December 2025 Patch Tuesday forecast: And it’s a wrap

It’s hard to believe that we’re in December of 2025 already and the end of the year is fast approaching. Looking back on the year, there are two major items that really stand out in my mind. First, there is the large number of Microsoft products that have come to EOL/EOS near the end of this year. It seemed there was always a reason their products would get official extended support at the last minute, but this time, that didn’t happen – applications and operating systems alike came to an end.

December 2025 Patch Tuesday forecast

And second, this is the year that AI started to touch everyone in a big way. It’s now possible to interact with it directly in a browser and many companies have included AI technology in their products in various ways. We’ll see what 2026 brings, as I anticipate it will start to be more heavily used with the latest patch technologies.

Windows 10 ESU debuts as Microsoft patches zero-day in November update

November 2025 Patch Tuesday included the first set of Windows 10 Extended Security Updates (ESU). I hope everyone who still needs to run Windows 10 was able to update to 22H2 and apply the ESU, because we already had a zero-day exploitation in CVE-2025-62215 Windows Kernel Elevation of Privilege Vulnerability. There were 38 CVEs fixed for Windows 11 and 11 CVEs for Microsoft 365 Apps; both of which included CVEs rated Critical. There were updates for Windows SharePoint Server and SQL Server, which were both rated Important. It was a nice break after the extensive number of patches from the previous two months.

This month has been a busy one for Microsoft. Following the November hotpatch release of KB5068966, they reported a known issue whereby “on Windows 11, version 25H2, Windows Update might download and install the update again when it scans for updates.” On November 21, they provided out-of-band KB5072753 to address the issue. If you didn’t install the November hotpatch, Microsoft advised to apply the OOB instead.

Microsoft rolls out fixes for XAML app issues, .LNK vulnerability, and Outlook Excel glitch

In late November, Microsoft released KB5072911 titled Explorer, the Start menu, and other XAML-dependent apps might not start or close unexpectedly on some enterprise devices. These issues are confined to Windows 11 and have been reported fixed in the December preview patch, but there appear to still be some side effects, for example, the screen flashes white when dark mode is set and a File Explorer is opened.

And finally, there is a report that Microsoft has quietly made changes to start fixing CVE-2025-9491 which was also covered in Advisory 25258226. This vulnerability exists in the handling of .LNK files and was reported by the Zero Day Initiative back in March. You can read all about this vulnerability including the silent changes made by Microsoft and the coverage provided by 0Patch, in this latest 0Patch blog.

Microsoft announced an issue where some Excel attachments in the new Outlook client were not opening. This was impacting Exchange Online customers. Microsoft has begun deploying a fix, but it may take a while to reach all customers.