Today is the monthly Windows Update day, and Microsoft Office has a critical vulnerability
Windows Update, the monthly update that delivers security updates and bug fixes for Windows, has been released. The newly released security updates, KB5072033 and KB5071417 , include patches for 57 flaws, including the Windows Cloud Files Mini Filter driver privilege escalation zero-day vulnerability CVE-2025-62221 . Installing these updates will change the build number of Windows 11 25H2 (KB5072033) to 26200.7462 (26100.7462 for 24H2) and 23H2 (KB5068865) to 226x1.6050.
December 2025 security updates (monthly)
https://www.microsoft.com/en-us/msrc/blog/2025/12/202512-security-update
The December 2025 Microsoft Monthly Security Updates have been released. Updates are automatically installed by default. For organizations that manage updates, we have published an overview on our blog. Please refer to this and deploy updates as soon as possible. https://t.co/Gy7uBjiSGw #security #updates … pic.twitter.com/pIYAdLwVig
— Microsoft Security Team (@JSECTEAM) December 9, 2025
The list of security updates released is as follows:
| Product Family | maximum severity | The biggest impact | Related knowledge base articles or support web pages |
|---|---|---|---|
| Windows 11 v25H2, v24H2, v23H2 | important | Remote code execution possible | v25H2, v24H2 5072033 v25H2, v24H2 Hotpatch 5072014 v23H2 5071417 |
| Windows Server 2025 (including Server Core installation) | important | Remote code execution possible | 5072033 HotPatch 5072014 |
| Windows Server 2022, 23H2 (including Server Core installation) | important | Remote code execution possible | Windows Server 2022, 5071547 Windows Server 2022 Hotpatch 5071413 Windows Server 23H2, 5071542 |
| Windows Server 2019, 2016 (including Server Core installation) | important | Remote code execution possible | Windows Server 2019, 5071544 Windows Server 2016, 5071543 |
| Microsoft Office | emergency | Remote code execution possible | https://learn.microsoft.com/officeupdates |
| Microsoft SharePoint | important | Impersonation | https://learn.microsoft.com/officeupdates/sharepoint-updates |
| Microsoft Exchange Server | important | Privilege Escalation | https://learn.microsoft.com/exchange Released: December 2025 Exchange Server Security Updates |
| Microsoft Azure | important | Remote code execution possible | https://learn.microsoft.com/azure |
Among the vulnerabilities fixed in this month's security update are the following three zero-day vulnerabilities, of which Microsoft reports that CVE-2025-62221 is 'actively being exploited.'
CVE-2025-62221 : Privilege Escalation Vulnerability in Windows Cloud Files Mini Filter Driver
CVE-2025-54100 : PowerShell remote code execution vulnerability
CVE-2025-64671 : Remote code execution vulnerability in GitHub Copilot for Jetbrains
The other 54 vulnerabilities are as follows:
| product | CVE ID | CVE Title | severity |
|---|---|---|---|
| Application Information Services | CVE-2025-62572 | Elevation of privilege vulnerability | important |
| Azure Monitor Agent | CVE-2025-62550 | Remote Code Execution Vulnerability | important |
| Copilot | CVE-2025-64671 | Remote code execution vulnerability in GitHub Copilot for JetBrains | important |
| Microsoft Brokering File System | CVE-2025-62569 | Elevation of privilege vulnerability | important |
| Microsoft Brokering File System | CVE-2025-62469 | Elevation of privilege vulnerability | important |
| Microsoft Edge (Chromium-based) | CVE-2025-13634 | Improper implementation of download | unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13721 | Race Conditions in Chromium V8 | unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13630 | Chromium V8 type confusion | unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13631 | Remote Incorrect Implementation in Google Updater | unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13632 | Remote Incorrect Implementation in DevTools | unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13633 | Use-After-Free in Digital Credentials | unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13638 | Media Stream Use-After-Free | unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13639 | Incorrect implementation of WebRTC | unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13640 | Poor Password Implementation | unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13637 | Improper implementation of download | unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13720 | Loader invalid cast | unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13635 | Improper implementation of download | unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13636 | Incorrect implementation in split view | unknown |
