Serial number: AV25-822
Date: December 9, 2025
On December 9, 2025, Microsoft published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:
- Azure App Gateway
- Azure Bastion Developer
- Azure Monitor
- Azure Monitor Control Service
- Dynamics 365 Field Service (online)
- Dynamics OmniChannel SDK Storage Containers
- Microsoft 365 Apps for Enterprise
- Microsoft 365 Defender Portal
- Microsoft Configuration Manager 2403
- Microsoft Configuration Manager 2409
- Microsoft Configuration Manager 2503
- Microsoft Dynamics 365
- Microsoft Excel 2016
- Microsoft Office 2016
- Microsoft Office 2019
- Microsoft Office LTSC 2021
- Microsoft Office LTSC 2024
- Microsoft Office LTSC for Mac 2021
- Microsoft Office LTSC for Mac 2024
- Microsoft Office for Android
- Microsoft SQL Server 2016
- Microsoft SQL Server 2017
- Microsoft SQL Server 2019
- Microsoft SQL Server 2022
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Online
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Server Subscription Edition
- Microsoft Visual Studio 2022 version 17.14
- Microsoft Visual Studio Code CoPilot Chat Extension
- Nuance PowerScribe 360
- Nuance PowerScribe One
- Office Online Server
- OneDrive for Android
- PowerScribe One version 2023.1 SP2 Patch 7
- Visual Studio Code
- Windows 10
- Windows 10 Version 1607
- Windows 10 Version 1809
- Windows 10 Version 21H2
- Windows 10 Version 22H2
- Windows 11 Version 22H2
- Windows 11 Version 23H2
- Windows 11 Version 24H2
- Windows 11 Version 25H2
- Windows Server 2008
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
- Windows Server 2025
- Windows Server 2025 (Server Core installation)
- Windows Subsystem for Linux GUI
Microsoft has received reports that CVE-2025-62221 is being exploited.
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.