Table of Contents
Why does my virtual machine lose network connectivity after the December 2025 Windows update?
Microsoft released its final monthly cumulative update for the year on December 9, 2025. This cycle addresses critical security vulnerabilities across Windows 10 and Windows 11 ecosystems. Administrators must pay close attention to a universal change in PowerShell behavior designed to mitigate script execution risks (CVE-2025-54100). Additionally, Windows 10 users without Extended Security Update (ESU) licenses will notice a cessation of updates, as standard support concluded in October 2025.
Windows 11: Critical Fixes and Feature Adjustments
Microsoft targeted two primary branches of Windows 11 during this cycle. The focus lies on stability for the current 24H2/25H2 versions and the finalization of the 23H2 lifecycle.
Active Branch: Version 24H2 and 25H2
Update ID: KB5072033
This update is mandatory for maintaining system health. It introduces quality improvements and resolves specific technical failures that hinder productivity and server management.
Virtualization Stability (Critical)
IT professionals managing virtual machines must install this patch immediately. A severe bug caused external virtual switches to lose their binding to physical network adapters (NICs) after a host reboot. This error forces switches into “internal mode,” severing network connectivity for VMs and halting server operations. KB5072033 rectifies this logic error.
Copilot Interaction
The update fixes a user interface bug where the “Click to Do” window failed to activate. Sharing data with Copilot now correctly brings the interaction window to the foreground.
File Explorer Rendering
Users who previously installed KB5070311 may have experienced a white flash when navigating folders. This graphical glitch is now resolved.
End of Support: Version 23H2
Update ID: KB5071417
This cumulative update marks the end of the road for Windows 11 23H2 (Home and Pro editions). Microsoft officially ceased support for this version on November 11, 2025. KB5071417 serves as the final security maintenance package. Users remaining on this version must upgrade to 24H2 or 25H2 to receive future protections.
Windows 10: Extended Security Updates (ESU) Only
Standard support for Windows 10 ended in October 2025. Consequently, the following updates apply strictly to Enterprise LTSC editions or devices enrolled in the paid ESU program.
Version 21H2 and 22H2 (ESU/LTSC)
Update ID: KB5071546
This patch serves the majority of corporate environments still utilizing Windows 10. It focuses purely on security hardening and servicing stack improvements. It contains the mandatory PowerShell security change detailed below.
Enterprise 2019 LTSC (v1809)
Update ID: KB5071544
Alongside standard security fixes, this update deprecates the People app. The icon on the taskbar will cease to function after installation. Organizations relying on this feature must transition to alternative contact management tools immediately.
Enterprise 2016 LTSC (v1607)
Update ID: KB5071543
This legacy update addresses specific security vulnerabilities. Administrators must verify that the latest Servicing Stack Update (SSU) is installed before attempting to deploy this patch manually.
The PowerShell Security Paradigm Shift
CVE Reference: CVE-2025-54100
A significant security change affects all updated versions of Windows 10 and 11. Microsoft has altered how PowerShell 5.1 handles web requests to mitigate malicious script execution.
When a user or script runs the Invoke-WebRequest command, the system now triggers a confirmation prompt. This prompt warns of potential security risks associated with executing content from the web. Users must explicitly choose to continue or cancel the operation. This added friction prevents drive-by downloads and inadvertent execution of malicious code, but it may disrupt automated scripts that rely on silent web requests. Administrators should review their automation workflows for compatibility with KB5074596.
Deployment Recommendations
- Prioritize Virtual Hosts: Deploy KB5072033 to Hyper-V hosts first to resolve the NIC binding issue.
- Review Scripts: Audit internal PowerShell scripts using Invoke-WebRequest to ensure they can handle or bypass the new interactive prompts safely.
- Upgrade Windows 10/11 23H2: Move remaining endpoints off these deprecated versions to ensure continued security coverage in January 2026.
These updates are available via Windows Server Update Services (WSUS), Windows Update for Business (WUfB), and the Microsoft Update Catalog.