December Patch Tuesday has arrived! While everyone’s counting down to year-end holidays, we’re counting this month’s fixed vulnerabilities. This Patch Tuesday fixes 57 vulnerabilities, including 3 zero-days out of which 1 is actively exploited.
Register for our free Patch Tuesday webinar and listen to our experts break down Patch Tuesday updates in detail.
Security updates have been released for critical Microsoft products, including:
To view the complete list of affected products, features, and roles, please refer to the MSRC Release Notes
Here’s how this month’s vulnerabilities are distributed:
A privilege escalation flaw in the Windows Cloud Files Mini Filter Driver has been addressed by Microsoft following confirmation of active exploitation. The vulnerability stemmed from a use-after-free condition triggered during improper memory handling within the driver, enabling an authenticated attacker to elevate their privileges to SYSTEM upon successful exploitation. Microsoft credited the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) for identifying the issue but has withheld specific details regarding how attackers were exploiting the flaw in real-world scenarios.
A remote code execution vulnerability affecting GitHub Copilot for JetBrains has been patched by Microsoft following public disclosure. The issue arose from improper neutralization of command input, enabling a command injection scenario in which an attacker could trigger unintended command execution on the local machine. According to Microsoft, the flaw can be exploited through a Cross Prompt Injection delivered via untrusted files or MCP servers. A crafted prompt injection could allow an attacker to append malicious commands to those permitted under the user's terminal auto-approve configuration, leading to unauthorized code execution. Microsoft credited security researcher Ari Marzuk for identifying and reporting the vulnerability as part of his “IDEsaster: A Novel Vulnerability Class in AI IDEs” publication.
This is a remote code execution vulnerability in Windows PowerShell that could cause scripts embedded within a webpage to run when the content is retrieved using Invoke-WebRequest. The flaw, caused by improper neutralization of command elements leading to a command injection scenario, allowed unauthorized code execution during the parsing of web content. To address the issue, Microsoft introduced a new warning prompt that alerts users when Invoke-WebRequest is invoked, recommending the use of the -UseBasicParsing parameter to prevent script execution and reduce risk. Additional technical guidance is available in KB5074596: PowerShell 5.1 – Preventing script execution from web content. Microsoft credited multiple researchers for reporting the vulnerability, including Justin Necke, DeadOverflow, Pēteris Hermanis Osipovs, Anonymous, Melih Kaan Yıldız, and Osman Eren Güneş.
It’s not just Microsoft—other vendors are tightening security this month too:
Takeaway: Even if you’re patched against Microsoft vulnerabilities, don’t forget third-party software—it’s just as critical!
With December’s fixes rolled out, your systems are ready to ring in the new year safely. ManageEngine’s solutions make this process simple. With Endpoint Central, Patch Manager Plus and Vulnerability Manager Plus, you can streamline the entire patch management process— from testing patches to deploying them— effectively mitigating vulnerabilities. You can also tailor patch tasks according to your enterprise needs.
Register now for our free Patch Tuesday webinar to gain more insights about these Patch Tuesday Updates. Our experts will not only offer in-depth analysis about the updates but also provide best practice to manage Patches in your network. You can also ask our experts all your patch-related questions and get live answers in the webinar.