Microsoft Patch Tuesday Security Updates for December 2025 Fixed an Actively Exploited Zero-Day Vulnerability
Microsoft has released its monthly security updates, known as Patch Tuesday, which addresses a total of 57 vulnerabilities across various products and services. Among these vulnerabilities are three critical flaws that require immediate attention from system administrators.
The December 2025 Patch Tuesday security updates cover several areas, including Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Exchange Server, Azure, Copilot, PowerShell, and Windows Defender. The severity of these vulnerabilities ranges from Critical to Important, with three vulnerabilities falling under the Critical category.
One of the most pressing issues addressed in this update is a zero-day vulnerability tracked as CVE-2025-62221 (CVSS score of 7.8), which is currently being exploited in attacks in the wild. This vulnerability affects Windows Cloud Files Mini Filter Driver and allows an authorized attacker to elevate privileges locally. As stated in Microsoft's advisory, "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges."
The advisory further notes that exploitation of this vulnerability has been detected. To put it simply, if not addressed promptly, a malicious actor can potentially gain control over your system with this exploit.
Additionally, two other vulnerabilities, tracked as CVE-2025-64671 and CVE-2025-54100, are labeled as publicly known at the time of release. Both of these vulnerabilities are remote code execution issues that could allow attackers to execute malicious commands or scripts on affected systems. The Copilot flaw was disclosed in research related to AI IDE vulnerabilities, while PowerShell's vulnerability can execute scripts embedded in webpages fetched with Invoke-WebRequest.
It is worth noting that researchers have warned of a proof-of-concept (PoC) existing for CVE-2025-64671, making it essential to address this issue immediately. Microsoft has also added a new warning to prompt users to use -UseBasicParsing to prevent unwanted script execution in PowerShell.
The full list of CVEs addressed by Microsoft in December 2025 Patch Tuesday is available here.
Stay up-to-date with the latest security news and updates by following me on Twitter: @securityaffairs, Facebook, or Mastodon (SecurityAffairs – hacking, Microsoft Patch Tuesday).