December 2025 Patch Tuesday: One Critical Zero-Day, Two Publicly Disclosed Vulnerabilities Among 57 CVEs

This bulletin summarizes several high-severity vulnerabilities disclosed in Patch Tuesday, including an actively exploited zero-day elevation-of-privilege in the Windows Cloud Files Mini Filter Driver (CVE-2025-62221), public disclosures of remote code execution flaws in GitHub Copilot for JetBrains (CVE-2025-64671) and PowerShell (CVE-2025-54100), and two critical Microsoft Office RCEs (CVE-2025-62554, CVE-2025-62557); CrowdStrike advises prioritizing available patches, using its Patch Tuesday dashboard for exposure visibility, and applying mitigations where patches are not yet available.