Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day

Microsoft Patch Tuesday security updates for December 2025 address 57 vulnerabilities, including three critical flaws.

Microsoft Patch Tuesday security updates for December 2025 addressed 57 vulnerabilities in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Exchange Server, Azure, Copilot, PowerShell, and Windows Defender. Three vulnerabilities are rated Critical, while the rest are rated Important in severity.

One of these vulnerabilities, tracked as CVE-2025-62221 (CVSS score of 7.8), is actively exploited in attacks in the wild. The vulnerability CVE-2025-62221 is a Windows Cloud Files Mini Filter Driver issue that allows an authorized attacker to elevate privileges locally.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” reads the advisory. “Exploitation Detected.”

Two other vulnerabilities, tracked as CVE-2025-64671 and CVE-2025-54100, are labeled as publicly known at the time of the release.

The two vulnerabilities are both remote code execution issues: CVE-2025-64671 in GitHub Copilot for JetBrains, which lets attackers run local commands via malicious cross-prompt injections in untrusted files or MCP servers, and CVE-2025-54100 in PowerShell, which can execute scripts embedded in webpages fetched with Invoke-WebRequest. The Copilot flaw was disclosed in research on AI IDE vulnerabilities. For PowerShell, Microsoft added a new warning to prompt users to use -UseBasicParsing to prevent unwanted script execution.

Researchers warn that a proof-of-concept (PoC) exists for CVE-2025-64671.

The full list of CVEs addressed by Microsoft for December 2025 is available here.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft Patch Tuesday)