Microsoft December 2025 Patch Tuesday

Posted on By CWS

CVE-2025-62554Microsoft Workplace Distant Code Execution VulnerabilityCriticalRemote Code ExecutionAccess of useful resource utilizing incompatible kind (‘kind confusion’) in Microsoft Workplace permits an unauthorized attacker to execute code domestically.CVE-2025-62557Microsoft Workplace Distant Code Execution VulnerabilityCriticalRemote Code ExecutionUse after free in Microsoft Workplace permits an unauthorized attacker to execute code domestically.CVE-2025-62454Windows Cloud Information Mini Filter Driver Elevation of Privilege VulnerabilityImportantElevation of PrivilegeHeap-based buffer overflow in Home windows Cloud Information Mini Filter Driver permits a certified attacker to raise privileges domestically.CVE-2025-62456Windows Resilient File System (ReFS) Distant Code Execution VulnerabilityImportantRemote Code ExecutionHeap-based buffer overflow in Home windows Resilient File System (ReFS) permits a certified attacker to execute code over a community.CVE-2025-62457Windows Cloud Information Mini Filter Driver Elevation of Privilege VulnerabilityImportantElevation of PrivilegeOut-of-bounds learn in Home windows Cloud Information Mini Filter Driver permits a certified attacker to raise privileges domestically.CVE-2025-62458Win32k Elevation of Privilege VulnerabilityImportantElevation of PrivilegeHeap-based buffer overflow in Home windows Win32K – GRFX permits a certified attacker to raise privileges domestically.CVE-2025-62466Windows Consumer-Facet Caching Elevation of Privilege VulnerabilityImportantElevation of PrivilegeNull pointer dereference in Home windows Consumer-Facet Caching (CSC) Service permits a certified attacker to raise privileges domestically.CVE-2025-62469Microsoft Brokering File System Elevation of Privilege VulnerabilityImportantElevation of PrivilegeConcurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Microsoft Brokering File System permits a certified attacker to raise privileges domestically.CVE-2025-62470Windows Frequent Log File System Driver Elevation of Privilege VulnerabilityImportantElevation of PrivilegeHeap-based buffer overflow in Home windows Frequent Log File System Driver permits a certified attacker to raise privileges domestically.CVE-2025-62472Windows Distant Entry Connection Supervisor Elevation of Privilege VulnerabilityImportantElevation of PrivilegeUse of uninitialized useful resource in Home windows Distant Entry Connection Supervisor permits a certified attacker to raise privileges domestically.CVE-2025-62473Windows Routing and Distant Entry Service (RRAS) Data Disclosure VulnerabilityImportantInformation DisclosureBuffer over-read in Home windows Routing and Distant Entry Service (RRAS) permits an unauthorized attacker to reveal info over a community.CVE-2025-62549Windows Routing and Distant Entry Service (RRAS) Distant Code Execution VulnerabilityImportantRemote Code ExecutionUntrusted pointer dereference in Home windows Routing and Distant Entry Service (RRAS) permits an unauthorized attacker to execute code over a community.CVE-2025-62561Microsoft Excel Distant Code Execution VulnerabilityImportantRemote Code ExecutionUntrusted pointer dereference in Microsoft Workplace Excel permits an unauthorized attacker to execute code domestically.CVE-2025-62562Microsoft Outlook Distant Code Execution VulnerabilityImportantRemote Code ExecutionUse after free in Microsoft Workplace Outlook permits an unauthorized attacker to execute code domestically.CVE-2025-62563Microsoft Excel Distant Code Execution VulnerabilityImportantRemote Code ExecutionUse after free in Microsoft Workplace Excel permits an unauthorized attacker to execute code domestically.CVE-2025-62564Microsoft Excel Distant Code Execution VulnerabilityImportantRemote Code ExecutionOut-of-bounds learn in Microsoft Workplace Excel permits an unauthorized attacker to execute code domestically.CVE-2025-62571Windows Installer Elevation of Privilege VulnerabilityImportantElevation of PrivilegeImproper enter validation in Home windows Installer permits a certified attacker to raise privileges domestically.CVE-2025-62572Application Data Service Elevation of Privilege VulnerabilityImportantElevation of PrivilegeOut-of-bounds learn in Software Data Companies permits a certified attacker to raise privileges domestically.CVE-2025-62573DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportantElevation of PrivilegeUse after free in Home windows DirectX permits a certified attacker to raise privileges domestically.CVE-2025-64658Windows