Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Microsoft on Tuesday announced patches for 57 vulnerabilities as part of its December 2025 security updates. Three of the bugs are zero-days, but only one is under active exploitation.

The exploited zero-day, tracked as CVE-2025-62221 (CVSS score of 7.8), is described as a use-after-free issue in the Windows Cloud Files Mini Filter Driver.

According to Microsoft, the successful exploitation of the security defect could allow attackers to elevate their privileges to System on Windows devices.

The company notes that it is aware of this vulnerability being exploited in the wild, but has not shared details on the observed attacks.

A second flaw resolved in the Cloud Files Mini Filter Driver, tracked as CVE-2025-62454 (CVSS score of 7.8) and leading to privilege escalation, is also likely to be exploited in attacks, the tech giant warns.

Microsoft’s December 2025 Patch Tuesday updates also draw attention to two command injections ...