Microsoft Patches Three Zero-Days Including Active Cloud Files UAF to SYSTEM and Copilot RCE
Ddos 
Microsoft has closed out the year with a substantial security update, addressing 72 vulnerabilities across its ecosystem in the December 2025 Patch Tuesday release. The update fixes three critical flaws and 55 rated as important, but the spotlight is on three zero-day vulnerabilities—one of which is already under active attack.
The December release covers a wide array of components, including Microsoft Edge (Chromium-based), Windows Hyper-V, Windows Message Queuing, and the Windows Defender Firewall Service.
This month’s release is headlined by three vulnerabilities that were known before a patch was available.
1. Cloud Files Driver (CVE-2025-62221): The most urgent fix targets the Windows Cloud Files Mini Filter Driver. Tracked as CVE-2025-62221, this is a “use-after-free flaw” that allows attackers to gain SYSTEM privileges—the highest level of access on a Windows machine.
The danger is real and present. “CISA acknowledged the vulnerability’s active exploitation by adding it to its Known Exploited Vulnerabilities Catalog and urging users to patch it before December 30, 2025”.
2. GitHub Copilot (CVE-2025-64671): In a sign of the times, AI development tools are now prime targets. Microsoft patched a critical Remote Code Execution (RCE) vulnerability in GitHub Copilot for JetBrains. “A command injection flaw in Copilot may allow an unauthenticated attacker to execute code remotely,” effectively turning the developer’s assistant into a potential saboteur.
3. The PowerShell Injection (CVE-2025-54100): The third zero-day, CVE-2025-54100, affects Windows PowerShell. This command injection flaw allows an unauthorized attacker to run code remotely.
Patching the PowerShell vulnerability comes with a visible change for users. To mitigate the risk of script-based attacks, Microsoft has introduced a new confirmation prompt for the Invoke-WebRequest command.
After the update, users attempting to parse web content will see a “Security Warning: Script Execution Risk”. The prompt explicitly warns: “Script code in the web page might be run when the page is parsed. RECOMMENDED ACTION: Use the -UseBasicParsing switch to avoid script code execution”.
Beyond the zero-days, the update addresses several critical RCE vulnerabilities in Microsoft’s productivity suite:
- Outlook (CVE-2025-62562): A use-after-free bug allowing unauthenticated attackers to execute code.
- Office (CVE-2025-62554 & CVE-2025-62557): Type confusion and use-after-free flaws that expose users to remote attacks.
Donate