Desember 2025 ini Microsoft memberikan ‘kado’ akhir tahun yang agak menggembirakan lewat Patch Tuesday terbaru mereka. Total ada 57 celah keamanan yang diperbaiki, dan yang bikin kami di redaksi sedikit waswas adalah adanya satu celah yang sedang aktif diserang saat ini, ditambah dua celah zero-day yang detailnya sudah bocor ke publik. Kalau kalian belum update, rasanya sekarang waktu yang tepat buat berhenti sebentar dan amankan sistem kalian.
Kali ini, fokus perbaikan Microsoft cukup masif. Selain celah yang sedang dieksploitasi itu, update ini juga menambal tiga kerentanan Remote Code Execution (RCE) yang statusnya ‘Critical’. Kalau kita bedah angkanya, bulan ini didominasi oleh masalah Elevation of Privilege sebanyak 28 celah, diikuti oleh 19 celah RCE yang selalu jadi momok buat tim IT di mana pun. Sisanya ada masalah Information Disclosure, Denial of Service, dan Spoofing. Perlu diingat, hitungan ini murni untuk update keamanan Windows yang rilis hari ini saja ya, jadi nggak termasuk belasan celah di Microsoft Edge yang sudah mereka tambal duluan awal bulan ini.
Mari kita bahas yang paling krusial, yaitu zero-day yang aktif diserang: CVE-2025-62221.
Ini adalah kerentanan Elevation of Privilege pada Windows Cloud Files Mini Filter Driver. Singkatnya, ada masalah teknis yang disebut “Use after free” di driver tersebut. Celah ini memungkinkan penyerang yang sudah punya akses terbatas untuk menaikkan hak akses mereka secara lokal. Begitunya mereka berhasil mengeksploitasi ini, mereka bisa mendapatkan privileges setingkat SYSTEM. Itu artinya, penyerang bisa punya kontrol penuh atas mesin korban. Meskipun Microsoft bilang celah ini sudah ditemukan oleh tim intelijen mereka (MSTIC & MSRC), sayangnya mereka belum membeberkan detail teknis bagaimana serangan itu dilakukan di lapangan.
Selanjutnya, ada dua celah yang sudah bocor ke publik (publicly disclosed) yang juga wajib kalian waspadai:
- CVE-2025-64671 – GitHub Copilot for Jetbrains RCE
Kasus ini cukup unik karena menyerang tools yang biasa dipakai programmer. Ada masalah pada cara Copilot menangani elemen spesial dalam sebuah perintah, yang ujung-ujungnya menyebabkan command injection. Microsoft menjelaskan bahwa lewat teknik Cross Prompt Injection pada file yang tidak terpercaya atau server MCP, penyerang bisa mengeksekusi perintah tambahan secara lokal. Jadi, hati-hati kalau kalian sering membuka project dari sumber asing di IDE kalian. - CVE-2025-54100 – PowerShell RCE
Ini yang mungkin berdampak luas bagi admin sistem. Celah ini memungkinkan skrip yang tertanam di halaman web untuk dieksekusi begitu saja saat halaman tersebut diambil menggunakan perintah Invoke-WebRequest. Rasanya agak konyol kalau sekadar request web bisa memicu kode jahat, tapi itulah realitanya. Untuk mengatasinya, Microsoft sekarang menambahkan peringatan keamanan. Kalau kalian pakai Invoke-WebRequest tanpa parameter -UseBasicParsing, bakal muncul peringatan yang meminta konfirmasi kalian untuk lanjut atau tidak. Langkah ini sepertinya diambil buat mencegah skrip tereksekusi secara tidak sengaja.
Nggak cuma Microsoft, vendor besar lain juga sibuk bersih-bersih di bulan Desember 2025 ini. Adobe baru saja merilis update untuk Acrobat Reader dan ColdFusion. Google juga sudah merilis buletin keamanan Android yang menambal dua celah yang aktif diserang. Bahkan React, library yang sering dipakai developer web, harus menambal celah kritis RCE yang dinamakan React2Shell yang kabarnya sudah dipakai luas dalam berbagai serangan siber.
