Back to News
Market Impact: 0.5

Patch Tuesday: Microsoft EoP, NotePad++, Ivanti, Fortinet

MSFTFTNTRPD
Cybersecurity & Data PrivacyTechnology & Innovation
Patch Tuesday: Microsoft EoP, NotePad++, Ivanti, Fortinet

December Patch Tuesday brought 57 Microsoft fixes including a locally exploitable zero‑day privilege‑escalation bug (CVE‑2025‑62221, CVSS 7.8) plus two publicly known RCE flaws in PowerShell and GitHub Copilot for JetBrains (CVSS 7.8 and 8.4); although the zero‑day requires prior code execution, it materially raises the stakes in host compromises and should be prioritized. High‑severity, actively abused fixes outside Microsoft include Notepad++ v8.8.9 to stop updater‑hijack malware campaigns (reported abuse linked to China), two Fortinet SAML bypasses (CVE‑2025‑59718/59719, CVSS 9.1) affecting FortiOS/FortiWeb/FortiProxy/FortiSwitchManager—disable FortiCloud SSO until patched—and an Ivanti EPM XSS leading to admin session takeover (CVE‑2025‑10573, CVSS 9.6) that could expose fleets of endpoints and is likely to attract rapid exploitation. Firms running these products should immediately triage and deploy patches and mitigations—especially for Ivanti, Fortinet and the Microsoft zero‑day—to limit operational and breach risk.

Analysis

December Patch Tuesday included 57 Microsoft CVEs and a Microsoft-reported zero-day, CVE-2025-62221 (CVSS 7.8), a Windows Cloud Files Mini Filter Driver flaw that has been exploited and permits local privilege escalation after an attacker achieves code execution; security experts advise prioritizing this patch because privilege escalation commonly amplifies host compromises. Two additional Microsoft issues are publicly known: CVE-2025-54100 (PowerShell RCE, CVSS 7.8) and CVE-2025-64671 (GitHub Copilot for JetBrains, CVSS 8.4) which is local but may be triggered via social engineering, raising the risk profile for developer tooling and scripting environments. Outside Redmond, Notepad++ released v8.8.9 to fix an updater-hijack campaign reportedly abused by actors linked to China, Fortinet patched two critical SAML bypasses (CVE-2025-59718/59719, CVSS 9.1) affecting FortiOS/FortiWeb/FortiProxy/FortiSwitchManager with a vendor advisory to disable FortiCloud SSO until patched, and Ivanti fixed a critical EPM XSS (CVE-2025-10573, CVSS 9.6) that can grant admin session control. Rapid7 and other researchers warn public disclosure of the Ivanti flaw will likely prompt scanning and exploitation attempts, implying elevated near-term demand for incident response, patch management and perimeter mitigations across affected enterprises.

AllMind AI Terminal

AI-powered research, real-time alerts, and portfolio analytics for institutional investors.

Request a Demo

Market Sentiment

Overall Sentiment

moderately negative

Sentiment Score

-0.60

Ticker Sentiment

FTNT-0.70
MSFT-0.40
RPD0.20

Key Decisions for Investors

  • Monitor and potentially underweight Fortinet (FTNT) until customers report broad patch adoption or FortiCloud SSO mitigations are in place given two CVSS 9.1 bypasses and active exploitation risk
  • For Microsoft (MSFT), maintain a cautious watch: track exploit telemetry and corporate disclosures around CVE-2025-62221 and the two publicly known RCEs and consider short-term operational-risk hedges if incident counts rise
  • Consider selective overweight positions in security services and incident-response vendors (e.g., Rapid7/RPD) that are likely to benefit from increased demand for detection, patching and remediation following these high-severity disclosures