Flexis December 2025 Patch Recommendation
Patches Microsoft released in December 2025
Impacted Products:
Microsoft Windows
Microsoft Edge
(HTML-based)
Microsoft Edge
(Chromium-based)
Internet Explorer
Microsoft Office and Microsoft Office Services and Web Apps
Windows Defender
Visual Studio
ASP.NET Core
Chakra Core
Microsoft Dynamics
.NET Framework
.NET Core
Please note the following information regarding the security updates:
Windows 10 Enterprise and Education and Windows 10 Home and Pro Lifecycle pages, Windows 10 was ended on October 14, 2025. The current version, 22H2, will be the final version of Windows 10. The following editions will remain in support with monthly security update releases through that date:
Home
Pro
Pro Education
Pro for Workstations
Education
Enterprise
Enterprise multi-session
KB5071547: Windows Server 2022
Improvements
This security update contains fixes and quality improvements from KB5068787 (released November 11, 2025). The following summary outlines key issues addressed by this update. Also, included are available new features. The bold text within the brackets indicates the item or area of the change.
- [PowerShell 5.1] Invoke-WebRequest now includes a confirmation prompt with a security warning of script execution risk. You can choose to continue or cancel the request. For additional details, see CVE-2025-54100 and KB5074596: PowerShell 5.1: Preventing script execution from web content.
Known issues in this update
After installing KB5070884 or later updates, Windows Server Update Services (WSUS) does not display synchronization error details within its error reporting. This functionality is temporarily removed to address the Remote Code Execution Vulnerability, CVE-2025-59287.
KB5071544: Windows Server 2019 Win 10 Ent LTSC 2019
Windows Secure Boot certificate expiration
Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance. For details and preparation steps, see Windows Secure Boot certificate expiration and CA updates.
Summary
Windows 10 , Version 1809
Applies to: Windows 10 Enterprise LTSC 2021
Applies to: Win 10 Ent LTSC 2019
This security update includes fixes and quality improvements that are part of the following update:
The following is a summary of the issues that this update addresses when you install this update. The bold text within the brackets indicates the item or area of the change we are documenting.
- [PowerShell 5.1] The Invoke-WebRequest command now includes a confirmation prompt with a security warning of a script execution risk. You can choose to continue or cancel the request. For additional details, see CVE-2025-54100 and KB5074596: PowerShell 5.1: Preventing script execution from web content.
- [People app] After installing this update, the People icon on the taskbar will no longer respond. This feature is being deprecated in Windows Server 2019 and Windows 10, version 1809.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
Windows Server 2019
Applies to: Windows Server 2019 (All editions)
Applies to: Windows Server 2019
This security update includes fixes and quality improvements that are part of the following update:
The following is a summary of the issues that this update addresses when you install this update. The bold text within the brackets indicates the item or area of the change we are documenting.
- [PowerShell 5.1] The Invoke-WebRequest command now includes a confirmation prompt with a security warning of a script execution risk. You can choose to continue or cancel the request. For additional details, see CVE-2025-54100 and KB5074596: PowerShell 5.1: Preventing script execution from web content.
- [People app] After installing this update, the People icon on the taskbar will no longer respond. This feature is being deprecated in Windows Server 2019 and Windows 10, version 1809.
Known issues in this update for Windows Server 2019
Symptoms
After installing this update, users might face issues with the Message Queuing (MSMQ) functionality. This issue also impacts clustered MSMQ environments under load. Due to this issue, users might encounter the following symptoms:
- MSMQ queues becoming inactive
- IIS sites failing with “Insufficient resources to perform operation” errors
- Applications unable to write to queues
- Errors such as “The message file ‘C:\Windows\System32\msmq\storage*.mq’ cannot be created” when creating message files
- Misleading logs, such as “There is insufficient disk space or memory”, despite sufficient disk space and memory being available
This issue is caused by the recent changes introduced to the MSMQ security model and NTFS permissions on the C:\Windows\System32\MSMQ\storage folder. MSMQ users now require write access to this folder, which is normally restricted to administrators. As a result, attempts to send messages via MSMQ APIs might fail with resource errors.
Known issues in this update for Windows 10 , Version 1809
Symptoms
After installing this update, users might face issues with the Message Queuing (MSMQ) functionality. This issue also impacts clustered MSMQ environments under load. Due to this issue, users might encounter the following symptoms:
- MSMQ queues becoming inactive
- IIS sites failing with “Insufficient resources to perform operation” errors
- Applications unable to write to queues
- Errors such as “The message file ‘C:\Windows\System32\msmq\storage*.mq’ cannot be created” when creating message files
- Misleading logs, such as “There is insufficient disk space or memory”, despite sufficient disk space and memory being available
This issue is caused by the recent changes introduced to the MSMQ security model and NTFS permissions on the C:\Windows\System32\MSMQ\storage folder. MSMQ users now require write access to this folder, which is normally restricted to administrators. As a result, attempts to send messages via MSMQ APIs might fail with resource errors.
KB5071543: Windows Server 2016, all editions Win 10 Ent LTSB 2016
Support for Windows 10 ended on 14th October 2025
After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but we recommend moving to Windows 11.
Windows Secure Boot certificate expiration
Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance. For details and preparation steps, see Windows Secure Boot certificate expiration and CA updates.
Summary
This servicing stack update (SSU) makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates make sure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.
Important Not installing the latest SSU before applying Windows updates might result in the Windows update not being offered until the latest SSU is installed.
Applies to: Windows Server 2016
This security update includes fixes and improvements that are a part of the following update:
The following is a summary of the issues that this update addresses. The bold text within the brackets indicates the item or area of the change we are documenting.
- [PowerShell 5.1] The Invoke-WebRequest command now includes a confirmation prompt with a security warning of a script execution risk. You can choose to continue or cancel the request. For additional details, see CVE-2025-54100 and KB5074596: PowerShell 5.1: Preventing script execution from web content.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
Applies to: Win 10 Ent LTSB 2016
This security update includes fixes and improvements that are a part of the following update:
The following is a summary of the issues that this update addresses. The bold text within the brackets indicates the item or area of the change we are documenting.
- [PowerShell 5.1] The Invoke-WebRequest command now includes a confirmation prompt with a security warning of a script execution risk. You can choose to continue or cancel the request. For additional details, see CVE-2025-54100 and KB5074596: PowerShell 5.1: Preventing script execution from web content.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
Known issues in this update
Symptoms
After installing this update, users might face issues with the Message Queuing (MSMQ) functionality. This issue also impacts clustered MSMQ environment under load. Due to this issue, users might encounter the following symptoms:
- MSMQ queues becoming inactive
- IIS sites failing with “Insufficient resources to perform operation” errors
- Applications unable to write in queues
- Errors such as “The message file ‘C:\Windows\System32\msmq\storage*.mq’ cannot be created” when creating message files
- Misleading logs, such as “There is insufficient disk space or memory”, despite sufficient disk space and memory being available
This issue is caused by the recent changes introduced to the MSMQ security model and NTFS permissions on the C:\Windows\System32\MSMQ\storage folder. MSMQ users now require write access to this folder, which is normally restricted to administrators. As a result, attempts to send messages via MSMQ APIs might fail with resource errors.