Microsoft Ends 2025 With Major Security Update Fixing 56 Flaws, Including Actively Exploited Bug

Microsoft has released its final security update of 2025, patching 56 vulnerabilities across Windows and related products. The update includes one flaw actively exploited in real-world attacks, allowing attackers to gain SYSTEM-level privileges, as well as two zero-day vulnerabilities.

Of the 56 addressed issues, three are rated Critical and the remainder Important. The vulnerabilities span multiple attack classes, including:

• 29 privilege escalation flaws

• 18 remote code execution bugs

• several information disclosure, denial-of-service, and spoofing issues

The most severe issue, CVE-2025-62221, is a use-after-free vulnerability in the Windows Cloud Files Mini Filter Driver. It enables a locally authenticated attacker to elevate privileges to SYSTEM level. The affected component is used by cloud storage services such as OneDrive, Google Drive, and iCloud, and is present in Windows even if those applications are not installed.

Due to confirmed in-the-wild exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to apply the patch by the end of December 2025.

Microsoft also fixed two additional zero-day vulnerabilities:

• CVE-2025-54100, a command injection flaw in Windows PowerShell

• CVE-2025-64671, a command execution vulnerability in GitHub Copilot for JetBrains

The latter is part of a broader class of attacks targeting AI-powered development tools, where prompt injection techniques can coerce embedded AI agents into executing malicious commands.

In total, Microsoft patched 1,275 CVEs in 2025, marking the second consecutive year with more than 1,000 fixes. This reflects both the increasing complexity of modern operating systems and the continued pressure from attackers seeking new exploitation paths.

Security researchers have also highlighted AI-assisted IDEs as an emerging attack surface, as the integration of large language models introduces risks not fully addressed by traditional security models.

The final Patch Tuesday of 2025 shows that modern attacks increasingly rely on chained techniques, combining initial access with local privilege escalation. Timely patching and stricter controls over AI-enabled development tools are now essential components of organizational cybersecurity strategies.