Microsoft Issues Security Fixes For 56 Flaws, Including Active...
Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild.
Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two other defects are listed as publicly known at the time of the release. These include 29 privilege escalation, 18 remote code execution, four information disclosure, three denial-of-service, and two spoofing vulnerabilities.
In total, Microsoft has addressed a total of 1,275 CVEs in 2025, according to data compiled by Fortra. Tenable's Satnam Narang said 2025 also marks the second consecutive year where the Windows maker has patched over 1,000 CVEs. It's the third time it has done so since Patch Tuesday's inception.
The update is in addition to 17 shortcomings the tech giant patched in its Chromium-based Edge browser since the release of the November 2025 Patch Tuesday update. This also consists of a spoofing vulnerability in Edge for iOS (CVE-2025-62223, CVSS score: 4.3).
The vulnerability that has come under active exploitation is CVE-2025-62221 (CVSS score: 7.8), a use-after-free in Windows Cloud Files Mini Filter Driver that could allow an authorized attacker to elevate privileges locally and obtain SYSTEM permissions.
"File system filter drivers, aka minifilters, attach to the system software stack, and intercept requests targeted at a file system, and extend or replace the functionality provided by the original target," Adam Barnett, lead software engineer at Rapid7, said in a statement. "Typical use cases include data encryption, automated backup, on-the-fly compression, and cloud storage."
"The Cloud Files minifilter is used by OneDrive, Google Drive, iCloud, and others, although as a core Windows component, it would still be present on a system where none of those apps were installed."
It's currently not known how the vulnerability is being abused in the wild and in what context, but successful exploitation requires an attacker to obtain access to a susceptible system through some other means. Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have been credited with discovering and reporting the flaw.
According to Mike Walters, president and co-founder of Action1, a threat actor could gain low-privileged access through methods like phishing, web browser exploits, or another known remote code execution flaw, and then chain it with CVE-
Source: The Hacker News
