Microsoft has released its December 2025 Patch Tuesday updates, addressing 57 security vulnerabilities, including one actively exploited zero-day and two publicly disclosed flaws.
The actively exploited vulnerability is CVE-2025-62221 (Windows Cloud Files Mini Filter Driver Elevation of Privilege), a use-after-free issue that could allow an authorized attacker to gain SYSTEM-level privileges.
Microsoft has not disclosed details about how the flaw was used in the wild.
The two publicly disclosed flaws include CVE-2025-64671 (GitHub Copilot for JetBrains RCE) and CVE-2025-54100 (PowerShell RCE).
December 2025 Patch Tuesday also includes fixes for a number of high-risk security vulnerabilities affecting MS Office, Word, Exel, Outlook, Microsoft Access, Microsoft RRAS, and other products.