Melihat banyaknya celah serius bulan ini, terutama yang menyasar driver sistem dan tools pengembangan seperti PowerShell dan Copilot, kami sangat menyarankan kalian untuk tidak menunda proses update. Risiko terkena serangan zero-day yang sudah aktif itu terlalu tinggi untuk diabaikan. Bagi administrator IT, perhatikan perubahan perilaku pada Invoke-WebRequest karena ini mungkin akan mengubah sedikit alur skrip otomatisasi kalian yang sudah ada. Segera terapkan patch, restart server atau workstation kalian, dan pastikan backup data aman. Lebih baik repot sedikit sekarang daripada panik belakangan karena sistem jebol.
Ini daftar lengkapnya rekan-rekanita semua:
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Application Information Services | CVE-2025-62572 | Application Information Service Elevation of Privilege Vulnerability | Important |
| Azure Monitor Agent | CVE-2025-62550 | Azure Monitor Agent Remote Code Execution Vulnerability | Important |
| Copilot | CVE-2025-64671 | GitHub Copilot for Jetbrains Remote Code Execution Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-62569 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-62469 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2025-13634 | Chromium: CVE-2025-13634 Inappropriate implementation in Downloads | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13721 | Chromium: CVE-2025-13721 Race in v8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13630 | Chromium: CVE-2025-13630 Type Confusion in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13631 | Chromium: CVE-2025-13631 Inappropriate implementation in Google Updater | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13632 | Chromium: CVE-2025-13632 Inappropriate implementation in DevTools | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13633 | Chromium: CVE-2025-13633 Use after free in Digital Credentials | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13638 | Chromium: CVE-2025-13638 Use after free in Media Stream | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13639 | Chromium: CVE-2025-13639 Inappropriate implementation in WebRTC | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13640 | Chromium: CVE-2025-13640 Inappropriate implementation in Passwords | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13637 | Chromium: CVE-2025-13637 Inappropriate implementation in Downloads | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13720 | Chromium: CVE-2025-13720 Bad cast in Loader | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13635 | Chromium: CVE-2025-13635 Inappropriate implementation in Downloads | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13636 | Chromium: CVE-2025-13636 Inappropriate implementation in Split View | Unknown |
| Microsoft Edge for iOS | CVE-2025-62223 | Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability | Low |
| Microsoft Exchange Server | CVE-2025-64666 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2025-64667 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-64670 | Windows DirectX Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2025-62554 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-62557 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Access | CVE-2025-62552 | Microsoft Access Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62560 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62563 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62561 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62564 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62553 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62556 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2025-62562 | Microsoft Outlook Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2025-64672 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2025-62558 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-62559 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-62555 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Storvsp.sys Driver | CVE-2025-64673 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | Important |
| Windows Camera Frame Server Monitor | CVE-2025-62570 | Windows Camera Frame Server Monitor Information Disclosure Vulnerability | Important |
| Windows Client-Side Caching (CSC) Service | CVE-2025-62466 | Windows Client-Side Caching Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2025-62457 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2025-62454 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2025-62221 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2025-62470 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Defender Firewall Service | CVE-2025-62468 | Windows Defender Firewall Service Information Disclosure Vulnerability | Important |
| Windows DirectX | CVE-2025-62463 | DirectX Graphics Kernel Denial of Service Vulnerability | Important |
| Windows DirectX | CVE-2025-62465 | DirectX Graphics Kernel Denial of Service Vulnerability | Important |
| Windows DirectX | CVE-2025-62573 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2025-64679 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2025-64680 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows Hyper-V | CVE-2025-62567 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Installer | CVE-2025-62571 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Message Queuing | CVE-2025-62455 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
| Windows PowerShell | CVE-2025-54100 | PowerShell Remote Code Execution Vulnerability | Important |
| Windows Projected File System | CVE-2025-62464 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2025-55233 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2025-62462 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2025-62467 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Projected File System Filter Driver | CVE-2025-62461 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2025-62474 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2025-62472 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Resilient File System (ReFS) | CVE-2025-62456 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-62549 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-62473 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-64678 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Shell | CVE-2025-62565 | Windows File Explorer Elevation of Privilege Vulnerability | Important |
| Windows Shell | CVE-2025-64661 | Windows Shell Elevation of Privilege Vulnerability | Important |
| Windows Shell | CVE-2025-64658 | Windows File Explorer Elevation of Privilege Vulnerability | Important |
| Windows Storage VSP Driver | CVE-2025-59517 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | Important |
| Windows Storage VSP Driver | CVE-2025-59516 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2025-62458 | Win32k Elevation of Privilege Vulnerability | Important |