Microsoft has released updates addressing 56 security vulnerabilities across Windows platforms, including a zero-day flaw actively exploited in the wild. Among these flaws, three are rated Critical and 53 Important, covering 29 privilege escalation, 18 remote code execution, four information disclosure, three denial-of-service, and two spoofing vulnerabilities. Two additional flaws were publicly known before this update. This brings the total number of CVEs patched by Microsoft in 2025 to 1,275, marking the second consecutive year the company has addressed over 1,000 vulnerabilities. These updates also include 17 security patches for Chromium-based Edge, including a spoofing vulnerability in Edge for iOS (CVE-2025-62223, CVSS score 4.3).
The actively exploited vulnerability, CVE-2025-62221 (CVSS score 7.8), is a use-after-free issue in Windows Cloud Files Mini Filter Driver, allowing a local attacker with low privileges to escalate permissions and obtain SYSTEM access. The minifilter, used in OneDrive, Google Drive, iCloud, and other services, intercepts file system requests and extends file system functionality. Experts note that while exploitation requires prior access to a system, attackers can leverage phishing, browser exploits, or other remote code execution vulnerabilities to chain attacks and compromise hosts. The vulnerability’s inclusion in U.S. Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities catalog mandates patching by federal agencies by December 30, 2025.
Two additional zero-day vulnerabilities are addressed in this update. CVE-2025-54100 (CVSS score 7.8) is a command injection flaw in Windows PowerShell that allows an attacker to execute arbitrary code locally by tricking users into running crafted commands. CVE-2025-64671 (CVSS score 8.4) affects GitHub Copilot for JetBrains, enabling local code execution through command injection. Security researchers warn that combining these flaws with common social engineering techniques or existing access can lead to full system compromise. Several integrated development environments, including Kiro.dev, JetBrains Junie, and GitHub Copilot for Visual Studio Code, have also been identified as vulnerable to related issues known as IDEsaster, allowing attackers to exploit AI agent prompts and auto-approve settings to execute malicious commands.
In addition to Microsoft, other vendors have released updates addressing critical flaws over the past weeks, including Adobe, Amazon Web Services, AMD, Arm, Cisco, Fortinet, Google Chrome, Linux distributions, SAP, and Zoom. The broad set of patches underscores the importance of timely software updates and proactive risk management, as attackers increasingly chain multiple vulnerabilities to achieve elevated access or execute malicious code. Organizations are urged to implement these security updates promptly and review configurations to mitigate exposure to privilege escalation, remote code execution, and command injection attacks that could compromise enterprise systems.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
