Microsoft has launched pressing safety updates to deal with a zero-day vulnerability within the Home windows Cloud Recordsdata Mini Filter Driver (cldflt.sys) that’s at the moment being exploited within the wild.
Assigned the identifier CVE-2025-62221, this elevation of privilege flaw impacts a variety of Home windows working techniques, from Home windows 10 Model 1809 to the most recent Home windows 11 Model 25H2 and Home windows Server 2025.
The vulnerability has been rated Necessary with a CVSS v3.1 base rating of seven.8, and Microsoft’s advisory confirms that attackers are utilizing purposeful exploit code to achieve SYSTEM privileges on compromised machines.
The vulnerability is described as a Use-After-Free weak point throughout the Cloud Recordsdata Mini Filter Driver, a kernel element answerable for managing “placeholders” and synchronization for cloud storage providers like OneDrive.
This driver permits the working system to deal with cloud-stored recordsdata as native entries with out downloading their full content material, hydrating them solely on entry.
The flaw permits a domestically authenticated, low-privilege attacker to set off a memory-corruption state, subsequently permitting them to execute arbitrary code with the very best system privileges.
Microsoft Risk Intelligence Heart (MSTIC) and the Microsoft Safety Response Heart (MSRC) acknowledged the invention, noting that whereas the assault complexity is low and requires no person interplay, the attacker should have established native entry to the goal machine.
Not like distant code execution flaws, this vulnerability is probably going being utilized as a secondary stage in assault chains, the place adversaries have already gained a foothold and search to escalate their privileges to persist or disable safety controls.
Affected Variations and Safety Updates
The next desk outlines the affected Home windows variations and the corresponding Information Base (KB) articles launched on December 9, 2025. Directors ought to prioritize patching these techniques instantly, given the confirmed lively exploitation standing.
Product FamilyVersion / EditionKB Article (Safety Replace)Construct NumberWindows 11 & Server 2025Version 25H2 (x64/ARM64)KB5072033 / KB507201410.0.26200.7462Version 24H2 (x64/ARM64)KB5072033 / KB507201410.0.26100.7462Version 23H2 (x64/ARM64)KB507141710.0.22631.6345Server 2025 (Core)KB507203310.0.26100.7462Windows 10Version 22H2 (x64/ARM64/32-bit)KB507154610.0.19045.6691Version 21H2 (x64/ARM64/32-bit)KB507154610.0.19044.6691Version 1809 (x64/32-bit)KB507154410.0.17763.8146Windows ServerServer 2022 (Commonplace & Core)KB5071547 / KB507141310.0.20348.4529Server 2022, 23H2 EditionKB507154210.0.25398.2025Server 2019 (Commonplace & Core)KB507154410.0.17763.8146
This zero-day vulnerability presents a major threat to organizations counting on Home windows infrastructure, notably given the confirmed exploitation within the wild.
The “Official Repair” remediation degree signifies that customary safety updates are adequate to resolve the problem, and no short-term workarounds have been printed.
Safety groups ought to confirm that the particular construct numbers listed above are mirrored on their endpoints after the replace deployment to make sure profitable mitigation.
The absence of required person interplay makes this a horny vector for automated malware and superior persistent threats (APTs) working inside a community.
Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.
