Microsoft is closing out the year with a whisper rather than a bang. December’s Patch Tuesday still delivers fixes for 57 vulnerabilities however, including two zero day issues that are already being actively exploited in the wild.
Before we get stuck into the details, I want to take a moment to say a genuine thank you on behalf of the entire RoboShadow team. Your support throughout the year has meant the world to us. Whether you have offered product feedback, shared our posts, or recommended us on Reddit, we have been truly humbled this year by our community.
You can find a full list of security updates for December here.
Key Updates
- 57 Vulnerabilities patched
- 2 publicly disclosed zero-day vulnerabilities
- 3 critical vulnerabilities
What is a Zero-Day vulnerability?
A zero day vulnerability is basically a security hole that the software vendor doesn’t know about yet, so there are zero days of warning and no official patch available when attackers start using it.
-1.png?width=542&height=341&name=website-graphics--(2)-1.png)
Vulnerability Types Released in December 2025:
Zero Day Vulnerabilities
CVE-2025-64671 – GitHub Copilot for JetBrains Remote Code Execution Vulnerability
- CVSS Score: 8.4 (High)
- Description: A command-injection flaw in the GitHub Copilot plugin for JetBrains IDEs allows malicious input from untrusted files or prompts to trigger arbitrary command execution.
- Impact: An attacker could execute code on a developer machine or build environment, potentially exposing source code, credentials, or enabling supply-chain compromise.
- Remediation: Update the affected plugin to the patched version and review any automated execution or “auto-approve” settings to ensure commands require user confirmation.
CVE-2025-54100 – PowerShell Remote Code Execution Vulnerability
-
CVSS Score: 7.8 (High)
-
Description: A command-injection issue in Windows PowerShell may allow crafted scripts or malicious content to run arbitrary code.
-
Impact: Attackers could execute code if a user runs a malicious script, risking data theft or broader compromise.
-
Remediation: Apply the latest security update and ensure PowerShell prompts before running potentially dangerous commands.
CVE-2025-62221 – Windows Cloud Files Mini Filter Driver Elevation of Privilege
-
CVSS Score: 7.8 (High)
-
Description: A memory-handling flaw in the Cloud Files Mini Filter Driver could allow a low-privilege local user to escalate privileges.
-
Impact: An attacker with basic access could gain SYSTEM privileges, enabling persistence, lateral movement, and full system control.
-
Remediation: Install the security update promptly to prevent privilege escalation if an attacker has already gained a foothold.
Critical Vulnerability Summary
Here are some of the critical CVEs that have been remediated this month, and should be patched as soon as possible:
| CVE ID | CVSS | Description Summary |
|---|---|---|
| CVE-2025-62562 | 7.8 | A remote-code-execution vulnerability in Microsoft Outlook that could allow attackers to run arbitrary code via a malicious document or message. |
| CVE-2025-62557 | 8.4 | A critical remote-code-execution bug in Microsoft Office enabling arbitrary code execution if a malicious file is opened. |
| CVE-2025-62554 | 8.4 | Another critical RCE flaw in Microsoft Office that lets attackers execute arbitrary code through crafted documents. |
Actions to Take:
With two zero days actively exploited and several high-severity issues in the mix, December isn’t one to quietly skip until January. Here are the key steps worth prioritising right now:
- Patch high-risk systems immediately
Developer machines, CI platforms, and servers that run PowerShell or JetBrains tools should be patched first, especially if they handle sensitive code or automation. - Update GitHub Copilot for JetBrains
Apply the latest plugin update and disable any automated execution or “auto-approve” settings until you’ve confirmed the patch is in place. - Ensure PowerShell update is applied
Once patched, PowerShell will require confirmation before running certain commands. This reduces the risk of malicious scripts executing silently. - Treat privilege escalation as critical
The Windows Cloud Files Mini Filter issue can lead to SYSTEM-level access. Apply the driver update as part of your normal patch cycle and reboot where required. - Review execution policies and scripting controls
If you rely on automated scripts or developer tooling, tightening execution controls (even temporarily) will reduce exposure while these issues are still active in the wild.
Final Thought:
December’s Patch Tuesday might end the year with a quieter update than normal, but it certainly keeps defenders on their toes. Two actively exploited zero days remind us that attackers are still targeting developers, automation tools, and privilege pathways even during the holiday slowdown.
With 2026 just around the corner, this is a good moment to double check patch coverage, prioritise high risk endpoints, and keep an eye on visibility across cloud and developer environments. A consistent patching rhythm and good insight into exposure (we can help with that at RoboShadow!) will make heading into the new year feel far more in control.
If you have any questions about Patch Tuesday, or feedback on this blog please
reach out to us: hello@roboshadow.com
Thanks for reading!
With a decade of experience in operations, compliance, and security operations at a leading MSP, Liz is now dedicated to the field of cybersecurity, where she supports RoboShadow in its mission to make cybersecurity accessible to everyone.
