Microsoft Patch Tuesday, December 2025 Edition
Today, Microsoft released a slate of updates addressing at least 56 security vulnerabilities across Windows and supported software. This final Patch Tuesday of 2025 tackles one zero-day that is already being exploited and covers two publicly disclosed flaws.
Despite delivering fewer updates than in some months, Microsoft fixed a total of 1,129 vulnerabilities in 2025—an 11.9% rise from 2024. Satnam Narang of Tenable notes that this year marks the second straight year with over a thousand patched flaws, and it marks the third time since the program began.
The zero-day addressed this cycle is CVE-2025-62221, a privilege-escalation flaw affecting Windows 10 and newer versions. The issue lies in the Windows Cloud Files Mini Filter Driver, a system component that enables cloud-based applications to access file-system features.
“This is especially concerning because the mini filter is integral to services like OneDrive, Google Drive, and iCloud, and it remains a core Windows component even if those apps aren’t installed,” explained Adam Barnett, lead software engineer at Rapid7.
Only three of the patched vulnerabilities earned Microsoft’s highest severity rating, Critical. Two pertain to Microsoft Office and can be exploited simply by viewing a booby-trapped email in the Preview Pane (CVE-2025-62554 and CVE-2025-62557). A third critical flaw (CVE-2025-62562) affects Microsoft Outlook, though Redmond says the Preview Pane is not an attack vector for this one.
Microsoft also highlighted several likely-exploited privilege-escalation flaws from this batch, though they are rated less severe than Critical:
– CVE-2025-62458 — Win32k
– CVE-2025-62470 — Windows Common Log File System Driver
– CVE-2025-62472 — Windows Remote Access Connection Manager
– CVE-2025-59516 — Windows Storage VSP Driver
– CVE-2025-59517 — Windows Storage VSP Driver
Kev Breen, senior director of threat research at Immersive, notes that privilege-escalation flaws appear in nearly every major host-compromise incident.
“We don’t know why Microsoft labeled these as more likely to be exploited, but many of these components have historically seen in-the-wild activity or possess enough technical detail from prior CVEs to make weaponization easier for attackers,” Breen said. “Even if they aren’t actively exploited right now, they should be patched sooner rather than later.”
One notable vulnerability in this release is CVE-2025-64671, a remote code execution flaw in the GitHub Copilot Plugin for JetBrains—an AI-assisted coding tool used by Microsoft and GitHub. Breen explains that an attacker could trick the LLM into executing commands that bypass safeguards and insert malicious instructions into the user’s “auto-approve” settings.
CVE-2025-64671 sits within a broader issue some researchers have termed an IDE security crisis, or IDEsaster, which encompasses more than 30 distinct vulnerabilities across several leading AI-powered coding platforms, including Cursor, Windsurf, Gemini CLI, and Claude Code.
Another publicly disclosed vulnerability patched today is CVE-2025-54100, a remote code execution flaw in Windows PowerShell on Windows Server 2008 and later. This flaw allows an unauthenticated attacker to run code within the user’s security context.
For readers seeking a more granular breakdown of today’s Microsoft security updates, Sans Internet Storm Center has published a roundup: https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202025/32550. As always, share any issues applying these patches in the comments.
Would you like a shorter summary focused only on the critical flaws, or a practical checklist for applying these updates safely in a corporate environment?
