Microsoft Releases December 2025 Security Updates
Scheduled updates for Microsoft products address 57 vulnerabilities, of which 1 is under exploitation and 2 have been reported as publicly disclosed
Summary
Scheduled updates for Microsoft products address 57 vulnerabilities, of which 1 is under exploitation and 2 have been reported as publicly disclosed
Affected platforms
The following platforms are known to be affected:
The following platforms are also known to be affected:
Multiple other Microsoft platforms. Please see Microsoft's December 2025 Security Update guide for full details.
Threat details
Introduction
Microsoft has released security updates to address 57 vulnerabilities in Microsoft products. 3 vulnerabilities are highlighted below.
Microsoft has reported exploitation for CVE-2025-62221
NHS England National CSOC assesses future exploitation as likely.
Vulnerability details
Exploited vulnerabilities:
- CVE-2025-62221 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability - CVSSv3 score: 7.8
Publicly disclosed vulnerabilities:
- CVE-2025-64671 - GitHub Copilot for Jetbrains Remote Code Execution Vulnerability - CVSSv3 score: 8.4
- CVE-2025-54100 - PowerShell Remote Code Execution Vulnerability - CVSScv3 score: 7.8
Remediation advice
Affected organisations are encouraged to review Microsoft's December 2025 Security Updates and apply the relevant updates as soon as possible.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 10 December 2025 1:39 pm