{“lastseen”:”2025-12-10T16:11:47″,”description”:”These updates from Microsoft fix serious security issues, including three that attackers are already exploiting to take control of Windows systems. \\n\\nIn total, the security update resolves 57 Microsoft security vulnerabilities. Microsoft isn’t releasing new features for Windows 10 anymore, so Windows 10 users will only see security updates and fixes for bugs introduced by previous security updates.\\n\\n## What\u2019s been fixed\\n\\nMicrosoft releases important security updates on the second Tuesday of every month\u2014known as \u201cPatch Tuesday.\u201d This month\u2019s patches fix critical flaws in Windows 10, Windows 11, Windows Server, Office, and related services.\\n\\nThere are three zero\u2011days: CVE\u20112025\u201162221 is an actively exploited privilege\u2011escalation bug in the Windows Cloud Files Mini Filter Driver. Two are publicly disclosed flaws: CVE-2025-64671, which is a GitHub Copilot for JetBrains remote code execution (RCE) vulnerability, and CVE\u20112025\u201154100, an RCE issue in Windows PowerShell.\\n\\nPowerShell received some extra attention, as from now on users will be warned whenever the Invoke\u2011WebRequest command fetches web pages without safe parameters.\u200b\\n\\nThe warning is to prevent accidental script execution from web content. It highlights the risk that script code embedded in a downloaded page might run during parsing, and recommends using the -UseBasicParsing switch to avoid running any page scripts.\\n\\nThere is no explicit statement from Microsoft tying the new Invoke\u2011WebRequest warning directly to ClickFix, but it clearly addresses the abuse pattern that ClickFix and similar campaigns rely on: tricking users into running web\u2011fetched PowerShell code without understanding what it does.\\n\\n## How to apply fixes and check you\u2019re protected\\n\\nThese updates fix security problems and keep your Windows PC protected. Here\u2019s how to make sure you\u2019re up to date:\\n\\n1\\\\. Open **Settings**\\n\\n * Click the **Start** button (the Windows logo at the bottom left of your screen).\\n * Click on **Settings** (it looks like a little gear).\\n\\n\\n\\n2\\\\. Go to **Windows Update**\\n\\n * In the Settings window, select **Windows Update** (usually at the bottom of the menu on the left).\\n\\n\\n\\n3\\\\. **Check for updates**\\n\\n * Click the button that says **Check for updates**.\\n * Windows will search for the latest Patch Tuesday updates.\\n * If you have selected automatic updates earlier, you may see this under **Update history** :\\n\\n\\n\\n * Or you may see a **Restart required** message, which means all you have to do is restart your system and you\u2019re done updating.\\n * If not, continue with the steps below.\\n\\n\\n\\n4. **Download and Install**\\n\\n * If updates are found, they\u2019ll start downloading right away. Once complete, you\u2019ll see a button that says **Install** or **Restart now**.\\n * Click **Install **if needed and follow any prompts. Your computer will usually need a restart to finish the update. If it does, click **Restart now**.\\n\\n\\n\\n**5\\\\. Double-check you\u2019re up to date**\\n\\n * After restarting, go back to **Windows Update** and check again. If it says **You\u2019re up to date** , you\u2019re all set!\\n\\n\\n\\n* * *\\n\\n**We don\u2019t just report on threats\u2014we remove them**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.”,”published”:”2025-12-10T16:06:14″,”modified”:”2025-12-10T16:06:14″,”type”:”malwarebytes”,”title”:”December Patch Tuesday fixes three zero-days, including one that hijacks Windows devices”,”source”:””,”references”:””,”id”:”MALWAREBYTES:869BC866CBA0AA613D663E98C13DD580″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-54100″,”CVE-2025-62221″,”CVE-2025-64671″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:8.4,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/12\/december-patch-tuesday-fixes-three-zero-days-including-one-that-hijacks-windows-devices”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-10T16:11:47″,”description”:”These updates from Microsoft fix serious security issues, including three that attackers are already exploiting to take control of Windows systems. \\n\\nIn total, the security…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,74,12,15,115,13,7,11,5],"class_list":["post-30018","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-84","tag-exploit","tag-high","tag-malwarebytes","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n