553Microsoft Excel Remote Code Execution VulnerabilityImportantRemote Code ExecutionUse after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.CVE-2025-62555Microsoft Word Remote Code Execution VulnerabilityImportantRemote Code ExecutionUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.CVE-2025-62556Microsoft Excel Remote Code Execution VulnerabilityImportantRemote Code ExecutionUntrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.CVE-2025-62558Microsoft Word Remote Code Execution VulnerabilityImportantRemote Code ExecutionUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.CVE-2025-62559Microsoft Word Remote Code Execution VulnerabilityImportantRemote Code ExecutionUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.CVE-2025-62560Microsoft Excel Remote Code Execution VulnerabilityImportantRemote Code ExecutionUntrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.CVE-2025-62567Windows Hyper-V Denial of Service VulnerabilityImportantDenial of ServiceInteger underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network.CVE-2025-62569Microsoft Brokering File System Elevation of Privilege VulnerabilityImportantElevation of PrivilegeUse after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.CVE-2025-62570Windows Camera Frame Server Monitor Information Disclosure VulnerabilityImportantInformation DisclosureImproper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.CVE-2025-62565Windows File Explorer Elevation of Privilege VulnerabilityImportantElevation of PrivilegeUse after free in Windows Shell allows an authorized attacker to elevate privileges locally.CVE-2025-64661Windows Shell Elevation of Privilege VulnerabilityImportantElevation of PrivilegeConcurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Shell allows an authorized attacker to elevate privileges locally.CVE-2025-64671GitHub Copilot for Jetbrains Remote Code Execution VulnerabilityImportantRemote Code ExecutionImproper neutralization of special elements used in a command (‘command injection’) in Copilot allows an unauthorized attacker to execute code locally.CVE-2025-64672Microsoft SharePoint Server Spoofing VulnerabilityImportantSpoofingImproper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.CVE-2025-64678Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportantRemote Code ExecutionHeap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.CVE-2025-64679Windows DWM Core Library Elevation of Privilege VulnerabilityImportantElevation of PrivilegeHeap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.CVE-2025-64680Windows DWM Core Library Elevation of Privilege VulnerabilityImportantElevation of PrivilegeHeap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.CVE-2025-54100PowerShell Remote Code Execution VulnerabilityImportantRemote Code ExecutionImproper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.CVE-2025-62221Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportantElevation of PrivilegeUse after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.