Microsoft released its December 2025 Patch Tuesday updates, addressing 57 security vulnerabilities across Windows, Office, and other products. One zero-day flaw (CVE-2025-62221) is being actively exploited in the wild, allowing attackers to escalate privileges.
CVE-2025-62221 is a use-after-free elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver (CVSS score: 7.8). It affects Windows 10 and later versions, enabling authenticated local attackers to gain SYSTEM-level privileges.
CVE-2025-62221 is an Important elevation of privilege vulnerability affecting Windows Cloud Files Mini Filter Driver and has a CVSS score of 7.8. This vulnerability allows authenticated local attackers with low privileges to elevate their privileges to SYSTEM level… There is evidence of active exploitation in the wild.
CrowdStrike
Read the full Microsoft release here:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec