Microsoft’s December Patch Tuesday Update Fixes Three Zero-Days

Microsoft releases its “Patch Tuesday” update on the second Tuesday of each month. This month, that fell on December 9: One week ago today, Microsoft released a Patch Tuesday update with fixes for 57 security vulnerabilities, including, importantly, three patches for zero-days.

According to Bleeping Computer, the vulnerabilities break down as such:

• 28 Elevation of Privilege Vulnerabilities
• 19 Remote Code Execution Vulnerabilities
• 4 Information Disclosure Vulnerabilities
• 3 Denial of Service Vulnerabilities
• 2 Spoofing Vulnerabilities

While all security vulnerabilities are essential to patch as soon as possible, the three zero-days that Microsoft has identified here are the most important. A zero-day vulnerability is one that is either disclosed publicly or actively exploited before a patch is made available. As such, it gives bad actors an advantage, either in discovering an exploit before the patch is ready, or actively using that exploit before the patch rolls out.

One of these zero-days—CVE-2025-62221—is actively exploited. This is a use after free flaw affecting Windows Cloud Files Mini Filter Driver. Bad actors can exploit is to elevate privileges locally. The other two are now publicly disclosed: CVE-2025-64671 affects GitHub Copilot, and could allow bad actors to execute code locally, as does CVE-2025-54100, which affects PowerShell Remote Code Execution Vulnerability.

How to install the latest Patch Tuesday update

If you haven’t updated to the latest version of Windows, it is important you do so ASAP. To update, click Start, and head to Settings > Windows Update, then choose “Check for Windows updates.”