Microsoft December 2025 Patch Tuesday Fixes 3 Zero-days, 57 Flaws

Today is Microsoft's December 2025 Patch Tuesday, which fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities.

This Patch Tuesday also addresses three "Critical" remote code execution vulnerabilities.

The number of bugs in each vulnerability category is listed below:

When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include Microsoft Edge (15 flaws) and Mariner vulnerabilities fixed earlier this month.

To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5072033 & KB5071417 cumulative updates.

This month's Patch Tuesday fixes one actively exploited and two publicly disclosed zero-day vulnerabilities.

Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available.

CVE-2025-62221 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Microsoft has patched an actively exploited privilege elevation vulnerability in the Windows Cloud Files Mini Filter Driver.

"Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally," explains Microsoft.

Source: BleepingComputer