Microsoft addressed 57 security issues in its December 2025 Patch Tuesday update, fixing critical vulnerabilities including one exploited zero-day. Threat actors could leverage some of these vulnerabilities for privilege escalation, highlighting the importance of timely patching. #CVE-2025-62221 #MicrosoftThreatIntelligence
Keypoints
- Microsoft issued updates for 57 vulnerabilities, including one zero-day actively exploited by attackers.
- The zero-day CVE-2025-62221 affects Windows Cloud Files Mini Filter Driver and enables privilege escalation.
- Six vulnerabilities are rated as βExploitation More Likelyβ with a severity score of 7.8, mainly involving privilege escalation.
- Critical vulnerabilities were found in Microsoft Office, SharePoint, and Copilot, with ratings of 8.8 and 8.4.
- Other vendors like Fortinet, Ivanti, and SAP also released critical patches for their products.
Read More: https://thecyberexpress.com/microsoft-patch-tuesday-december-2025-zero-day/