Microsoft December 2025 Security Updates

Microsoft December 2025 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/...

CVEs have been published or revised in the Security Update Guide
December 9, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:
https://msrc.microsoft.com/update-guide/vulnerabilit...

CVE-2024-30098
Title: Windows Cryptographic Services Security Feature Bypass Vulnerability
Version: 3.1
Reason for revision: Updated the "Are there any further actions I need to take to be protected from this vulnerability?" FAQ as follows: 1. Added a reminder to customers that The DisableCapiOverrideForRSA registry key will be removed in April 2026. 2. Added an update that states: The October 14, 2025, Windows updates addressing CVE-2024-30098 revealed issues in applications where the code does not correctly identify which provider is managing the key for certificates propagated from a smart card to the certificate store. This misidentification can cause cryptographic operations to fail in certain scenarios. Please see [Guidance for certificate handling for Smart Card propagated certificates](http://support.microsoft.com/kb/5073121) for guidance for application developers on how to detect the correct handler and resolve these issues. These are informational changes only.
Originally released: July 9, 2024
Last updated: December 9, 2025
Aggregate CVE severity rating: Important
Customer action required: Yes


https://msrc.microsoft.com/update-guide/vulnerabilit...
CVE-2025-60710
Title: Host Process for Windows Tasks Elevation of Privilege Vulnerability
Version: 2.0
Reason for revision: The following updates have been made: 1. To comprehensively address CVE-2025-60710, Microsoft has released December 2025 security updates for all supported editions of Windows 11 Version 24H2, Windows 11 Version 25H2, and Windows Server 2025. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. 2. Added a Workaround for customers running Windows Server 2025, in the event they cannot immediately install the update.
Originally released: November 11, 2025
Last updated: December 9, 2025
Aggregate CVE severity rating: Important
Customer action required: Yes

Should I be worried that my Windows 11 PC hasn't started the process of updating to the Windows UEFI CA 2023 ?

hope this helps

https://learn.microsoft.com/en-us/answers/questions/...

no but if you want to manually update now click on the link
https://www.elevenforum.com/t/did-you-manually-updat...

There is a nasty bug with Windows Update downloading a bad version of 25H2 the last month. It should be fixed now but if you still have the old version in your WU cache pause the updates then reboot. After reboot click resume and it should download the working update to 25H2.