Welcome to my December Patch Tuesday newsletter.  We made it through 2025 and another year bites the dust.  Today Microsoft released just 56 updates and a long list of 216 additional updates for a total of 271 updates in the past 30 days. Wow, so let's get started.

We have three zero-day vulnerabilities to look at.

Our first zero day is CVE-2025-54100.  This remote code execution could allow an attacker via PowerShell to execute code locally.  Although being publicly disclosed, exploitation in the wild has not been detected.  The fix for this vulnerability was released today.  

Next is CVE-2025-62221. This elevation of privilege is currently being exploited and could allow a successful attacker to gain SYSTEM privileges.

Our third and final zero day is CVE-2025-64671.  This remote code execution is  publicly disclosed and has a max severity the same as our other two zero days; important.  Despite this lower rating you will want to get these pushed out ASAP.

This is our last PT newsletter for 2025 so I'll keep this one short and sweet.  Be sure to check out the chart below to see if any of the affect products are in your environment.  
Besides that it is a pretty normal month.  Below the chart you will find a long list of Azure Linux and CBL Mariner products and versions.  I didn't want to "clog up" the chart with all that data so I put it below the chart.  See you next month!

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

I didn't want to overflow the chart with the products and versions in this month's release for "Open Source Software".  Below is a list of products and versions included:  

Azure Linux:
azl3 autogen 5.18.16-9, azl3 busybox 1.36.1-18, azl3 busybox 1.36.1-19, azl3 ceph 18.2.2-11, azl3 containerized-data-importer 1.57.0-17, azl3 cups 2.4.13-1, azl3 cups 2.4.16-1, azl3 dcos-cli 1.2.0-19, azl3 docker-buildx 0.14.0-7, azl3 expat 2.6.4-2, azl3 flannel 0.24.2-21, azl3 fluent-bit 3.1.10-2, azl3 fluent-bit 3.1.9-6, azl3 glib 2.78.6-4, azl3 golang 1.23.12-1, azl3 golang 1.25.3-1, azl3 golang 1.25.5-1, azl3 grub2 2.06-25, azl3 haproxy 2.9.11-4, azl3 httpd 2.4.65-1, azl3 influxdb 2.7.5-8, azl3 kata-containers 3.19.1.kata2-2, azl3 kata-containers-cc 3.15.0.aks0-5, azl3 keras 3.3.3-5, azl3 kernel 6.6.112.1-2, azl3 kernel 6.6.116.1-1, azl3 kernel 6.6.117.1-1, azl3 kubernetes 1.30.10-16, azl3 kubevirt 1.5.0-5, azl3 kubevirt 1.5.3-2, azl3 libmicrohttpd 0.9.77-3, azl3 libpng 1.6.40-1, azl3 libvirt 10.0.0-5, azl3 libvirt 10.0.0-6, azl3 libxslt 1.1.43-3, azl3 nodejs 20.14.0-10, azl3 nodejs 20.14.0-9, azl3 packer 1.9.5-10, azl3 pgbouncer 1.24.1-1, azl3 postgresql 16.10-1, azl3 python3 3.12.9-5, azl3 python3 3.12.9-6, azl3 python-tensorboard 2.16.2-6, azl3 qtdeclarative 6.6.1-1, azl3 rsync 3.4.1-2, azl3 vim 9.1.1616-1

CBL Mariner:
cbl2 busybox 1.35.0-14, cbl2 ceph 16.2.10-10, cbl2 ceph 16.2.10-11, cbl2 cert-manager 1.11.2-24, cbl2 cf-cli 8.4.0-25, cbl2 cni-plugins 1.3.0-9, cbl2 containerized-data-importer 1.55.0-26, cbl2 cri-o 1.22.3-17, cbl2 cups 2.3.3op2-10, cbl2 dcos-cli 1.2.0-22, cbl2 flannel 0.14.0-26, cbl2 fluent-bit 3.0.6-4, cbl2 gcc 11.2.0-9, cbl2 glib 2.71.0-7, cbl2 golang 1.18.8-10, cbl2 golang 1.22.7-5, cbl2 grub2 2.06-15, cbl2 haproxy 2.4.24-2, cbl2 httpd 2.4.65-1, cbl2 influxdb 2.6.1-24, cbl2 jx 3.2.236-23, cbl2 kata-containers 3.2.0.azl2-7, cbl2 kata-containers-cc 3.2.0.azl2-8, cbl2 kernel 5.15.186.1-1, cbl2 kubernetes 1.28.4-19, cbl2 kube-vip-cloud-provider 0.0.2-23, cbl2 kubevirt 0.59.0-30, cbl2 kubevirt 0.59.0-31, cbl2 libcontainers-common 20210626-7, cbl2 libpng 1.6.51-1, cbl2 libvirt 7.10.0-10, cbl2 libxslt 1.1.34-8, cbl2 libxslt 1.1.34-9, cbl2 local-path-provisioner 0.0.21-19, cbl2 moby-buildx 0.7.1-26, cbl2 moby-compose 2.17.3-11, cbl2 moby-compose 2.17.3-12, cbl2 msft-golang 1.24.11-1, cbl2 msft-golang 1.24.9-1, cbl2 nodejs18 18.20.3-10, cbl2 nodejs18 18.20.3-9, cbl2 packer 1.9.5-15, cbl2 pgbouncer 1.24.1-1, cbl2 postgresql 14.19-1, cbl2 prometheus 2.37.9-5, cbl2 python3 3.9.19-16, cbl2 python3 3.9.19-17, cbl2 python-tensorboard 2.11.0-3, cbl2 pytorch 2.0.0-9, cbl2 qt5-qtbase 5.12.11-18, cbl2 qt5-qtdeclarative 5.12.5-5, cbl2 reaper 3.1.1-19, cbl2 reaper 3.1.1-21, cbl2 rsync 3.4.1-2, cbl2 tensorflow 2.11.1-2, cbl2 vim 9.1.1616-1