1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Microsoft issues patches for 56 security flaws - all 'important'

    From TechnologyDaily@1337:1/100 to All on Wednesday, December 10, 2025 19:15:08
    Microsoft issues patches for 56 security flaws - all 'important' severity or above

    Date:
    Wed, 10 Dec 2025 19:10:00 +0000

    Description:
    Most are privilege escalation flaws, and one was exploited in the wild as a zero-day.

    FULL STORY ======================================================================Microsof t Patch Tuesday fixes 56 vulnerabilities, including one actively exploited zero-day Key flaws: CVE-2025-62221 privilege escalation, Copilot RCE, PowerShell Invoke-WebRequest RCE Updates bring Copilot UI tweaks, File Explorer fixes, and PowerShell warnings

    Microsoft has released this months Patch Tuesday cumulative update, fixing a total of 56 vulnerabilities found across the Windows ecosystem. All of the bugs are labeled at least important in severity, and one of them is being actively exploited in the wild as a zero-day.

    In the security advisory, which lists all of the vulnerabilities fixed (and which can be found on this link ) Microsoft said it addressed a
    use-after-free vulnerability in Windows Cloud Files Mini Filter Driver, which allows threat actors to locally elevate privileges.

    This vulnerability, which is allegedly exploited in the wild already, is now tracked as CVE-2025-62221, and has a severity score of 7.8/10 (high).

    Catch the price drop- Get 30% OFF for Enterprise and Business plans

    The Black Friday campaign offers 30% off for Enterprise and Business plans
    for a 1- or 2-year subscription. Its valid until December 10th, 2025. Customers must enter the promo code BLACKB2B-30 at checkout to redeem the offer. View Deal Privilege escalation fixes and UI improvements

    Commenting on the news, Kev Breen, Senior Director of Cyber Threat Research
    at Immersive, hinted it was about time Microsoft fixed it: This isnt the
    first time we have seen this component being actively exploited in recent years, with several other CVEs affecting this component, he said in a statement shared with TechRadar Pro .

    Another notable bug is a remote code execution flaw in GitHub Copilot for JetBrains. Tracked as CVE-2025-64671, and rated 8.4/10 (high), this flaw allows threat actors to inject malicious commands via Cross Prompt Injects. The caveat is that the exploit must be triggered locally.

    There is also an improper command sanitation vulnerability in Invoke-WebRequest, which leads to PowerShell remote code execution (RCE).
    This bug, tracked as CVE-2025-54100, and given a severity score of 7.8/10 (high), allows an attacker who already has local (or user-level) access to execute arbitrary code with that users privileges.

    The majority of other vulnerabilities are privilege escalation flaws
    affecting different Windows components. Microsoft also introduced multiple
    bug fixes and feature improvements, such as tweaks to the Copilot user interface, bug fixes in File Explorer, and execution warnings in PowerShell 5.1.

    Via The Hacker News

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-issues-patches-for-56-securit y-flaws-all-important-severity-or-above


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)