There are 57 vulnerabilities addressed this month. There are 3 criticals in Office and Outlook that may allow remote code exploits. There is a patch for Windows Cloud Files Mini Filter Driver that is being actively exploited. This vulnerability (CVE-2025-55680) requires local access for exploit which provides limited mitigation.
Please expedite patching for systems using Windows Cloud Files Mini Filter Driver, Microsoft Outlook, or Microsoft Office.
There is also a patch for GitHub Copilot for Jetbrains which is publicly known but not included in working exploits yet. If using the IDE for Copilot coding you should also expedite patching.
Normal patching cadence is acceptable for this month’s patches with the exceptions mentioned above. Patch Windows workstations first, focusing on CVEs: CVE-2025-62554, CVE-2025-62557, and CVE-2025-62562
There are significant updates to most major browsers, including Edge, Chrome, and Firefox. Please ensure browsers and other tools are updated in addition to core operating system patches.
For detailed Microsoft information refer to: https://msrc.microsoft.com/update-guide/en-us/releaseNote/2025-Dec