The December Patch Tuesday update from Microsoft addresses three zero-days (CVE-2025-64671, CVE-2025-54100, and CVE-2025-62221) but includes surprisingly few total patches (just 57). As well as an unusually low number of updates, Microsoft has not published any critical updates for the Windows platform this month. That said, given the zero-days, we recommend a “Patch Now” release schedule for Windows and Microsoft Office. There are no updates for the developer tools this month and a minor patch for Microsoft Exchange Server.
To help navigate these changes, the team from Readiness has provided a helpful infographic detailing the risks of deploying updates to each platform. (Information about other recent Patch Tuesday releases is available here.)
Known issues
Microsoft has published a longer than usual list of known issues for December. Focusing on the actionable issues affecting later versions (non-ESU), we believe the following deserve attention from enterprise engineers:
- After installing KB5070892 or later updates, Windows Server Update Services (WSUS) does not display synchronization error details within its error reporting. This functionality is temporarily removed to address the Remote Code Execution Vulnerability, CVE-2025-59287.
- A very small number of users may notice that the password icon for the Windows login screen is not visible. This has been an issue since the August 2025 update. Microsoft has published a Known Issue Rollback (KIR) to address Pro and Home users. Enterprise deployments should use an updated group policy to reset the icon image.
Microsoft had released an out-of-band update (KB5070881) for Windows Server 2025, which was briefly offered to all Windows Server 2025 machines, regardless of Hotpatch enrollment.
Machines that installed KB5070881 will temporarily stop receiving Hotpatch updates and will instead receive security updates that require a restart. This issue is expected to be resolved in the next baseline release in January 2026.
Major revisions and mitigations
There have been several updates and revisions to previous Microsoft patches this December. Most of them relate to Chromium updates (see the Browser section below). However, these two revisions may require further reading and remedial action:
- CVE-2024-30098: Windows Cryptographic Services Security Feature Bypass Vulnerability. Though this update revision is referenced as a documentation update by Microsoft, a previous release incorrectly identified the managed key provider. This could have led to smart-card authentication failures. If you have experienced this kind of issue since October, Microsoft has published a knowledge note (KB5073121) on how to detect and resolve these kinds of issues.
- CVE-2025-60710: Host Process for Windows Tasks Elevation of Privilege Vulnerability. This patch revision affects all supported versions of Windows. Before you update, Microsoft suggests that you disable the Recall feature. Only enable this feature once you have patched your system with this latest update.
Windows lifecycle and enforcement updates
Microsoft Secure Boot certificates used by most Windows devices are set to expire, starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. There is plenty of time — you have been warned.
Each month, the team at Readiness analyzes the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. This guidance is based on assessing a large application portfolio and a comprehensive analysis of the Microsoft patches and their potential impact on Windows platforms and application deployments.
For this December 2025 release cycle from Microsoft, we have grouped the critical updates and required testing efforts into different functional areas.
Cloud files and sync providers
Organizations using OneDrive, SharePoint sync, or third-party cloud storage providers should validate sync-root connectivity and file hydration workflows. Testing should cover sync-root connection and disconnection scenarios, including hydration/dehydration, client restarts, client upgrades, unexpected client crashes, account unlink/relink flows, and multi-user scenarios.
Windows Sandbox and virtualization
The kernel and storage virtualization components received updates affecting Windows Sandbox functionality. Organizations using Sandbox for application testing or isolated browsing should install and enable Windows Sandbox, configure folder mappings via configuration files, and validate that mapped folders are accessible, with basic file operations (create, modify, delete) functioning correctly.
Start Menu User Tiles
The Start Menu’s User Tiles UI received updates this month. Testing should validate UI rendering (correct display, alignment, profile images), functionality (click actions, hover states, keyboard navigation), dynamic updates (profile changes reflecting immediately), error handling (missing or corrupted profile data), and performance (no lag or crashes during user switching).
December 2025’s release is stability-focused with no high-risk components. Testing effort should center on cloud file synchronization workflows for OneDrive/SharePoint users, Windows Sandbox folder mapping for virtualization environments, and Start Menu User Tiles for organizations with multi-user workstations. This lighter release provides an opportunity to complete patching before year-end corporate change freezes.
Updates by product family
Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings:
- Browsers (Microsoft Edge)
- Microsoft Windows (both desktop and server)
- Microsoft Office
- Microsoft Exchange and SQL Server
- Microsoft Developer Tools (Visual Studio and .NET)
- Adobe (if you get this far)
Browsers
Microsoft has released a single update to Microsoft Edge (CVE-2025-62223) and a further 13 Chromium-based updates with this December release. One of the “interesting” things this month is that Microsoft has released a patch for Microsoft Edge on the Apple Mac platform. We may have to start including Mac in our testing regime if Microsoft keeps this up. Please add these low-profile browser changes to your standard release calendar.
Microsoft Windows
We should start this section with an important announcement: There are no critical-rated patches for Windows this December. This is an incredible achievement for Microsoft.
The following product areas have been updated with 38 patches rated important for this December 2025 patch cycle:
- Windows Cloud Files Mini Filter, VSP, Brokering and Windows Resilient File System (ReFS)
- Win32k, DWM and DirectX Graphics Kernel
- Windows Common Log File System
- Windows Remote Access Connection Manager
- Windows Routing and Remote Access Service (RRAS)
- Windows Installer and PowerShell
- Microsoft Hyper-V
- Windows Shell and Camera codecs
Unfortunately, we have three zero-days through reported exploitation and public disclosure (CVE-2025-64671, CVE-2025-54100, and CVE-2025-62221) that affect GitHub, PowerShell, and the Windows mini-driver, respectively. Add these updates to your Windows “Patch Now” release schedule (yes, even though these are not rated as critical by Microsoft).
Microsoft Office
The real focus of this month’s testing should be on Microsoft Office with Microsoft releasing four critical-rated updates and a further 12 patches to the Microsoft Office productivity suite. This month’s critical updates affect Microsoft Word, Excel, and SharePoint with remote code execution vulnerabilities. Add these Microsoft Office updates to your “Patch Now” schedule.
Microsoft Exchange and SQL Server
Microsoft has released two updates (CVE-2025-64667 and CVE-2025-64666) to Exchange Server this month, both rated as important by Microsoft and requiring a server reboot.
Add these updates to your standard server update schedule.
Developer tools
Microsoft has not published any updates to the .NET or Visual Studio platforms this month. Enjoy the respite.
Adobe (and third-party updates)
It’s back! Adobe Reader has returned to form this month (APSB25-119) with a series of critical updates to the PDF generator of choice. We have been watching recent, rapid updates to Reader this month, hoping that we don’t have any more before the commonly adopted enterprise change control lock-down next Friday.
The Readiness team hopes that next week is not too rushed with last-minute changes and that everyone gets a much-deserved break over the holiday period.
Read the full article here
