Ref# ADV2025_421 | Date: Dec 12th 2025

---

Microsoft published a security advisory highlighting vulnerabilities in the following product on December 9th, 2025. It is recommended that you take the necessary precautions by ensuring your products are always updated. 

• Azure App Gateway 

• Azure Bastion Developer 

• Azure Monitor 

• Azure Monitor Control Service 

• Dynamics 365 Field Service (online) 

• Dynamics OmniChannel SDK Storage Containers 

• Microsoft 365 Apps for Enterprise 

• Microsoft 365 Defender Portal 

• Microsoft Configuration Manager 2403 

• Microsoft Configuration Manager 2409 

• Microsoft Configuration Manager 2503 

• Microsoft Dynamics 365 

• Microsoft Excel 2016 

• Microsoft Office 2016 

• Microsoft Office 2019 

• Microsoft Office LTSC 2021 

• Microsoft Office LTSC 2024 

• Microsoft Office LTSC for Mac 2021 

• Microsoft Office LTSC for Mac 2024 

• Microsoft Office for Android 

• Microsoft SQL Server 2016 

• Microsoft SQL Server 2017 

• Microsoft SQL Server 2019 

• Microsoft SQL Server 2022 

• Microsoft SharePoint Enterprise Server 2016 

• Microsoft SharePoint Online 

• Microsoft SharePoint Server 2019 

• Microsoft SharePoint Server Subscription Edition 

• Microsoft Visual Studio 2022 version 17.14 

• Microsoft Visual Studio Code CoPilot Chat Extension 

• Nuance PowerScribe 360 

• Nuance PowerScribe One 

• Office Online Server 

• OneDrive for Android 

• PowerScribe One version 2023.1 SP2 Patch 7 

• Visual Studio Code 

• Windows 10 

• Windows 10 Version 1607 

• Windows 10 Version 1809 

• Windows 10 Version 21H2 

• Windows 10 Version 22H2 

• Windows 11 Version 22H2 

• Windows 11 Version 23H2 

• Windows 11 Version 24H2 

• Windows 11 Version 25H2 

• Windows Server 2008 

• Windows Server 2012 

• Windows Server 2012 R2 

• Windows Server 2016 

• Windows Server 2019 

• Windows Server 2022 

• Windows Server 2025 

• Windows Server 2025 (Server Core installation) 

• Windows Subsystem for Linux GUI 

For more information on this update, you can follow this URL: 

https://www.cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-december-2025-monthly-rollup-av25-822 

The Guyana National CIRT recommends that users and administrators review this update and apply it where necessary. 

References 

• Microsoft Security advisories. (December 09th, 2025). Retrieved from Canadian Centre for Cyber Security
  https://www.cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-december-2025-monthly-rollup-av25-822 

 

• Security Update Guide – Microsoft. (n.d.). https://msrc.microsoft.com/update-guide/en-us 

 

• December 2025 Security Updates – Release Notes – Security Update Guide – Microsoft. (n.d.). https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec