If you’ve been putting off updating your laptop or desktop PC, now is a good time to do so as Microsoft just released its December Patch Tuesday which contains fixes for 57 unique flaws including three zero-day vulnerabilities and three critical-severity bugs.
In the total 57 total flaws, 28 are privilege escalation bugs, 19 are remote code execution flaws, four are information disclosures, three are denial of service (DoS) vulnerabilities, and two are spoofing bugs. It’s a very similar list to the November Patch Tuesday which fixed 63 flaws.
Zero Day Flaws
According to Microsoft, a zero-day flaw is one that has been publicly disclosed or actively exploited while no official fix has been deployed. Bleeding Computer reports that the exploited zero-day vulnerability (tracked as CVE-2025-62221) is privilege elevation vulnerability that affects the Windows Cloud Files Mini Filter Driver.
Microsoft says that exploiting the flaw lets attacks gain system privileges, meaning they could gain admin access. The company also says the flaw was discovered by its own Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) teams but did not share how the flaw was exploited.
The other two zero-day flaws (tracked as CVE-2025-64671 and CVE-2025-54100) affect GitHub Copilot and PowerShell Remote Code Execution.
The GitHub flaw could allow attackers to execute commands locally andit appears this flaw can be exploited through Cross Prompt Injections in Microsoft’s Copilot AI.
"Via a malicious Cross Prompt Inject in untrusted files or MCP servers, an attacker could execute additional commands by appending them to commands allowed in the user's terminal auto-approve setting," Microsoft said.
Meanwhile, the PowerShell flaw can be exploited by using scripts in webpages that go live via an Invoke-WebRequest, which isused to parse links, images and HTML elements on a website. With the fix, a warning will be issued when PowerShell uses the Invoke code and appends -UseBasicParsing to prevent malicious code execution.
How to keep your Windows PC safe
New system updates and patches generally fix flaws and security holes for your Windows laptop or desktop computer andit’s best practice to install them as soon as they become available.
You’ll want to ensure you have Microsoft’s built-in Windows Defender antivirus software set to periodically scan your computer for dangerous malware and malicious code. If you’re looking for extra protection, you may want to consider running one of the best antivirus software programs alongsideDefender.
Outside of building your digital fortress, you also want to make sure you’re careful online. Don’t click on links or download attachments from unknown senders as they could contain malware or take you to phishing sites designed to steal your personal information or banking data.
Needless to say, you’ll want to avoid pirating software or media like movies and TV shows since malware could easily be attached to those downloads too.
By practicing good cyber hygiene and regularly updating your computer, you should be safe from most attacks, especially those that utilize known Windows security flaws to get in.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
More from Tom's Guide
- New malware turns trusted banking apps into phone hijacking tools — how to stay safe
- Petco data breach — SSNs, credit card info and drivers' licenses exposed
- FBI says scammers are stealing Instagram photos to fake kidnappings for ransom money — here's how to spot it
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
