Windows Cloud Files Mini Filter Driver privilege escalation flaw (CVE-2025-62221)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-62221 is an already exploited privilege-escalation flaw in the Windows Cloud Files Mini Filter Driver that affects Windows 10 and later editions. Microsoft patched the zero-day in its final December 2025 Patch Tuesday release. The bug matters because it can be abused to raise privileges on vulnerable Windows systems.
Related Happenings
Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)
Advisory/Mitigation
First: 20.05.2026 10:31
Last: 20.05.2026 10:31
Sources 1
About this happening:
Microsoft issued **mitigation guidance** for **YellowKey**, a **Windows BitLocker zero-day** that can expose **BitLocker-protected drives** before the security update is available...
Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)
Advisory/MitigationAbout this happening: Microsoft issued **mitigation guidance** for **YellowKey**, a **Windows BitLocker zero-day** that can expose **BitLocker-protected drives** before the security update is available...
Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw
Vulnerability
First: 18.05.2026 07:59
Last: 18.05.2026 07:59
Sources 1
About this happening:
**MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...
Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw
VulnerabilityAbout this happening: **MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...
CISA KEV order for BlueHammer patching
Public Sector Action
First: 23.04.2026 14:05
Last: 23.04.2026 14:05
Sources 1
About this happening:
**CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding the flaw to the **KEV Cat...
CISA KEV order for BlueHammer patching
Public Sector ActionAbout this happening: **CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding the flaw to the **KEV Cat...
CISA orders FCEB remediation for CVE-2025-60710
Public Sector Action
First: 15.04.2026 17:51
Last: 15.04.2026 17:51
Sources 1
About this happening:
CISA added **CVE-2025-60710** to its **actively exploited** catalog and gave **FCEB agencies** **two weeks** to secure systems under **BOD 22-01**. The move targets a **Windows Ta...
CISA orders FCEB remediation for CVE-2025-60710
Public Sector ActionAbout this happening: CISA added **CVE-2025-60710** to its **actively exploited** catalog and gave **FCEB agencies** **two weeks** to secure systems under **BOD 22-01**. The move targets a **Windows Ta...
Microsoft Windows 11 KB5079391 rollout disruption
Service Disruption
First: 01.04.2026 08:33
Last: 01.04.2026 08:33
Sources 1
About this happening:
The **Microsoft** rollout of **KB5079391** for **Windows 11 24H2 and 25H2** was halted after installation failures left some devices unable to install the update cleanly. Users re...
Microsoft Windows 11 KB5079391 rollout disruption
Service DisruptionAbout this happening: The **Microsoft** rollout of **KB5079391** for **Windows 11 24H2 and 25H2** was halted after installation failures left some devices unable to install the update cleanly. Users re...
Timeline
-
10.12.2025 01:18 2 articles · 5mo ago
Microsoft patches CVE-2025-62221 in December 2025
Initial DisclosureMicrosoft released December 2025 security updates to fix CVE-2025-62221, an already exploited privilege escalation vulnerability in the Windows Cloud Files Mini Filter Driver affecting Windows 10 and later editions. The flaw resides in a core Windows component used by cloud applications, and Microsoft said the final Patch Tuesday of 2025 addressed at least 56 security flaws across Windows operating systems and supported software.
Show sources
- Microsoft Patch Tuesday, December 2025 Edition — krebsonsecurity.com — 10.12.2025 01:18
- Microsoft Patch Tuesday, December 2025 Edition — krebsonsecurity.com — 10.12.2025 01:18