Microsoft<\/strong> today pushed updates to fix at least 56 security flaws in its Windows<\/strong> operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities.<\/p>\n Despite releasing a lower-than-normal number of security updates these past few months, Microsoft patched a whopping 1,129 vulnerabilities in 2025, an 11.9% increase from 2024. According to Satnam Narang<\/strong> at Tenable<\/strong>, this year marks the second consecutive year that Microsoft patched over one thousand vulnerabilities, and the third time it has done so since its inception.<\/p>\n The zero-day flaw patched today is CVE-2025-62221<\/a>, a privilege escalation vulnerability affecting Windows 10<\/strong> and later editions. The weakness resides in a component called the \u201cWindows Cloud Files Mini Filter Driver<\/strong>\u201d \u2014 a system driver that enables cloud applications to access file system functionalities.<\/p>\n \u201cThis is particularly concerning, as the mini filter is integral to services like OneDrive, Google Drive, and iCloud, and remains a core Windows component, even if none of those apps were installed,\u201d said Adam Barnett<\/strong>, lead software engineer at Rapid7<\/strong>.<\/p>\n Only three of the flaws patched today earned Microsoft\u2019s most-dire \u201ccritical\u201d rating: Both CVE-2025-62554<\/a> and CVE-2025-62557<\/a> involve Microsoft Office<\/strong>, and both can exploited merely by viewing a booby-trapped email message in the Preview Pane. Another critical bug \u2014 CVE-2025-62562<\/a> \u2014 involves Microsoft Outlook<\/strong>, although Redmond says the Preview Pane is not an attack vector with this one.<\/span><\/p>\n But according to Microsoft, the vulnerabilities most likely to be exploited from this month\u2019s patch batch are other (non-critical) privilege escalation bugs, including:<\/p>\n \u2013CVE-2025-62458<\/a> \u2014 Win32k Kev Breen<\/strong>, senior director of threat research at Immersive<\/strong>, said privilege escalation flaws are observed in almost every incident involving host compromises.<\/p>\n \u201cWe don\u2019t know why Microsoft has marked these specifically as more likely, but the majority of these components have historically been exploited in the wild or have enough technical detail on previous CVEs that it would be easier for threat actors to weaponize these,\u201d Breen said. \u201cEither way, while not actively being exploited, these should be patched sooner rather than later.\u201d<\/p>\n One of the more interesting vulnerabilities patched this month is CVE-2025-64671<\/a>, a remote code execution flaw in the Github Copilot Plugin for Jetbrains<\/strong>\u00a0AI-based coding assistant that is used by Microsoft and GitHub. Breen said this flaw would allow attackers to execute arbitrary code by tricking the large language model (LLM) into running commands that bypass the guardrails and add malicious instructions in the user\u2019s \u201cauto-approve\u201d settings.<\/p>\n CVE-2025-64671 is part of a broader, more systemic security crisis that security researcher Ari Marzuk<\/strong> has branded IDEsaster<\/a> (IDE\u00a0 stands for \u201cintegrated development environment\u201d), which encompasses more than 30 separate vulnerabilities reported in nearly a dozen market-leading AI coding platforms, including Cursor<\/strong>, Windsurf<\/strong>, Gemini CLI<\/strong>, and Claude Code<\/strong>.<\/p>\n The other publicly-disclosed vulnerability patched today is CVE-2025-54100<\/a>, a remote code execution bug in Windows Powershell<\/strong> on Windows Server 2008 and later that allows an unauthenticated attacker to run code in the security context of the user.<\/p>\n For anyone seeking a more granular breakdown of the security updates Microsoft pushed today, check out the roundup at the SANS Internet Storm Center<\/a>. As always, please leave a note in the comments if you experience problems applying any of this month\u2019s Windows patches.<\/p>\n<\/div>\n![\"\"](\"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2022\/07\/winupdatedate.png?resize=749%2C496&ssl=1\")
<\/p>\n
\n\u2013CVE-2025-62470<\/a> \u2014 Windows Common Log File System Driver
\n\u2013CVE-2025-62472<\/a> \u2014 Windows Remote Access Connection Manager
\n\u2013CVE-2025-59516<\/a> \u2014 Windows Storage VSP Driver
\n\u2013CVE-2025-59517<\/a> \u2014 Windows Storage VSP Driver<\/p>\n