Microsoft fixed 57 vulnerabilities in its December 2025 Patch Tuesday update, according to BleepingComputer's count which excludes Microsoft Edge flaws. Other sources report 56 vulnerabilities. Security researchers discovered a critical Windows flaw that remains unpatched with a working exploit circulating online.
The vulnerability targets Windows Remote Access Connection Manager (RasMan), which manages VPN and remote network connections. Researchers from micropatching service 0patch uncovered the denial-of-service bug while investigating CVE-2025-59230, a privilege escalation vulnerability Microsoft fixed in October.
A working exploit for the RasMan flaw is freely downloadable online and hasn't been detected by any malware engines, according to ACROS Security CEO Mitja Kolsek. The exploit enables unprivileged users to crash the RasMan service through a coding error in circular linked list processing.
Microsoft's December Patch Tuesday addressed 57 vulnerabilities across Windows systems. The update included fixes for three zero-days, with CVE-2025-62221 confirmed as actively exploited in the wild.
CVE-2025-62221 is a privilege escalation bug in the Windows Cloud Files Mini Filter Driver, rated Important with a CVSS score of 7.8. The vulnerability affects Windows 10 Version 1809 through Windows 11 Version 25H2 and Windows Server 2025.
Security experts warn the Cloud Files vulnerability enables attackers to escape browser sandboxes and gain full system control. "The real impact emerges when attackers chain it with other weaknesses," said Action1 president Mike Walters.
Microsoft also patched two publicly disclosed zero-days not yet exploited. CVE-2025-54100 affects PowerShell's web content processing, allowing arbitrary code execution through crafted Invoke-WebRequest commands. CVE-2025-64671 targets GitHub Copilot for JetBrains through cross-prompt injection attacks.
0patch released free micropatches for the RasMan vulnerability through their 0patch Central service. The patches remain free until Microsoft provides an official fix. Kolsek confirmed they alerted Microsoft about the security hole but received no feedback on patching timelines.
The December Patch Tuesday marked Microsoft's final security update of 2025, bringing the year's total to 1,129 patched vulnerabilities according to Tenable's satnam Narang. This represents an 11.9% increase over 2024.
For Windows administrators, the RasMan situation highlights security challenges as third-party researchers sometimes outpace vendor response times. Organizations can implement 0patch's temporary solution alongside immediate installation of December Patch Tuesday updates.