| Microsoft Edge for iOS | CVE-2025-62223 | Spoofing vulnerability in Microsoft Edge (iOS version) | low |
| Microsoft Exchange Server | CVE-2025-64666 | Elevation of privilege vulnerability | important |
| Microsoft Exchange Server | CVE-2025-64667 | Spoofing Vulnerabilities | important |
| Microsoft Graphics Components | CVE-2025-64670 | Information disclosure vulnerability in Windows DirectX | important |
| Microsoft Office | CVE-2025-62554 | Remote Code Execution Vulnerability | emergency |
| Microsoft Office | CVE-2025-62557 | Remote Code Execution Vulnerability | emergency |
| Microsoft Office Access | CVE-2025-62552 | Remote Code Execution Vulnerability | important |
| Microsoft Office Excel | CVE-2025-62560 | Remote Code Execution Vulnerability | important |
| Microsoft Office Excel | CVE-2025-62563 | Remote Code Execution Vulnerability | important |
| Microsoft Office Excel | CVE-2025-62561 | Remote Code Execution Vulnerability | important |
| Microsoft Office Excel | CVE-2025-62564 | Remote Code Execution Vulnerability | important |
| Microsoft Office Excel | CVE-2025-62553 | Remote Code Execution Vulnerability | important |
| Microsoft Office Excel | CVE-2025-62556 | Remote Code Execution Vulnerability | important |
| Microsoft Office Outlook | CVE-2025-62562 | Remote Code Execution Vulnerability | emergency |
| Microsoft Office SharePoint | CVE-2025-64672 | Spoofing Vulnerabilities | important |
| Microsoft Office Word | CVE-2025-62558 | Remote Code Execution Vulnerability | important |
| Microsoft Office Word | CVE-2025-62559 | Remote Code Execution Vulnerability | important |
| Microsoft Office Word | CVE-2025-62555 | Remote Code Execution Vulnerability | important |
| Storvsp.sys Driver | CVE-2025-64673 | Elevation of privilege vulnerability in Windows Storage VSP driver | important |
| Windows Camera Frame Server Monitor | CVE-2025-62570 | Information disclosure vulnerability | important |
| Windows Client-Side Caching (CSC) Service | CVE-2025-62466 | Elevation of privilege vulnerability | important |
| Windows Cloud Files Mini Filter Driver | CVE-2025-62457 | Elevation of privilege vulnerability | important |
| Windows Cloud Files Mini Filter Driver | CVE-2025-62454 | Elevation of privilege vulnerability | important |
| Windows Cloud Files Mini Filter Driver | CVE-2025-62221 | Elevation of privilege vulnerability | important |
| Windows Common Log File System Driver | CVE-2025-62470 | Elevation of privilege vulnerability | important |
| Windows Defender Firewall Service | CVE-2025-62468 | Information disclosure vulnerability | important |
| Windows DirectX | CVE-2025-62463 | Denial of service vulnerability in DirectX graphics kernel | important |
| Windows DirectX | CVE-2025-62465 | Denial of service vulnerability in DirectX graphics kernel | important |
| Windows DirectX | CVE-2025-62573 | Elevation of privilege vulnerability in DirectX graphics kernel | important |
| Windows DWM Core Library | CVE-2025-64679 | Elevation of privilege vulnerability | important |
| Windows DWM Core Library | CVE-2025-64680 | Elevation of privilege vulnerability | important |
| Windows Hyper-V | CVE-2025-62567 | Denial of service vulnerability | important |
| Windows Installer | CVE-2025-62571 | Elevation of privilege vulnerability | important |
| Windows Message Queuing | CVE-2025-62455 | Elevation of privilege vulnerability | important |
| Windows PowerShell | CVE-2025-54100 | Remote Code Execution Vulnerability | important |
| Windows Projected File System | CVE-2025-62464 | Elevation of privilege vulnerability | important |
| Windows Projected File System | CVE-2025-55233 | Elevation of privilege vulnerability | important |
| Windows Projected File System | CVE-2025-62462 | Elevation of privilege vulnerability | important |
