A critical security alert has been issued for Windows users. December’s update, released through Microsoft’s Patch Tuesday, addresses a dangerous trio of “zero-day” vulnerabilities – flaws actively exploited by attackers even before a fix existed.
This month’s update isn’t a minor tweak; it’s a substantial defense against 56 distinct security bugs. The breakdown includes vulnerabilities allowing attackers to gain elevated privileges, remotely execute code, steal information, cause denial-of-service attacks, and even impersonate legitimate users.
Three of the remote code execution flaws are classified as “critical,” demanding immediate attention. These aren’t theoretical risks; they represent active pathways for malicious actors to compromise systems. Updates for Microsoft Edge and Mariner are separate and also require attention.
One of the zero-day vulnerabilities, tracked as CVE-2025-62221, has already been observed in active attacks. This flaw resides within the Windows Cloud Files Mini Filter Driver, granting attackers the highest level of system access – SYSTEM privileges – if successfully exploited.
The mini filter driver is essential for cloud applications like OneDrive to function, providing access to file system operations. This makes it a prime target for attackers seeking broad control over compromised machines. Microsoft has, so far, remained tight-lipped about the specifics of the ongoing exploitation.
Another zero-day, CVE-2025-64671, impacts GitHub Copilot for JetBrains. A cleverly crafted attack, utilizing a “Cross Prompt Injection,” could allow attackers to execute commands on a user’s system through untrusted files or compromised servers.
Security researchers have warned this vulnerability could trick the underlying Large Language Model (LLM) into adding malicious instructions to a user’s settings, silently enabling further attacks. The potential for widespread compromise is significant.
Finally, CVE-2025-54100 targets PowerShell, a powerful scripting language built into Windows. This flaw allows attackers to execute malicious scripts embedded within webpages simply by retrieving them using the Invoke-WebRequest command.
The discovery of these vulnerabilities is a testament to the ongoing efforts of security researchers and Microsoft’s Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC). Prompt patching is the most effective defense against these threats.
These vulnerabilities were identified by a collaborative effort, with Ari Marzuk credited with discovering CVE-2025-64671 and multiple researchers contributing to the identification of CVE-2025-54100. The urgency of applying this update cannot be overstated.