File Explorer Elevation of Privilege VulnerabilityImportantElevation of PrivilegeConcurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Home windows Shell permits a certified attacker to raise privileges domestically.CVE-2025-64667Microsoft Alternate Server Spoofing VulnerabilityImportantSpoofingUser interface (ui) misrepresentation of crucial info in Microsoft Alternate Server permits an unauthorized attacker to carry out spoofing over a community.CVE-2025-64666Microsoft Alternate Server Elevation of Privilege VulnerabilityImportantElevation of PrivilegeImproper enter validation in Microsoft Alternate Server permits a certified attacker to raise privileges over a community.CVE-2025-64670Windows DirectX Data Disclosure VulnerabilityImportantInformation DisclosureExposure of delicate info to an unauthorized actor in Microsoft Graphics Element permits a certified attacker to reveal info over a community.CVE-2025-64673Windows Storage VSP Driver Elevation of Privilege VulnerabilityImportantElevation of PrivilegeImproper entry management in Storvsp.sys Driver permits a certified attacker to raise privileges domestically.CVE-2025-59516Windows Storage VSP Driver Elevation of Privilege VulnerabilityImportantElevation of PrivilegeMissing authentication for crucial operate in Home windows Storage VSP Driver permits a certified attacker to raise privileges domestically.CVE-2025-59517Windows Storage VSP Driver Elevation of Privilege VulnerabilityImportantElevation of PrivilegeImproper entry management in Home windows Storage VSP Driver permits a certified attacker to raise privileges domestically.CVE-2025-62455Microsoft Message Queuing (MSMQ) Elevation of Privilege VulnerabilityImportantElevation of PrivilegeImproper enter validation in Home windows Message Queuing permits a certified attacker to raise privileges domestically.CVE-2025-62461Windows Projected File System Elevation of Privilege VulnerabilityImportantElevation of PrivilegeBuffer over-read in Home windows Projected File System Filter Driver permits a certified attacker to raise privileges domestically.CVE-2025-62463DirectX Graphics Kernel Denial of Service VulnerabilityImportantDenial of ServiceNull pointer dereference in Home windows DirectX permits a certified attacker to disclaim service domestically.CVE-2025-62462Windows Projected File System Elevation of Privilege VulnerabilityImportantElevation of PrivilegeBuffer over-read in Home windows Projected File System permits a certified attacker to raise privileges domestically.CVE-2025-62464Windows Projected File System Elevation of Privilege VulnerabilityImportantElevation of PrivilegeBuffer over-read in Home windows Projected File System permits a certified attacker to raise privileges domestically.CVE-2025-62465DirectX Graphics Kernel Denial of Service VulnerabilityImportantDenial of ServiceNull pointer dereference in Home windows DirectX permits a certified attacker to disclaim service domestically.CVE-2025-55233Windows Projected File System Elevation of Privilege VulnerabilityImportantElevation of PrivilegeOut-of-bounds learn in Home windows Projected File System permits a certified attacker to raise privileges domestically.CVE-2025-62467Windows Projected File System Elevation of Privilege VulnerabilityImportantElevation of PrivilegeInteger overflow or wraparound in Home windows Projected File System permits a certified attacker to raise privileges domestically.CVE-2025-62468Windows Defender Firewall Service Data Disclosure VulnerabilityImportantInformation DisclosureOut-of-bounds learn in Home windows Defender Firewall Service permits a certified attacker to reveal info domestically.CVE-2025-62474Windows Distant Entry Connection Supervisor Elevation of Privilege VulnerabilityImportantElevation of PrivilegeImproper entry management in Home windows Distant Entry Connection Supervisor permits a certified attacker to raise privileges domestically.CVE-2025-62550Azure Monitor Agent Distant Code Execution VulnerabilityImportantRemote Code ExecutionOut-of-bounds write in Azure Monitor Agent permits a certified attacker to execute code over a community.CVE-2025-62552Microsoft Entry Distant Code Execution VulnerabilityImportantRemote Code ExecutionRelative path traversal in Microsoft Workplace Entry permits an unauthorized attacker to execute code domestically.CVE-2025-62553Microsoft Excel Distant Code Execution VulnerabilityImportantRemote Code ExecutionUse after free in Microsoft Workplace Excel permits an unauthorized attacker to execute code domestically.CVE-2025-62555Microsoft