Microsoft has rolled out its December Patch Tuesday update, prompting Windows users to prioritize immediate system updates. This month’s release addresses three critical zero-day vulnerabilities, which are security flaws that have been either actively exploited or publicly disclosed prior to the availability of an official patch.
As highlighted by Bleeping Computer, the December update tackles a total of 56 bugs, categorized as follows:
- 28 elevation-of-privilege vulnerabilities
- 19 remote-code-execution vulnerabilities
- 4 information-disclosure vulnerabilities
- 3 denial-of-service vulnerabilities
- 2 spoofing vulnerabilities
Among these, three remote code execution flaws have been designated as “critical.” It is important to note that these figures do not encompass updates for Microsoft Edge and Mariner.
Patch Tuesday typically occurs on the second Tuesday of each month at approximately 10 AM PT, making it a reliable schedule for users to anticipate essential security updates.
Three zero-days fixed
One of the zero-days addressed in this update has been actively exploited in the wild, although Microsoft has refrained from providing specific details regarding the nature of these exploits.
CVE-2025-62221 is an elevation-of-privilege vulnerability found in the Windows Cloud Files Mini Filter Driver. When exploited, this flaw grants attackers SYSTEM privileges, allowing them to manipulate cloud applications like OneDrive and access file system functions.
The other two vulnerabilities that have been fixed were publicly disclosed:
- CVE-2025-64671 – GitHub Copilot for Jetbrains Remote Code Execution Vulnerability: This vulnerability can be exploited through a Cross Prompt Injection in untrusted files or MCP servers, enabling attackers to execute commands locally. According to Krebs on Security, this could potentially mislead the large language model (LLM) into incorporating malicious instructions into the user’s auto-approve settings.
- CVE-2025-54100 – PowerShell Remote Code Execution Vulnerability: This bug has the potential to execute scripts embedded in a webpage when retrieved using Invoke-WebRequest.
CVE-2025-62221 has been attributed to the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC). CVE-2025-64671 was disclosed by Ari Marzuk, while multiple security researchers contributed to the identification of CVE-2025-54100.
