Microsoft released patches for 57 vulnerabilities this month, including one zero-day bug that attackers are already exploiting. CVE-2025-62221 affects Windows Cloud Files Mini Filter Driver and lets attackers escalate privileges to system-level access once they're inside a network.
Two other flaws have public proof-of-concept exploits available: a PowerShell remote code execution bug and a GitHub Copilot vulnerability affecting JetBrains tools. Security experts say the Copilot flaw could let attackers use AI prompt injections to access development environments.
This December update is much lighter than earlier releases—Microsoft patched over 1,150 vulnerabilities in 2025, making it one of their busiest years ever.
Source: Dark Reading