Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
BleepingComputer • • technology
Key Points:
- Microsoft's December 2025 Patch Tuesday addresses 57 vulnerabilities, including one actively exploited zero-day and two publicly disclosed zero-day flaws, with three critical remote code execution issues fixed.
- The actively exploited zero-day (CVE-2025-62221) is a privilege escalation vulnerability in the Windows Cloud Files Mini Filter Driver that allows attackers to gain SYSTEM privileges locally.
- Two publicly disclosed zero-days patched include a command injection flaw in GitHub Copilot for JetBrains (CVE-2025-64671) and a PowerShell remote code execution vulnerability (CVE-2025-54100) related to script execution via Invoke-WebRequest.
- Microsoft recommends using the -UseBasicParsing switch in PowerShell to prevent script execution when retrieving