InfoSecBulletin Cybersecurity for mankind
Microsoft’s last Patch Tuesday updates of 2025 on December fixed 56 vulnerabilities in Windows, Office, Exchange Server, and more. This update addresses 3 serious security issues: two remote code execution problems that have been made public and one vulnerability that allows attackers to gain elevated permissions.
Several critical issues are prevalent, mainly involving elevation of privilege vulnerabilities in Windows kernel drivers such as Cloud Files Mini Filter Driver and Win32k, as well as remote code execution flaws in RRAS and ReFS. Exploitation likelihood varies, with several marked as “More Likely” or “Detected,” urging immediate patching amid holiday slowdowns.
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
F5 Patches NGINX Flaw for Code Execution and DoS Attacks
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
New Rokarolla Android malware hits 217 banking and crypto apps
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
No moderate or low-severity flaws are highlighted, but the emphasis is on preventing local privilege escalation and remote attacks. Affected products include Windows 10/11/Server, Office apps (Excel, Word, Outlook, Access), Hyper-V, Azure Monitor Agent, PowerShell, and third-party tools such as GitHub Copilot for JetBrains.
Zero-Day Vulnerabilities:
Three notable zero-days include CVE-2025-64671 in GitHub Copilot for JetBrains, which allows command injection for local RCE. While it’s publicly known, exploitation is uncommon. Another is CVE-2025-54100 that similarly affects PowerShell through command injection.
CVE-2025-62221, a critical vulnerability in Windows Cloud Files Driver.
Organizations should focus on testing and launching updates through Windows Update or the Microsoft Update Catalog, particularly for zero days and likely exploits. Extended Security Updates are essential for Windows 10 users after EOL.
Keep an eye on CISA’s Known Exploited Vulnerabilities list for updates, and segment networks to reduce lateral movement from EoP vulnerabilities. With the holidays near, automate patching to address over 1,100 CVEs fixed in 2025.
