Microsoft issues patches for 56 security flaws - all 'important' severity or above

Är du ute efter bästa VPN för Windows 10 och Windwos 11? Här är våra favoriter just nu. (Image credit: Shutterstock)

Microsoft Patch Tuesday fixes 56 vulnerabilities, including one actively exploited zero-day
Key flaws: CVE-2025-62221 privilege escalation, Copilot RCE, PowerShell Invoke-WebRequest RCE
Updates bring Copilot UI tweaks, File Explorer fixes, and PowerShell warnings

Microsoft has released this month’s Patch Tuesday cumulative update, fixing a total of 56 vulnerabilities found across the Windows ecosystem. All of the bugs are labeled at least ‘important’ in severity, and one of them is being actively exploited in the wild as a zero-day.

In the security advisory, which lists all of the vulnerabilities fixed (and which can be found on this link) Microsoft said it addressed a use-after-free vulnerability in Windows Cloud Files Mini Filter Driver, which allows threat actors to locally elevate privileges.

This vulnerability, which is allegedly exploited in the wild already, is now tracked as CVE-2025-62221, and has a severity score of 7.8/10 (high).

Privilege escalation fixes and UI improvements

Commenting on the news, Kev Breen, Senior Director of Cyber Threat Research at Immersive, hinted it was about time Microsoft fixed it: “This isn’t the first time we have seen this component being actively exploited in recent years, with several other CVEs affecting this component,” he said in a statement shared with TechRadar Pro.

Another notable bug is a remote code execution flaw in GitHub Copilot for JetBrains. Tracked as CVE-2025-64671, and rated 8.4/10 (high), this flaw allows threat actors to inject malicious commands via Cross Prompt Injects. The caveat is that the exploit must be triggered locally.

There is also an improper command sanitation vulnerability in Invoke-WebRequest, which leads to PowerShell remote code execution (RCE). This bug, tracked as CVE-2025-54100, and given a severity score of 7.8/10 (high), allows an attacker who already has local (or user-level) access to execute arbitrary code with that user’s privileges.

The majority of other vulnerabilities are privilege escalation flaws affecting different Windows components. Microsoft also introduced multiple bug fixes and feature improvements, such as tweaks to the Copilot user interface, bug fixes in File Explorer, and execution warnings in PowerShell 5.1.

Via The Hacker News

The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.