Microsoft's December Patch Tuesday release addresses three zero-day vulnerabilities, impacting both Windows and Microsoft Office users, amid a total of 57 updates.
Key Updates and Timeline
- Microsoft released 57 patches on 2025-12-12, addressing three zero-days.
- No critical-rated patches for Windows this month, prompting a 'Patch Now' alert.
- Patch includes minor updates for Microsoft Exchange Server and no developer tool changes.
- Known issues: WSUS synchronization errors; Windows login missing icons, fix available.
- Major revisions tackle Windows Cryptographic Services and task privilege vulnerabilities.
Feature Changes and Impact
The update provides guidance for testing various functional areas: Cloud files (OneDrive, SharePoint), Windows Sandbox, and Start Menu tiles.
Microsoft advises careful validation of connectivity and usability across these components. Key updates also include:
- Microsoft Edge received 13 Chromium-based updates, including support for macOS.
- Microsoft Office included 16 patches, with four critical remote code execution (RCE) fixes.
- Zero-day vulnerabilities involve GitHub, PowerShell, and a Windows mini-driver.
- Start Menu User Tiles require validation for UI rendering and dynamic updates.
This release prioritizes stability and facilitates timely patching before year-end freezes.
