Microsoft has released fixes for 54 security vulnerabilities in its latest monthly security update, including a Windows zero-day already exploited in the wild and Office flaws that can trigger remote code execution when emails are merely received.
The December Patch Tuesday collection is smaller than in recent months. It includes two publicly disclosed remote code execution flaws and one vulnerability that attackers are actively exploiting.
Microsoft has also issued patches for three critical remote code execution vulnerabilities. The company currently assesses those as less likely or unlikely to be exploited.
The latest security updates do not include browser and open source patches. During December, Microsoft has already addressed 14 browser vulnerabilities and more than 80 issues in open source products.
Windows zero-day
The most serious issue in the batch is CVE-2025-62221. This is a local elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver.
Microsoft has evidence that attackers already use this flaw. Successful exploitation grants SYSTEM-level privileges on a compromised machine.
File system filter drivers, also known as minifilters, attach to the system software stack. They intercept requests aimed at a file system. They extend or replace the functions that the original target provides.
Organisations typically use minifilters for data encryption, automated backup, on-the-fly compression, and cloud storage.
The Cloud Files minifilter underpins services such as OneDrive, Google Drive, and iCloud. It is also a core Windows component. It remains present even when none of those cloud storage applications are installed.
Microsoft classifies CVE-2025-62221 as important rather than critical. Attackers need an existing foothold on the target system.
Security teams are likely to rate the bug as a priority because it is under active exploitation and gives an attacker full system control.
PowerShell MotW bypass
Another zero-day, CVE-2025-54100, affects security controls that rely on Windows’ Mark of the Web (MotW) feature.
MotW tracks files that users download from the internet. It adds metadata that indicates the file’s origin.
Under standard conditions, PowerShell warns users before it runs unsigned code from the internet. It often waits for confirmation. It can also block unexpected code execution.
CVE-2025-54100 allows attackers to bypass defences that depend on MotW. They can execute code before the file is written to disk.
Microsoft is aware of public disclosure of this vulnerability.
The company’s security update alters the default behaviour of Invoke-WebRequest in PowerShell 5.1. The command now prompts the user rather than processing and executing potentially malicious content while handling the full Document Object Model of a remote resource.
Scripts that depend on the previous behaviour may hang when they encounter the new prompt. Administrators can change scripts by adding the -UseBasicParsing parameter to Invoke-WebRequest. This parameter avoids the chance of script execution.
PowerShell 7 is not affected in the same way. It no longer depends on the legacy MSHTML/Trident engine that Internet Explorer used.
PowerShell 5.1 still ships by default with new Windows installations. This includes Server 2025 and Windows 11 25H2. Many enterprises continue to rely on older business applications.
AI coding plugin issues
Microsoft has also disclosed CVE-2025-64671. This affects the GitHub Copilot for JetBrains plugin.
The plugin offers an Edit Mode that allows users to adjust code using AI assistance. An attacker who exploits the vulnerability can gain a similar level of control.
The flaw relies on cross-prompt injection. Attackers can hide malicious instructions inside a hostile file or in Model Context Protocol (MCP) server data.
Those instructions can lead to arbitrary command execution. Unsafe commands can pass security checks because they are appended to safe, allowlisted commands.
The underlying security issue affects more than one vendor. The original researcher describes it as part of a wider class of vulnerabilities. The risk arises when an integrated development environment embeds agentic AI functionality and expands its attack surface.
Other large IDE providers have assigned CVEs and released patches for similar problems.
Office email risks
Microsoft Office also receives multiple fixes this month. Two remote code execution issues stand out.
CVE-2025-62554 and CVE-2025-62557 both involve Office and use the Preview Pane as an attack vector.
The advisory FAQs for both flaws state that the Preview Pane is a vector. A user who scrolls past a malicious email in Outlook may trigger exploitation. The same risk applies when users preview a suspicious file in Explorer.
This can happen without any obvious unsafe action by the user.
The analysis also warns that exploitation could start when the targeted user receives a crafted email. The victim does not need to open, read, or click anything inside the message.
The behaviour echoes CVE-2023-23397. That was a widely discussed critical Outlook issue disclosed about two and a half years ago.
Microsoft reported in-the-wild exploitation of that earlier flaw by a Russia-based threat actor. The targets included government, military, and critical infrastructure organisations in Europe.
There is no suggestion that the two new vulnerabilities cause NTLM hash disclosure. That was a core feature of CVE-2023-23397.
The potential for exploitation without user interaction remains a concern for security teams.
Lifecycle notes
Microsoft reports no major product lifecycle changes this month.
Visual Studio 2022 LTSC 17.10 will reach end of life in January. Organisations that still depend on that version face a narrowing window for upgrades and security planning.