Microsoft Ends 2025 with 56 Security Fixes, Including Actively Exploited Flaw

Microsoft closed out 2025 by releasing patches for 56 security vulnerabilities across its Windows platform, including one flaw already being exploited in the wild. Of the total, three were rated Critical and 53 Important, with two publicly known at the time of disclosure.

The flaws span multiple categories: 29 privilege escalation, 18 remote code execution, four information disclosure, three denial‑of‑service, and two spoofing vulnerabilities. The company also patched 17 issues in its Edge browser since November, including a spoofing bug in Edge for iOS.

In all, Microsoft addressed 1,275 CVEs in 2025, according to Fortra. Security researcher Satnam Narang of Tenable noted this marks the second consecutive year the company has patched more than 1,000 CVEs, and only the third time since Patch Tuesday began.

The most serious case is CVE‑2025‑62221, a use‑after‑free flaw in the Windows Cloud Files Mini Filter Driver. Exploitation could allow attackers to elevate privileges to SYSTEM level. The driver is widely used in OneDrive, Google Drive, and iCloud, though it remains a core Windows component even without those apps installed.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE‑2025‑62221 to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by December 30. Experts warn attackers could chain the flaw with phishing or browser exploits to gain persistence and potentially compromise entire domains.

Two additional zero‑days were disclosed: CVE‑2025‑54100, a PowerShell command injection bug, and CVE‑2025‑64671, a vulnerability in GitHub Copilot for JetBrains linked to the broader “IDEsaster” class of IDE flaws. Researchers caution that these issues highlight growing risks from AI‑enabled development tools, where prompt injection attacks can bypass safeguards and trigger unauthorized code execution.