{"id":59818,"date":"2025-12-09T23:42:11","date_gmt":"2025-12-09T23:42:11","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/"},"modified":"2025-12-09T23:42:11","modified_gmt":"2025-12-09T23:42:11","slug":"microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/","title":{"rendered":"Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday"},"content":{"rendered":"<p>Happy December Patch Tuesday to all who celebrate. This month&#8217;s patch party includes one Microsoft flaw under exploitation, plus two others listed as publicly known \u2013 but just 57 CVEs in total from Redmond.<\/p>\n<p>There&#8217;s also a fix for a critical Notepad++ bug that, according to security sleuth Kevin Beaumont, is being abused by attackers in China.<\/p>\n<p>Plus, software security vendors Ivanti and Fortinet both issued patches for critical security holes in their products, so those two should be high on sys-admins&#8217; and security teams&#8217; list of things to do today.<\/p>\n<h3 class=\"crosshead\">Microsoft patches<\/h3>\n<p>Let\u2019s start our look at Microsoft&#8217;s relatively quiet final patch-a-thon for 2025 by considering <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-62221\">CVE-2025-62221<\/a>, a 7.8-CVSS-rated Windows Cloud Files Mini Filter Driver vulnerability that allows an authorized attacker to elevate privileges locally.<\/p>\n<p>This one was exploited as a zero-day, according to Redmond, and while we don&#8217;t yet know who is abusing this security hole, &#8220;privilege escalation vulnerabilities are observed in almost every incident involving host compromises, making this a critical vulnerability to patch to limit an attacker&#8217;s capabilities,&#8221; Kev Breen, senior director of cyber threat research at Immersive, told <em>The Register<\/em>.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,dmpu,\" data-sm=\",fluid,mpu,dmpu,\" data-md=\",fluid,mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>To exploit this bug, an attacker must already have code execution rights on the targeted system, but assuming they&#8217;ve already achieved this, they can then abuse CVE-2025-62221 to escalate privileges and gain system-level access. So prioritize patching this one first.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>The two Redmond vulnerabilities listed as publicly known but not (yet) exploited are <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-54100\">CVE-2025-54100<\/a>, a PowerShell Remote Code Execution (RCE) flaw that earned a 7.8 CVSS rating, and <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-64671\">CVE-2025-64671<\/a>, an 8.4-severity GitHub Copilot for Jetbrains bug that can lead to RCE.<\/p>\n<p>CVE-2025-64671 is listed as a local, but as Trend Micro&#8217;s Zero Day Initiative chief bug hunter Dustin Childs, <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.zerodayinitiative.com\/blog\/2025\/12\/9\/the-december-2025-security-update-review\">noted<\/a>: &#8220;It&#8217;s likely that a remote attacker could socially engineer someone to trigger the command injection.\u201d<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,dmpu,\" data-sm=\",fluid,mpu,dmpu,\" data-md=\",fluid,mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;By exploiting a malicious cross-prompt injection in untrusted files or Model Context Protocol (MCP) servers, an attacker could piggyback extra commands onto those permitted by the user&#8217;s terminal auto-approve settings, causing them to be executed without further confirmation,&#8221; Childs continued. &#8220;I expect we&#8217;ll see many more bugs like these in 2026.&#8221;<\/p>\n<p>Details about all 57 CVEs are available <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2025-Dec\">here<\/a><\/p>\n<p> <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2025-Dec\">.<\/a>\n<\/p>\n<h3 class=\"crosshead\"> <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2025-Dec\">Notepad++ under attack<\/a><br \/>\n<\/h3>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2025-Dec\">Also on Tuesday, Notepad++<\/a> <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/community.notepad-plus-plus.org\/topic\/27298\/notepad-v8-8-9-vulnerability-fix\">released v8.8.9<\/a>, which fixes a critical flaw in the open-source text and source code editor for Windows. This bug was being abused to hijack traffic from WinGUp (the Notepad++ updater), redirect it to malicious servers, and then trick people into downloading malware, thinking they&#8217;re downloading the latest software release.<\/p>\n<p>The fix followed security researchers&#8217; reports (including <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/doublepulsar.com\/small-numbers-of-notepad-users-reporting-security-woes-371d7a3fd2d9\">this one<\/a> from Beaumont) about hijacking incidents, and in a social media post on Tuesday Beaumont said <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/bsky.app\/profile\/doublepulsar.com\/post\/3m7li7hqvks26\">attackers from China<\/a> were poking holes in the flaw.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>According to the project&#8217;s maintainer, Don Ho, the <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/notepad-plus-plus.org\/news\/v889-released\/\">review of these reports<\/a> &#8220;led to identification of a weakness in the way the updater validates the integrity and authenticity of the downloaded update file. In case an attacker is able to intercept the network traffic between the updater client and the Notepad++ update infrastructure, this weakness can be leveraged by an attacker to prompt the updater to download and executed an unwanted binary (instead of the legitimate Notepad++ update binary).&#8221;<\/p>\n<p>Updating to v8.8.9 mitigates the issue.