Threat intelligence
Microsoft Security Bulletin Coverage for December 2025
Overview
Microsoft’s December 2025 Patch Tuesday has 55 vulnerabilities, of which 27 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2025 and has produced coverage for 7 of the reported vulnerabilities.
Vulnerabilities with Detections
CVE | CVE Title | Signature |
| CVE-2025-59516 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | ASPY 7154 Exploit-exe exe.MP_481 |
| CVE-2025-59517 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | ASPY 7155 Exploit-exe exe.MP_482 |
| CVE-2025-62221 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ASPY 7152 Exploit-exe exe.MP_480 |
| CVE-2025-62454 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ASPY 7156 Exploit-exe exe.MP_486 |
| CVE-2025-62458 | Win32k Elevation of Privilege Vulnerability | ASPY 661 Exploit-exe exe.MP_485 |
| CVE-2025-62470 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | ASPY 660 Exploit-exe exe.MP_484 |
| CVE-2025-62472 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | ASPY 659 Exploit-exe exe.MP_483 |
Release Breakdown
The vulnerabilities can be classified into the following categories:
For December, there are 2 critical and 52 important vulnerabilities.
Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.
Release Detailed Breakdown
Denial of Service Vulnerabilities
| CVE | CVE Title |
| CVE-2025-62463 | DirectX Graphics Kernel Denial of Service Vulnerability |
| CVE-2025-62465 | DirectX Graphics Kernel Denial of Service Vulnerability |
| CVE-2025-62567 | Windows Hyper-V Denial of Service Vulnerability |
Elevation of Privilege Vulnerabilities
| CVE | CVE Title |
| CVE-2025-59516 | Windows Storage VSP Driver Elevation of Privilege Vulnerability |
| CVE-2025-59517 | Windows Storage VSP Driver Elevation of Privilege Vulnerability |
| CVE-2025-62221 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2025-62454 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2025-62455 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability |
| CVE-2025-62457 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2025-62458 | Win32k Elevation of Privilege Vulnerability |
| CVE-2025-62461 | Windows Projected File System Elevation of Privilege Vulnerability |
| CVE-2025-62462 | Windows Projected File System Elevation of Privilege Vulnerability |
| CVE-2025-62464 | Windows Projected File System Elevation of Privilege Vulnerability |
| CVE-2025-62466 | Windows Client-Side Caching Elevation of Privilege Vulnerability |
| CVE-2025-62467 | Windows Projected File System Elevation of Privilege Vulnerability |
| CVE-2025-62469 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-62470 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2025-62472 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2025-62474 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2025-62565 | Windows File Explorer Elevation of Privilege Vulnerability |
| CVE-2025-62569 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-62571 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2025-62572 | Application Information Service Elevation of Privilege Vulnerability |
| CVE-2025-62573 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| CVE-2025-64658 | Windows File Explorer Elevation of Privilege Vulnerability |
| CVE-2025-64661 | Windows Shell Elevation of Privilege Vulnerability |
| CVE-2025-64666 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2025-64673 | Windows Storage VSP Driver Elevation of Privilege Vulnerability |
| CVE-2025-64679 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-64680 | Windows DWM Core Library Elevation of Privilege Vulnerability |
Information Disclosure Vulnerabilities
| CVE | CVE Title |
| CVE-2025-62468 | Windows Defender Firewall Service Information Disclosure Vulnerability |
| CVE-2025-62473 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-62570 | Windows Camera Frame Server Monitor Information Disclosure Vulnerability |
| CVE-2025-64670 | Windows DirectX Information Disclosure Vulnerability |
Remote Code Execution Vulnerabilities
| CVE | CVE Title |
| CVE-2025-62456 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2025-62549 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-62550 | Azure Monitor Agent Remote Code Execution Vulnerability |
| CVE-2025-62552 | Microsoft Access Remote Code Execution Vulnerability |
| CVE-2025-62553 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-62554 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-62555 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-62556 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-62557 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-62558 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-62559 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-62560 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-62561 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-62562 | Microsoft Outlook Remote Code Execution Vulnerability |
| CVE-2025-62563 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-62564 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-64671 | GitHub Copilot for Jetbrains Remote Code Execution Vulnerability |
| CVE-2025-64678 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Spoofing Vulnerabilities
| CVE | CVE Title |
| CVE-2025-64667 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2025-64672 | Microsoft SharePoint Server Spoofing Vulnerability |
Share This Article
An Article By
An Article By
Security News
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
