Article Details

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws. Today is Microsoft's December 2025 Patch Tuesday, which fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses three "Critical" remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include Microsoft Edge (15 flaws) and Mariner vulnerabilities fixed earlier this month. To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5072033 & KB5071417 cumulative updates. 3 zero-days, two exploited This month's Patch Tuesday fixes one actively exploited and two publicly disclosed zero-day vulnerabilities. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available. The actively exploited zero-day is: CVE-2025-62221 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Microsoft has patched an actively exploited privilege elevation vulnerability in the Windows Cloud Files Mini Filter Driver.  "Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally," explains Microsoft. Microsoft says that successfully exploiting the flaw allows attackers to gain SYSTEM privileges. Microsoft has attributed the flaw to Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC) but has not shared how the flaw was exploited. The publicly disclosed zero-day flaws are: CVE-2025-64671 - GitHub Copilot for Jetbrains Remote Code Execution Vulnerability Microsoft has patched a publicly disclosed GitHub Copilot flaw that allows an attacker to execute commands locally. "Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally," explains Microsoft. Microsoft says the flaw can be exploited through a Cross Prompt Injection in untrusted files or MCP servers. "Via a malicious Cross Prompt Inject in untrusted files or MCP servers, an attacker could execute additional commands by appending them to commands allowed in the user's terminal auto-approve setting," continued Microsoft. Microsoft has attributed the flaw to Ari Marzuk, who recently disclosed the flaw as part of his "IDEsaster: A Novel Vulnerability Class in AI IDEs" report. CVE-2025-54100 - PowerShell Remote Code Execution Vulnerability Microsoft has patched a PowerShell vulnerability that could cause scripts embedded in a webpage to be executed when the page is retrieved using Invoke-WebRequest. "Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally," explains Microsoft. Microsoft has made a change that displays a warning when PowerShell uses 'Invoke-WebRequest,' prompting the user to add the -UseBasicParsing to prevent code execution. Microsoft attributes this flaw to numerous researchers, including Justin Necke, DeadOverflow, Pēteris Hermanis Osipovs, Anonymous, Melih Kaan Yıldız, and Osman Eren Güneş. Recent updates from other companies Other vendors who released updates or advisories in December 2025 include: The December 2025 Patch Tuesday Security Updates Below is the complete list of resolved vulnerabilities in the December 2025 Patch Tuesday updates. To access the full description of each vulnerability and the systems it affects, you can view the full report here. Break down IAM silos like Bitpanda, KnowBe4, and PathAI Broken IAM isn't just an IT problem - the impact ripples across your whole business. This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.