<\/p>\n<h3 class=\"crosshead\">Fortinet&#8217;s critical fix<\/h3>\n<p>In other Patch Tuesday news, Fortinet fixed two critical vulnerabilities in its products. The flaws, tracked as <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-25-647\">CVE-2025-59718 and CVE-2025-59719<\/a>, earned a critical 9.1 CVSS rating and affect FortiOS, FortiWeb, FortiProxy and FortiSwitchManager.<\/p>\n<p>They allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication using a crafted SAML message \u2013 but only if that login method is enabled on the device.<\/p>\n<p>&#8220;Please note that the FortiCloud SSO login feature is not enabled in default factory settings. However, when an administrator registers the device to FortiCare from the device&#8217;s GUI, unless the administrator disables the toggle switch &#8216;Allow administrative login using FortiCloud SSO&#8217; in the registration page, FortiCloud SSO login is enabled upon registration,&#8221; according to the vendor.<\/p>\n<p>If you don&#8217;t want to fall victim to attackers exploiting these flaws, turn off the FortiCloud login feature until you&#8217;ve upgraded to a non-affected version.<\/p>\n<p>These two critical bugs follow last month&#8217;s disclosures of <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2025\/11\/19\/fortinet_confirms_second_fortiweb_0day\/\">two bugs<\/a> exploited as <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2025\/11\/14\/fortinet_active_exploit_cve_2025_64446\/\">zero-days<\/a> in Fortinet&#8217;s FortiWeb web application firewall.<\/p>\n<h3 class=\"crosshead\">Everyone loves exploiting Ivanti EPM<\/h3>\n<p>Meanwhile, a critical, now-patched bug in Ivanti&#8217;s Endpoint Manager (EPM) product can allow an unauthenticated attacker to remotely execute malicious code.<\/p>\n<p>The vendor on Tuesday disclosed the cross-site scripting flaw, tracked as <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-EPM-December-2025-for-EPM-2024?language=en_US\">CVE-2025-10573<\/a>, and said the latest software update, version EPM 2024 SU4 SR1, fixes the 9.6 CVSS-rated vulnerability.<\/p>\n<p>&#8220;We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure,&#8221; the company\u2019s security advisory noted.<\/p>\n<p>But considering that abusing this hole in Ivanti&#8217;s endpoint management tool could give attackers access to all of their client devices across Windows, macOS, Linux, Chrome OS, and IoT \u2013 and that <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2025\/09\/24\/google_china_spy_report\/\">China really likes breaking into<\/a> buggy Ivanti gear for cyber-spying and botnet-building purposes \u2013 don&#8217;t leave this patch behind.<\/p>\n<p>Rapid7 security researcher Ryan Emmons disclosed the bug to Ivanti, and in a subsequent Tuesday blog <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.rapid7.com\/blog\/post\/cve-2025-10573-ivanti-epm-unauthenticated-stored-cross-site-scripting-fixed\/\">detailed<\/a> how an &#8220;attacker with unauthenticated access to the primary EPM web service can join fake managed endpoints to the EPM server in order to poison the administrator web dashboard with malicious JavaScript.&#8221;<\/p>\n<p>Then, when an EPM admin views one of these poisoned dashboard interfaces, &#8220;that passive user interaction will trigger client-side JavaScript execution, resulting in the attacker gaining control of the administrator&#8217;s session,&#8221; he added.<\/p>\n<p>While Rapid7 director of vulnerability intelligence Doug McKee told <em>The Register<\/em> that his threat hunting team isn&#8217;t aware of active exploitation, &#8220;now that the vulnerability has been publicly disclosed and patched \u2026 the likelihood of attackers reverse engineering the update to target internet-exposed systems is high.&#8221;<\/p>\n<p>&#8220;Widespread scanning and exploitation attempts are likely to follow soon, as the attack requires no credentials to stage and successfully grants full session control once an administrator views the poisoned dashboard,&#8221; he added. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2025\/12\/09\/december_2025_patch_tuesday\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Plus critical critical Notepad++, Ivanti, and Fortinet updates, and one of these patches an under-attack security hole Happy December Patch Tuesday to all who celebrate. This month&#8217;s patch party includes one Microsoft flaw under exploitation, plus two others listed as publicly known \u2013 but just 57 CVEs in total from Redmond.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-59818","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-09T23:42:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday\",\"datePublished\":\"2025-12-09T23:42:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\\\/\"},\"wordCount\":1021,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\\\/\",\"name\":\"Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2025-12-09T23:42:11+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2025-12-09T23:42:11+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday","datePublished":"2025-12-09T23:42:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/"},"wordCount":1021,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/","url":"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/","name":"Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2025-12-09T23:42:11+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aTkBYxSzQKC0irC-F5B-vgAAAJY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-reports-7-8-rated-zero-day-plus-56-more-in-december-patch-tuesday\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/59818","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=59818"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/59818\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=59818"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=59818"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=59818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}