| Windows Projected File System | CVE-2025-62467 | Elevation of privilege vulnerability | important |
| Windows Projected File System Filter Driver | CVE-2025-62461 | Elevation of privilege vulnerability | important |
| Windows Remote Access Connection Manager | CVE-2025-62474 | Elevation of privilege vulnerability | important |
| Windows Remote Access Connection Manager | CVE-2025-62472 | Elevation of privilege vulnerability | important |
| Windows Resilient File System (ReFS) | CVE-2025-62456 | Remote Code Execution Vulnerability | important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-62549 | Remote Code Execution Vulnerability | important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-62473 | Information disclosure vulnerability | important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-64678 | Remote Code Execution Vulnerability | important |
| Windows Shell | CVE-2025-62565 | Elevation of privilege vulnerability in Windows File Explorer | important |
| Windows Shell | CVE-2025-64661 | Elevation of privilege vulnerability | important |
| Windows Shell | CVE-2025-64658 | Elevation of privilege vulnerability in Windows File Explorer | important |
| Windows Storage VSP Driver | CVE-2025-59517 | Elevation of privilege vulnerability | important |
| Windows Storage VSP Driver | CVE-2025-59516 | Elevation of privilege vulnerability | important |
| Windows Win32K - GRFX | CVE-2025-62458 | Elevation of privilege vulnerability | important |
The contents of KB5072033 and KB5071417 other than the security updates are as follows:
- In File Explorer, dialogs and progress bars for operations such as copy, move, and delete now support dark mode.
The File Explorer context menu has been simplified, consolidating common actions like share, copy, and move into a single menu.
- The 'Virtual Workspaces' feature has been added to 'System' > 'Advanced Settings' in Settings, allowing you to manage virtual environments such as Hyper-V and Windows Sandbox.
- If you have Windows Spotlight set as your desktop background, you can now view background details and switch to the next background from the context menu.
The Full Screen Experience (FSE) for handheld games is now available on more devices, providing a console-like interface.
- When using a pen that supports haptic feedback, you can now get a tactile response through vibration when operating windows, etc.
- Improved backlight performance on supported keyboards, improving visibility in low light environments.
- A mobile device management page has been added to the 'Bluetooth and Devices' settings.
- The keyboard character repeat settings and cursor blink rate settings that were previously in the Control Panel have been moved to 'Accessibility' in the Settings app.
- Updated animation when hovering over app icons on the taskbar.
- Added the ability to share open app windows with Copilot directly from the taskbar and have conversations about the contents.
- You can now select a default dashboard in the widget board, and the notification count is now displayed in the navigation bar.
- The Windows Shared Drag Tray now supports sharing multiple files.
- On high-resolution monitors, the stuttering that occurred when the app was querying supported modes has been fixed.
The Quick Machine Recovery (QMR) feature now automatically performs a one-time scan and repair on enabled PCs.
Additionally, KB5071546 has been released as an extended security update for Windows 10. After applying this update, the build number of Windows 10 will be 19045.6691, and that of Windows 10 Enterprise LTSC 2021 will be 19044.6691. Note that new features will no longer be added to Windows 10, so this update is limited to security fixes and bug fixes that occurred in previous updates.
KB5071546 addresses CVE-2025-54100 , a zero-day remote code execution vulnerability in PowerShell. This vulnerability allows malicious scripts embedded in a web page to be executed when using the 'Invoke-WebRequest' command to retrieve the page. As a countermeasure, PowerShell 5.1, the standard for Windows 10, now displays a confirmation prompt warning of the risk of script execution when executing the command. It is recommended to use the '-UseBasicParsing' argument for untrusted pages.
Related Posts:
