- Microsoft Patch Tuesday fixes 56 vulnerabilities, including one actively exploited zero-day
- Key Flaws: Privilege Escalation CVE-2025-62221, Copilot RCE, PowerShell Invoke-WebRequest RCE
- Updates Bring Copilot UI Tweaks, File Explorer Fixes, and PowerShell Warnings
Microsoft released this month’s Patch Tuesday cumulative update, fixing a total of 56 vulnerabilities found in the Windows ecosystem. All of the bugs are labeled as at least “major” in severity, and one of them is being actively exploited in the wild as a zero-day.
In the security advisory, which lists all the vulnerabilities fixed (and which can be found at this link), Microsoft said it addressed a use-after-free vulnerability in the Windows Cloud Files Mini Filter driver, which allows threat actors to elevate privileges locally.
This vulnerability, which is reportedly already exploited in the wild, is now tracked as CVE-2025-62221 and has a severity score of 7.8/10 (High).
Privilege escalation fixes and UI improvements
Commenting on the news, Kev Breen, senior director of cyber threat research at Immersive, hinted that it was about time Microsoft fixed it: “This is not the first time we have seen this component being actively exploited in recent years, with several other CVEs affecting this component,” he said in a statement shared with TechRadar Pro.
Another notable bug is a remote code execution bug in GitHub Copilot for JetBrains. Registered as CVE-2025-64671 and rated 8.4/10 (High), this flaw allows threat actors to inject malicious commands via Cross Prompt Injects. The caveat is that the exploit must be activated locally.
There is also an improper command sanitization vulnerability in Invoke-WebRequest, which leads to PowerShell remote code execution (RCE). This bug, identified as CVE-2025-54100 and with a severity score of 7.8/10 (High), allows an attacker who already has local (or user-level) access to execute arbitrary code with that user’s privileges.
Most of the other vulnerabilities are privilege escalation flaws that affect different Windows components. Microsoft also introduced multiple bug fixes and feature improvements, such as Copilot UI tweaks, File Explorer bug fixes, and runtime warnings in PowerShell 5.1.
Through Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
