The Small Business Cyber Security Guy | Cybersecurity for SMB & Startups

Show notes

December 2025 just shipped the last Microsoft security fixes of the year. Fifty seven vulnerabilities, three zero days, and one actively exploited Windows privilege escalation that hits almost every supported build. Are you patched before the Christmas break, or are you leaving a present for attackers in January?

In this episode, Graham walks through the December Patch Tuesday release for 2025, with a focus on what actually matters for small and medium businesses. You will hear how CVE 2025 62221 in the Windows Cloud Files driver turns a low level account into full system compromise, why Office Preview Pane is once again a risk, and how AI powered tools like GitHub Copilot for JetBrains and PowerShell changes introduce new attack paths. Does your team know about any of that?

You also get a fast tour of Adobe and other vendor updates, including ColdFusion, Android, Ivanti, Fortinet, React server components and SAP. Graham then zooms out to review the full year, with more than one thousand one hundred Microsoft vulnerabilities in 2025 and privilege escalation bugs leading the pack. Finally, he explains why the five week gap before the next Patch Tuesday on thirteen January 2026 makes December patching non negotiable.

By the end of the episode you will know:

1. Which patches you must treat as emergency work, especially CVE 2025 62221

2. How Office, Copilot and PowerShell changes affect day to day risk

3. Why Windows 10 without Extended Security Updates is now a business liability

4. What to ask your IT team or provider before everyone disappears for the holidays

Are you confident your estate will survive the festive period, or do you need to push patching to the top of the list?