Hello and welcome to the Wednesday, December 10th, 2025 edition of the Sands and Internet Storms Centers.

Stormcast, my name is Johannes Orich, recording today from Jacksonville, Florida.

And this episode is brought you by the Sands.edu bachelor's security program in Applied Cybersecurity.

Well, today, of course, lots of patches to talk about.

And first of all, Microsoft's Patch Tuesday for December.

It was a lighter patch Tuesday.

Only 57 vulnerabilities being addressed here.

Only three of these vulnerabilities were rated as critical.

And then we had one vulnerability that's already being exploited and two that are publicly disclosed.

Now, about the already being exploited vulnerability, that is Peruvage escalation vulnerability

in the Microsoft Cloud Files Mini Filters, Driver, so one of those driver issues, and yes,

that's already being exploited, but again, only Peruvish escalation vulnerability.

The publicly known but not yet exploited vulnerabilities is, well, actually the first one, invoke web request, a power shell function that's often used maliciously, but of course, also in benign scripts. The problem here is that by default, you may actually execute code here.

So there is this use basic parsing parameter.

And what they changed here was that if you just use invoke web request,

you'll actually get a warning telling you that you are here at the risk of actually executing code

unless you add the use basic parsing parameter.

So really just clarified how to use this particular PowerShell function.

And then the second already known vulnerability, it's a really sort of a class of vulnerabilities

that we have seen, of course, quite frequently lately. And that's all these

AI co-pilots as you let them take over your IDE, your development environment. You, of course,

run the risk that they'll overstep their bounds and will actually execute code. And of course,

...