Attackers are already exploiting one of the 57 vulnerabilities for which Microsoft issued a patch this week, and proof-of-concept (PoC) exploits are publicly available for two other vulnerabilities.
Even so, the company's December 2025 update is a far cry from the 157 patch update with which it opened the year and the record 163 patch monster from October.
Zero-day Bugs
The actively exploited zero-day bug — and the one therefore that needs high-priority attention — is CVE-2025-62221, which received a CVSS score of 7.8. It affects Windows Cloud Files Mini Filter Driver and enables an attacker that has already gained access to a vulnerable system to escalate privileges on it.
"Given that this vulnerability is seeing active exploitation and could lead to SYSTEM level access, this should be the priority for patching this month," said Tyler Reguly, associate director, security R&D, at Fortra, in a statement. Microsoft confirmed attackers have exploited the vulnerability, but as is typical for the company, it offered no details on the activity.
The two previously disclosed vulnerabilities with PoC exploits available for them are CVE-2025-54100 (CVSS Score: 7.8), a remote code execution (RCE) vulnerability in PowerShell, and CVE-2025-64671 (CVSS Score: 8.4), another RCE that affects the GitHub Copilot for JetBrains code completion tools. Though PoCs are publicly available for both vulnerabilities, Microsoft assessed them as being at relatively low risk for exploitation.
Related:Apache Issues Max-Severity Tika CVE After Patch Miss
Despite that, security experts urged organizations not to ignore the bug. The GitHub Copilot flaw is something that organizations using the AI-enabled tool should address sooner rather than later, according to Satnam Narang, senior staff research engineer at Tenable.
"AI Agents embedded into IDEs as part of an attack chain that leverages prompt injections against these tools to access the base IDE layer … can result in information disclosure or command execution," he noted in a statement. "This flaw appears to be one of several associated with an underlying flaw across multiple IDEs, including GitHub Copilot, Cursor, JetBrains Junie, Roo Code and Claude Code."
A Slew of Elevation of Privilege Vulnerabilities
... continue reading