Today marks Microsoft Patch Tuesday for December 2025. This month, 57 vulnerabilities have been addressed, including three zero-day vulnerabilities, one of which is actively being exploited. It’s crucial to update your systems promptly.

Notable Patch Tuesday vulnerabilities for December

• CVE-2025-62221 A use-after-free vulnerability in the Windows Cloud Files Mini Filter Driver could allow an authorized attacker to elevate privileges locally.
• CVE-2025-64671 Improper neutralization of input in Copilot could enable an unauthorized attacker to execute code locally.
• CVE-2025-54100 Improper neutralization of input in Windows PowerShell could allow an unauthorized attacker to execute code locally.

For more detailed information on these and other vulnerabilities, please refer to the release notes: https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec

Need help addressing the above in your own organization? Speak to an Outpost24 expert.