This Decemberβs Patch Tuesday includes critical updates for Windows, Notepad++, Fortinet, Ivanti, and more, addressing vulnerabilities actively exploited or publicly known. Timely application of these patches is essential to prevent privilege escalation, remote code execution, and credential bypass attacks. #CVE202562221 #Notepad++V8.8.9
Keypoints
- Microsoft released patches that fix 57 CVEs, with some being exploited or publicly known vulnerabilities.
- CVE-2025-62221, a privilege escalation flaw in Windows Cloud Files Mini Filter Driver, was exploited as a zero-day.
- Notepad++ fixed a critical vulnerability being abused by attackers from China to hijack updates and deliver malware.
- Fortinet addressed two critical vulnerabilities that could allow unauthenticated login bypass using crafted SAML messages.
- Ivanti patched a cross-site scripting flaw in Endpoint Manager, which could lead to full session compromise for attackers.
Read More: https://www.theregister.com/2025/12/09/december_2025_patch_tuesday/