Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: MICROSOFT PATCH TUESDAY DECEMBER 2025 PATCHES 56 VULNERABILITIES (3 CRITICAL, 53 IMPORTANT), PATCH IMMEDIATELY!!
Image
Published : 10/12/2025
* Last update: 10/12/2025
* Affected products:
→ Windows 11 v25H2
→ Windows 11 v24H2
→ Windows 11 v23H2
→ Windows Server 2025, Windows Server 2025 (Server Core installation)
→ Windows Server 2022, 23H2 Edition (Server Core installation)
→ Windows Server 2022, Windows Server 2022 (Server Core installation)
→ Windows Server 2019
→ Windows Server 2016
→ Microsoft Office
→ Microsoft SharePoint
→ Microsoft Exchange Server
→ Microsoft Azure* Type: Several types, ranging from Information Disclosure to Remote Code Execution and Privilege Escalation.
* CVE/CVSS:
Microsoft patched 56 vulnerabilities in its December 2025 Patch Tuesday release, 3 rated as critical, 53 rated important. Including 3 0-day vulnerabilities and 1 vulnerability that is actively exploited.Number of CVE by type:
- 28 Elevation of Privilege vulnerabilities
- 19 Remote Code Execution vulnerabilities
- 4 Information Disclosure vulnerabilities
- 3 Denial of Service vulnerabilities
- 2 Spoofing vulnerability
Sources
Microsoft - https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec
Risks
Microsoft’s December 2025 Patch Tuesday includes 56 vulnerabilities (3 critical and 53 important), for a wide range of Microsoft products, impacting Microsoft Server and Workstations. This Patch Tuesday includes 1 actively exploited vulnerability and 3 0-Days. Some other vulnerabilities are also more likely to be exploited soon, therefore urgent patching is advised.
Description
Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software.
The CCB would like to point your attention to following vulnerabilities:
CVE-2025-62221: Windows Cloud Files Mini Filter Driver (Actively exploited)
Elevation of Privilege Vulnerability.
Microsoft has patched an actively exploited privilege elevation vulnerability in the Windows Cloud Files Mini Filter Driver. It was assigned a CVSSv3 score of 7.8 and rated as important. A local, authenticated attacker could exploit this vulnerability to elevate to SYSTEM privileges. According to Microsoft, this vulnerability was exploited in the wild as a zero-day.
CVE-2025-62454 and CVE-2025-62457: Windows Cloud Files Mini Filter Driver
Elevation of Privilege Vulnerabilities.
Microsoft also patched two additional EoP vulnerabilities in the Windows Cloud Files Mini Filter Driver, CVE-2025-62454 and CVE-2025-62457. Both were assigned the same CVSSv3 score of 7.8 and rated important. However, CVE-2025-62454 was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index while CVE-2025-62457 was assessed as “Exploitation Unlikely.”
CVE-2024-21412 GitHub Copilot for Jetbrains (Zero-Day)
Remote Code Execution Vulnerability.
CVE-2025-64671 is an RCE vulnerability in the GitHub Copilot plugin for JetBrains IDEs, rated 8.4 (Important) and considered as “Exploitation Less Likely.” The flaw arises from a command injection issue that allows an attacker to append unauthorized commands to those automatically approved by the IDE’s terminal. This can be triggered through a malicious Cross Prompt Injection, delivered via untrusted files or a compromised MCP server.
Although the CVSS attack vector is local (AV:L), The word Remote refers to the location of the attacker. The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.
CVE-2025-54100 – PowerShell: (Zero-Day)
Remote Code Execution Vulnerability.
CVE-2025-54100 is an RCE vulnerability in Windows PowerShell, rated 7.8 (Important) and publicly disclosed before a patch was available. The issue results from improper neutralization of special elements in commands, allowing an attacker to achieve local command injection. Although labeled as Remote Code Execution, the “remote” refers to the attacker’s location, while the actual code execution occurs locally on the victim’s machine, typically after the user is tricked into running a malicious file or command.
Microsoft’s fix introduces a new security prompt when using Invoke-WebRequest, warning that web content may trigger script execution and recommending the -UseBasicParsing option for safer behavior.
CVE-2025-62554 and CVE-2025-62557 – Microsoft Office
Remote Code Execution Vulnerabilities.
CVE-2025-62554 and CVE-2025-62557 are critical RCE vulnerabilities in Microsoft Office, each scoring 8.4 (CVSSv3). They can be exploited through malicious Office documents, typically delivered via social engineering. If successful, an attacker can execute arbitrary code with the user’s privileges.
Notably, the Preview Pane itself acts as an attack vector, meaning the victim does not need to open the file for exploitation to occur, simply previewing it is sufficient. Although Microsoft currently assesses these flaws as “Less Likely” to be exploited, the repeated pattern of Preview Pane–based Office vulnerabilities raises concern.
CVE-2025-62562 – Microsoft Outlook
Remote Code Execution Vulnerability.
CVE-2025-62562 is a Remote Code Execution vulnerability in Microsoft Outlook, rated Critical with a 7.8 CVSSv3 score. Unlike recent Office issues, the Preview Pane is not an attack vector. Exploitation requires user interaction: an attacker must send a specially crafted email and convince the victim to reply, which leads to local code execution. The attack vector is classified as local because the code runs on the victim’s machine, while “remote” refers to the attacker initiating the malicious email.
CVE-2025-62458 – Win32k
Elevation of Privilege Vulnerability.
CVE-2025-62458 is an EoP vulnerability affecting Microsoft’s Win32k, a core kernel-side driver used in Windows. This vulnerability received a CVSSv3 score of 7.8, was rated as important and assessed as “Exploitation More Likely.” Successful exploitation of this vulnerability would allow an attacker to gain SYSTEM level privileges on an affected host.
CVE-2025-62470 – Windows Common Log File System Driver
Elevation of Privilege Vulnerability.
CVE-2025-62458 is an EoP vulnerability affecting Windows Common Log File System Driver. This vulnerability received a CVSSv3 score of 7.8, was rated as important and assessed as “Exploitation More Likely.” An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Tenables - https://www.tenable.com/blog/microsofts-december-2025-patch-tuesday-addresses-56-cves-cve-2025-62221
The Register - https://www.theregister.com/2025/12/09/december_2025_patch_tuesday/
CISA - https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Bleeping Computer - https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2025-patch-tuesday-fixes-3-zero-days-57-flaws/
Zero Day Initiative - https://www.zerodayinitiative.com/blog/2025/12/9/the-december-2025-security-update-review