- Microsoft Patch Tuesday fixes 56 vulnerabilities, including an actively exploited zero-day
- Key Bugs: CVE-2025-62221 privilege escalation, Copilot RCE, PowerShell Invoke-WebRequest RCE
- Updates bring Copilot UI tweaks, File Explorer fixes, and PowerShell alerts
Microsoft has released this month’s Patch Tuesday cumulative update that fixes a total of 56 vulnerabilities found across the Windows ecosystem. All of the bugs are marked as least ‘critical’ in severity, and one of them is being actively exploited in the wild as a zero-day.
In the security advisory, which lists all the resolved vulnerabilities (and which can be found at this link), Microsoft said it addressed a use-after-free vulnerability in the Windows Cloud Files Mini Filter Driver that allows threat actors to elevate privileges locally.
This vulnerability, which has reportedly already been exploited in the wild, is now tracked as CVE-2025-62221 and has a severity rating of 7.8/10 (high).
Elevation fixes and UI improvements
Commenting on the news, Kev Breen, Senior Director of Cyber Threat Research at Immersive, suggested it was time for Microsoft to fix it: “This is not the first time we have seen this component actively exploited in recent years, with several other CVEs affecting this component,” he said in a statement shared with TechRadar Pro.
Another notable bug is a remote execution bug in GitHub Copilot for JetBrains. Tracked as CVE-2025-64671 and rated 8.4/10 (high), this flaw allows threat actors to inject malicious commands via Cross Prompt Injects. The proviso is that the exploitation must be triggered locally.
There is also an incorrect command sanitization vulnerability in Invoke-WebRequest that leads to PowerShell remote code execution (RCE). This flaw, tracked as CVE-2025-54100 and given a severity score of 7.8/10 (High), allows an attacker who already has local (or user-level) access to execute arbitrary code with that user’s privileges.
The majority of other vulnerabilities are privilege escalation flaws that affect various Windows components. Microsoft also introduced several bug fixes and feature improvements, such as tweaks to the Copilot user interface, bug fixes in File Explorer, and execution warnings in PowerShell 5.1.
Via Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
