Microsoft’s Patch Tuesday update for December is here, and Windows users should ensure their machines are updated as soon as possible to fix three zero-day vulnerabilities. These are security flaws that are actively exploited or publicly disclosed before the developer releases an official patch.
As reported by Bleeping Computer , this month’s update addresses 56 bugs in total: 28 elevation-of-privilege vulnerabilities, 19 remote-code-execution vulnerabilities, four information-disclosure vulnerabilities, three denial-of-service vulnerabilities, and two spoofing vulnerabilities. Three of the remote code execution flaws are labeled “critical.” Note that these figures do not include updates released for Microsoft Edge and Mariner.
Patch Tuesday is typically released on the second Tuesday of every month around 10am PT, so you can anticipate security updates at that time.
Three zero-days fixed
One of the zero-days patched in December has been actively exploited in the wild, though Microsoft has not shared any details as to how. CVE-2025-62221 is an elevation-of-privilege vulnerability in the Windows Cloud Files Mini Filter Driver, and when exploited, give attackers SYSTEM privileges. The mini filter allows cloud applications, such as OneDrive, access to file system functions.
The other two bugs fixed have been publicly disclosed:
-
CVE-2025-64671 – GitHub Copilot for Jetbrains Remote Code Execution Vulnerability: This flaw, which can be exploited through a Cross Prompt Injection in untrusted files or MCP servers, allows attackers to execute commands locally. According to Krebs on Security , this could trick the LLM into adding malicious instructions in the user’s auto-approve settings.
-
CVE-2025-54100 – PowerShell Remote Code Execution Vulnerability: This bug could cause scripts embedded in a webpage to be executed when retrieved using Invoke-WebRequest.
CVE-2025-62221 has been attributed to Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC). CVE-2025-64671 was disclosed by Ari Marzuk, while CVE-2025-54100 has been credited to multiple security researchers.
