Patch Tuesday · December 2025

December 2025 Patch Tuesday: what UK businesses need to know.

December 2025 delivered a smaller-than-average release, weighted towards Windows kernel and Office issues. The challenge is operational: limited maintenance windows around the holiday period.

Executive summary

Last release of the year — modest in volume, meaningful in impact.

December 2025 delivered a smaller-than-average release, weighted towards Windows kernel and Office issues. The challenge is operational: limited maintenance windows around the holiday period.

  • Risk theme: Windows kernel EoP
  • Risk theme: Office font parsing RCE
  • Risk theme: Print spooler vulnerability
  • Risk theme: Edge / WebView2 flaw
Vulnerabilities remediated

The issues that move the needle this month.

We have focused on the categories with realistic exploitation paths for UK SMEs and regulated firms. Always cross-check with Microsoft's Security Update Guide and your own asset inventory before deployment.

Windows kernel elevation of privilege

Another in a long line of kernel EoP issues. Routinely chained by malware after an initial foothold.

Office font parsing RCE

A crafted font embedded in a document could trigger code execution. Higher impact than it sounds — fonts are loaded automatically.

Print spooler vulnerability

The print spooler returns once again as an attack surface. Disable where not needed; patch immediately where it is.

Edge / WebView2 flaw

Affects embedded browser components used by many line-of-business applications.

Affected systems

Where the risk lives.

  • Windows 10, 11 and Server
  • Microsoft Office and Microsoft 365 Apps
  • Print services
  • Applications using WebView2 (incl. Teams, third-party LOB)
Known deployment issues

What to watch for when rolling out.

  • Print spooler restart can cause queued jobs to drop — communicate before deployment.
  • WebView2 update required a restart of any application using it (Teams, Outlook, etc.).
Pros of deploying
  • Tidies up the year-end attack surface — a good baseline going into the holiday freeze.
  • Lower volume means realistic testing within compressed change windows.
Cons / trade-offs
  • Holiday change freezes leave fewer windows to deploy and validate.
  • Reduced support staffing increases the risk if something regresses.
Hints & tips for a successful deployment

How experienced teams roll these out without drama.

  • Deploy to a pilot before the freeze, then schedule the wider rollout for early January.
  • Disable Print Spooler on servers that do not need it — single most effective long-term mitigation.
  • Restart WebView2-dependent applications as part of the rollout to avoid stale processes.
How Secure Chain helps

Advice, guidance, or full remediation — your call.

Whether you want a second pair of eyes on this month's release or you would rather hand the entire patching cycle to us, Secure Chain Technology Group can support at any level of involvement.

  • Advisory: a prioritised briefing mapped to your estate and risk appetite, with recommended rollout rings.
  • Guided deployment: we work alongside your IT team — test plans, rollback procedures and change-management evidence.
  • Fully managed remediation: we deploy, validate and report on every patch through our Vulnerability Management-as-a-Service (VMaaS) and Patch Management services.
  • Compliance evidence: reporting aligned to Cyber Essentials Plus, ISO 27001 and DSPT requirements.
Sample report
Request a sample vulnerability report
Assessment
Book a cyber security assessment
← All Patch Tuesday briefings

Always verify against the official Microsoft Security Update Guide and your own asset inventory before deployment.