Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday

Steven

Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday

Summary

Microsoft’s December Patch Tuesday includes a 7.8-rated Windows Cloud Files Mini Filter Driver vulnerability (CVE-2025-62221) that has been exploited as a zero-day and allows local privilege escalation if an attacker already has code execution. Redmond also lists two publicly known flaws (a PowerShell RCE CVE-2025-54100 and an 8.4-rated GitHub Copilot for JetBrains RCE CVE-2025-64671). In total Microsoft released fixes for 57 CVEs this month.

Outside Microsoft, critical fixes were issued for Notepad++ (v8.8.9) after attacks hijacked its updater, Fortinet patched two 9.1-rated SAML/FortiCloud SSO bypasses affecting several products, and Ivanti released a patch for a 9.6-rated unauthenticated stored XSS in Endpoint Manager that can give attackers administrator session control. Admins should prioritise the exploited and high-severity fixes immediately.

Key Points

  • Microsoft shipped 57 CVEs in December, including one exploited zero-day: CVE-2025-62221 (Windows Cloud Files Mini Filter Driver, CVSS 7.8) for local privilege escalation.
  • Two Microsoft bugs are publicly known: CVE-2025-54100 (PowerShell RCE, 7.8) and CVE-2025-64671 (GitHub Copilot for JetBrains, 8.4) — the latter could be triggered via social engineering.
  • Notepad++ released v8.8.9 to fix a critical updater validation flaw used to redirect users to malicious downloads; researchers reported attacks linked to actors in China.
  • Fortinet patched CVE-2025-59718 and CVE-2025-59719 (CVSS 9.1) that can bypass FortiCloud SSO via crafted SAML messages; disable FortiCloud SSO until devices are updated if you’re using that feature.
  • Ivanti EPM fixed CVE-2025-10573 (CVSS 9.6), an unauthenticated stored XSS that can let attackers hijack admin sessions and add fake endpoints; patch quickly as exploitation is likely to follow disclosure.
  • Privilege escalation bugs like CVE-2025-62221 are commonly abused post-compromise; patching reduces attackers’ ability to take full system control.
  • Vendors and researchers warn that public disclosures and proofs-in-the-wild increase the chance of rapid scanning and exploitation — patch and mitigate exposed services promptly.

Context and relevance

This Patch Tuesday is notable because it includes an actually exploited Microsoft zero-day and several high-scoring flaws in widely used infrastructure and admin tools. Ivanti and Fortinet issues affect management and security appliances — the kind of products that, if compromised, can lead to broad network exposure. Notepad++’s updater hijack shows supply-chain/update mechanisms remain a high-risk vector.

For security teams and sysadmins, the takeaways are straightforward: prioritise the exploited Microsoft fix, schedule immediate updates for exposed Fortinet and Ivanti systems, and ensure client applications like Notepad++ are updated to avoid supply-chain-style compromises.

Why should I read this?

Short version: patch now. This roundup flags a live Microsoft zero-day plus a stack of very nasty criticals in endpoint and network kit — things that let attackers escalate privileges, bypass logins, or seize admin sessions. If you manage endpoints, gateways or update services, reading this saves you from being the next “we were compromised because we didn’t patch” story.

Author style

Punchy — this isn’t mere housekeeping. With exploited holes and 9.x-rated flaws in core management gear, the article highlights fixes you should treat as urgent rather than optional. Read the details, act on the patches.

Source

Source: https://go.theregister.com/feed/www.theregister.com/2025/12/09/december_2025_patch_tuesday/