Overview
- Microsoft’s update resolves 57 vulnerabilities, led by CVE-2025-62221, a use-after-free in the Windows Cloud Files Mini Filter Driver that can grant SYSTEM privileges and is confirmed exploited.
- CISA added CVE-2025-62221 to its Known Exploited Vulnerabilities catalog and urged organizations to apply updates by December 30, 2025.
- Two publicly disclosed remote code execution issues were fixed: CVE-2025-64671 in GitHub Copilot for JetBrains, which researchers warn can be abused via cross-prompt injection, and CVE-2025-54100 in PowerShell, which now prompts on Invoke-WebRequest with guidance to use -UseBasicParsing.
- Three critical remote code execution flaws were addressed in Microsoft Office and Outlook (CVE-2025-62554, CVE-2025-62557, CVE-2025-62562), with some Office issues exploitable via the Preview Pane, raising user-interaction concerns.
- Microsoft flagged several elevation-of-privilege bugs as more likely to be exploited — including issues in Win32k, CLFS, Remote Access Connection Manager, and Storage VSP — and vendors such as Cisco Talos released Snort rules to help detect exploitation attempts.