During December Patch Tuesday, Microsoft fixed an actively exploited zero day, along with 56 other vulnerabilities in Windows and related products.
Although the number of patches remains relatively limited, the December update contains several high-impact security issues. In addition to Microsoft, other vendors also released critical security updates, making this patch round extra urgent for IT and security teams, reports The Register.
The most pressing vulnerability on Microsoft’s side is CVE-2025-62221. This is a problem in the Windows Cloud Files Mini Filter Driver with a CVSS score of 7.8. Microsoft confirms that this vulnerability has already been actively exploited. Although an attacker already needs access to the system, they can use this leak to obtain higher privileges and ultimately take complete control of the system.
According to security researchers, vulnerabilities of this kind play a crucial role in successful attacks because they enable attackers to significantly expand their capabilities once they have penetrated a system.
In addition to this zero-day vulnerability, there are two vulnerabilities that are publicly known, with no evidence of active exploitation as yet. CVE-2025-54100 concerns a problem in PowerShell that allows unauthorized code to be executed remotely. CVE-2025-64671 targets GitHub Copilot within JetBrains development environments and has a higher severity score. Although this vulnerability is formally classified as local, researchers point out that users can still be tricked into executing malicious commands.
The risk in the latter category lies primarily in the combined use of AI functions and automatically approved commands. Malicious input in files or context sources can send additional instructions that are executed without additional confirmation. Security experts expect this type of attack to become more common in the future as AI tools become more deeply integrated into development environments.
Vulnerabilities also found in Notepad++, Ivanti, and Fortinet
This month’s attention is not limited to Microsoft alone. An update was released for Notepad++ for a critical vulnerability that is known to be actively exploited. Researchers see indications that attackers from China are already exploiting this weakness. Ivanti and Fortinet also released patches for serious security vulnerabilities in their products, which are widely used in corporate networks in particular.
Despite the lower number of vulnerabilities, December Patch Tuesday shows, according to The Register, that the impact of security updates is not related to quantity. With multiple critical leaks and at least one vulnerability already being used in attacks, rapid patching remains as important as ever at the end of the year.