• About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us
AimactGrow
  • Home
  • Technology
  • AI
  • SEO
  • Coding
  • Gaming
  • Cybersecurity
  • Digital marketing
No Result
View All Result
  • Home
  • Technology
  • AI
  • SEO
  • Coding
  • Gaming
  • Cybersecurity
  • Digital marketing
No Result
View All Result
AimactGrow
No Result
View All Result

Microsoft Patch Tuesday, December 2025 Version – Krebs on Safety

Admin by Admin
December 10, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Microsoft as we speak pushed updates to repair at the least 56 safety flaws in its Home windows working programs and supported software program. This closing Patch Tuesday of 2025 tackles one zero-day bug that’s already being exploited, in addition to two publicly disclosed vulnerabilities.

Regardless of releasing a lower-than-normal variety of safety updates these previous few months, Microsoft patched a whopping 1,129 vulnerabilities in 2025, an 11.9% improve from 2024. In keeping with Satnam Narang at Tenable, this 12 months marks the second consecutive 12 months that Microsoft patched over one thousand vulnerabilities, and the third time it has achieved so since its inception.

The zero-day flaw patched as we speak is CVE-2025-62221, a privilege escalation vulnerability affecting Home windows 10 and later editions. The weak spot resides in a element known as the “Home windows Cloud Recordsdata Mini Filter Driver” — a system driver that permits cloud purposes to entry file system functionalities.

“That is notably regarding, because the mini filter is integral to providers like OneDrive, Google Drive, and iCloud, and stays a core Home windows element, even when none of these apps had been put in,” stated Adam Barnett, lead software program engineer at Rapid7.

Solely three of the failings patched as we speak earned Microsoft’s most-dire “vital” ranking: Each CVE-2025-62554 and CVE-2025-62557 contain Microsoft Workplace, and each can exploited merely by viewing a booby-trapped e-mail message within the Preview Pane. One other vital bug — CVE-2025-62562 — includes Microsoft Outlook, though Redmond says the Preview Pane just isn’t an assault vector with this one.

However in line with Microsoft, the vulnerabilities probably to be exploited from this month’s patch batch are different (non-critical) privilege escalation bugs, together with:

–CVE-2025-62458 — Win32k
–CVE-2025-62470 — Home windows Frequent Log File System Driver
–CVE-2025-62472 — Home windows Distant Entry Connection Supervisor
–CVE-2025-59516 — Home windows Storage VSP Driver
–CVE-2025-59517 — Home windows Storage VSP Driver

Kev Breen, senior director of menace analysis at Immersive, stated privilege escalation flaws are noticed in virtually each incident involving host compromises.

“We don’t know why Microsoft has marked these particularly as extra doubtless, however the majority of those elements have traditionally been exploited within the wild or have sufficient technical element on earlier CVEs that it will be simpler for menace actors to weaponize these,” Breen stated. “Both approach, whereas not actively being exploited, these ought to be patched sooner relatively than later.”

One of many extra fascinating vulnerabilities patched this month is CVE-2025-64671, a distant code execution flaw within the Github Copilot Plugin for Jetbrains AI-based coding assistant that’s utilized by Microsoft and GitHub. Breen stated this flaw would permit attackers to execute arbitrary code by tricking the big language mannequin (LLM) into working instructions that bypass the guardrails and add malicious directions within the person’s “auto-approve” settings.

CVE-2025-64671 is a part of a broader, extra systemic safety disaster that safety researcher Ari Marzuk has branded IDEsaster (IDE  stands for “built-in growth atmosphere”), which encompasses greater than 30 separate vulnerabilities reported in practically a dozen market-leading AI coding platforms, together with Cursor, Windsurf, Gemini CLI, and Claude Code.

The opposite publicly-disclosed vulnerability patched as we speak is CVE-2025-54100, a distant code execution bug in Home windows Powershell on Home windows Server 2008 and later that permits an unauthenticated attacker to run code within the safety context of the person.

For anybody in search of a extra granular breakdown of the safety updates Microsoft pushed as we speak, try the roundup on the SANS Web Storm Heart. As at all times, please depart a word within the feedback should you expertise issues making use of any of this month’s Home windows patches.

Tags: DecemberEditionKrebsMicrosoftPatchSecurityTuesday
Admin

Admin

Next Post
Match width textual content in 1 line of CSS

Match width textual content in 1 line of CSS

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

6 Greatest Cloud Electronic mail Safety Platform Decisions: My 2026 Picks

6 Greatest Cloud Electronic mail Safety Platform Decisions: My 2026 Picks

March 5, 2026
Scared by the Measles Outbreaks within the US? The MMR Vaccine Is the Finest Method to Shield Your self

Scared by the Measles Outbreaks within the US? The MMR Vaccine Is the Finest Method to Shield Your self

April 12, 2025

Trending.

Nsfw Chatgpt Options – Examples I’ve Used

Nsfw Chatgpt Options – Examples I’ve Used

October 13, 2025
ModeloRAT and Mistic Backdoor Exercise Linked to Ransomware Preliminary Entry Dealer

ModeloRAT and Mistic Backdoor Exercise Linked to Ransomware Preliminary Entry Dealer

June 24, 2026
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Acquire Root Entry

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Acquire Root Entry

June 25, 2026
Web Information Caps Defined: The right way to Keep away from Overages and Discover Limitless Plans

Web Information Caps Defined: The right way to Keep away from Overages and Discover Limitless Plans

September 23, 2025
Hijacked npm and Go Packages Use VS Code Duties to Deploy Python Infostealer

Hijacked npm and Go Packages Use VS Code Duties to Deploy Python Infostealer

June 29, 2026

AimactGrow

Welcome to AimactGrow, your ultimate source for all things technology! Our mission is to provide insightful, up-to-date content on the latest advancements in technology, coding, gaming, digital marketing, SEO, cybersecurity, and artificial intelligence (AI).

Categories

  • AI
  • Coding
  • Cybersecurity
  • Digital marketing
  • Gaming
  • SEO
  • Technology

Recent News

Meta pulls new AI picture characteristic after days of backlash

Meta pulls new AI picture characteristic after days of backlash

July 11, 2026
Son of Rome Had Plans To Be Xbox’s Murderer’s Creed

Son of Rome Had Plans To Be Xbox’s Murderer’s Creed

July 11, 2026
  • About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us

© 2025 https://blog.aimactgrow.com/ - All Rights Reserved

No Result
View All Result
  • Home
  • Technology
  • AI
  • SEO
  • Coding
  • Gaming
  • Cybersecurity
  • Digital marketing

© 2025 https://blog.aimactgrow.com/ - All Rights Reserved