Phrase Distant Code Execution VulnerabilityImportantRemote Code ExecutionUse after free in Microsoft Workplace Phrase permits an unauthorized attacker to execute code domestically.CVE-2025-62556Microsoft Excel Distant Code Execution VulnerabilityImportantRemote Code ExecutionUntrusted pointer dereference in Microsoft Workplace Excel permits an unauthorized attacker to execute code domestically.CVE-2025-62558Microsoft Phrase Distant Code Execution VulnerabilityImportantRemote Code ExecutionUse after free in Microsoft Workplace Phrase permits an unauthorized attacker to execute code domestically.CVE-2025-62559Microsoft Phrase Distant Code Execution VulnerabilityImportantRemote Code ExecutionUse after free in Microsoft Workplace Phrase permits an unauthorized attacker to execute code domestically.CVE-2025-62560Microsoft Excel Distant Code Execution VulnerabilityImportantRemote Code ExecutionUntrusted pointer dereference in Microsoft Workplace Excel permits an unauthorized attacker to execute code domestically.CVE-2025-62567Windows Hyper-V Denial of Service VulnerabilityImportantDenial of ServiceInteger underflow (wrap or wraparound) in Home windows Hyper-V permits a certified attacker to disclaim service over a community.CVE-2025-62569Microsoft Brokering File System Elevation of Privilege VulnerabilityImportantElevation of PrivilegeUse after free in Microsoft Brokering File System permits a certified attacker to raise privileges domestically.CVE-2025-62570Windows Digicam Body Server Monitor Data Disclosure VulnerabilityImportantInformation DisclosureImproper entry management in Home windows Digicam Body Server Monitor permits a certified attacker to reveal info domestically.CVE-2025-62565Windows File Explorer Elevation of Privilege VulnerabilityImportantElevation of PrivilegeUse after free in Home windows Shell permits a certified attacker to raise privileges domestically.CVE-2025-64661Windows Shell Elevation of Privilege VulnerabilityImportantElevation of PrivilegeConcurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Home windows Shell permits a certified attacker to raise privileges domestically.CVE-2025-64671GitHub Copilot for Jetbrains Distant Code Execution VulnerabilityImportantRemote Code ExecutionImproper neutralization of particular parts utilized in a command (‘command injection’) in Copilot permits an unauthorized attacker to execute code domestically.CVE-2025-64672Microsoft SharePoint Server Spoofing VulnerabilityImportantSpoofingImproper neutralization of enter throughout net web page era (‘cross-site scripting’) in Microsoft Workplace SharePoint permits a certified attacker to carry out spoofing over a community.CVE-2025-64678Windows Routing and Distant Entry Service (RRAS) Distant Code Execution VulnerabilityImportantRemote Code ExecutionHeap-based buffer overflow in Home windows Routing and Distant Entry Service (RRAS) permits an unauthorized attacker to execute code over a community.CVE-2025-64679Windows DWM Core Library Elevation of Privilege VulnerabilityImportantElevation of PrivilegeHeap-based buffer overflow in Home windows DWM Core Library permits a certified attacker to raise privileges domestically.CVE-2025-64680Windows DWM Core Library Elevation of Privilege VulnerabilityImportantElevation of PrivilegeHeap-based buffer overflow in Home windows DWM Core Library permits a certified attacker to raise privileges domestically.CVE-2025-54100PowerShell Distant Code Execution VulnerabilityImportantRemote Code ExecutionImproper neutralization of particular parts utilized in a command (‘command injection’) in Home windows PowerShell permits an unauthorized attacker to execute code domestically.CVE-2025-62221Windows Cloud Information Mini Filter Driver Elevation of Privilege VulnerabilityImportantElevation of PrivilegeUse after free in Home windows Cloud Information Mini Filter Driver permits a certified attacker to raise privileges domestically.

Cyber Security News Tags:, , ,

Related Posts

Women’s Dating App Tea Exposes Selfie Images of 13,000 Users Cyber Security News
Aembit Expands Workload IAM to Microsoft Ecosystem, Enhancing Hybrid Security for Non-Human Identities Cyber Security News
Russian Hackers Attacking Government Entity Using Stealthy Living-Off-the-Land Tactics Cyber Security News
How to Detect Hidden Redirects and Payloads Cyber Security News
F5 Fixes HTTP/2 Vulnerability Enabling Massive DoS Attacks Cyber Security News
Scaling SOC Team Expertise With AI-powered Insights for Faster, Easier Understanding of Threats Cyber Security News