EXECUTIVE SUMMARY
Microsoft’s recent December 2025 Patch Tuesday resolves over 57 vulnerabilities, including three zero-days and multiple critical Office-based RCE flaws, one of which is actively exploited. Organizations should urgently prioritize patching zero-day and high-risk components to mitigate active threats and prevent privilege-escalation attack chains.
- Active Region: Global
- Affected Sector: All sectors using Windows, MS Office, and PowerShell, including developer environments.
- Affected Products: All Windows and Office users are affected
- Severity: Critical, Important and Low severity flaws, including three zero-days.
- Published Date: December 09, 2025
TECHNICAL DETAILS – CRITICAL VULNERABILITIES
CVE-2025-62554 – MS Office RCE
- Attack Vector: The MS Office document parsing pipeline mishandles object metadata during deserialization.
- Cause: A type confusion condition causes the parser to treat an attacker-controlled object as a trusted structure, enabling redirection of execution flow.
- Prerequisite: User interaction to load the malicious document…..
