CSIRT Panamá Aviso 2025-Ago-18 Actualizaciones de seguridad de Microsoft para Agosto 2025.

TOPICS:

Posted By: CSIRT Panamá August 20, 2025

CSIRT Panamá Aviso 2025-Ago-18 Actualizaciones de seguridad de Microsoft para Agosto 2025.
Gravedad: Alta
Fecha de publicación: agosto 20, 2025
Última revisión: agosto 18, 2025
https://msrc.microsoft.com/update-guide/releaseNote/2025-Aug

Sistemas Afectados:
Microsoft Dynamics 365 Sales
Windows DHCP Client
Windows Message Queuing
Windows Resilient File System (ReFS) Deduplication Service
Windows CoreMessaging
Azure Network Watcher
Windows Telephony Service
Microsoft Surface
Microsoft High Performance Compute Pack (HPC) Linux Node Agent
Windows Telephony Server
Visual Studio
Windows Routing and Remote Access Service (RRAS)
Windows Internet Connection Sharing (ICS)
Microsoft Edge for iOS and Android
Outlook for Android
Microsoft Edge (Chromium-based)
Microsoft PC Manager
Microsoft Windows
Windows Update Stack
Windows Remote Desktop Services
Windows Kerberos
Active Directory Domain Services
Windows Kernel
Windows Win32 Kernel Subsystem
Microsoft Digest Authentication
Windows Installer
Microsoft Streaming Service
Windows LDAP – Lightweight Directory Access Protocol
Windows NTLM
Windows DHCP Server
Microsoft Office Excel
Windows Storage
Microsoft Office
Microsoft Office SharePoint
Windows DWM Core Library
Windows Ancillary Function Driver for WinSock
Windows Setup Files Cleanup
Windows Disk Cleanup Tool
Microsoft AutoUpdate (MAU)
Visual Studio Code

I. Descripción
Microsoft ha liberado sus actualizaciones de seguridad correspondientes al mes de agosto de 2025.
Este conjunto de actualizaciones remedia 107 fallas y 1 día cero.

II. Detalle

TagCVE IDCVE TitleSeverity
Azure File SyncCVE-2025-53729Microsoft Azure File Sync Elevation of Privilege VulnerabilityImportant
Azure StackCVE-2025-53793Azure Stack Hub Information Disclosure VulnerabilityCritical
Azure StackCVE-2025-53765Azure Stack Hub Information Disclosure VulnerabilityImportant
Azure Virtual MachinesCVE-2025-49707Azure Virtual Machines Spoofing VulnerabilityCritical
Azure Virtual MachinesCVE-2025-53781Azure Virtual Machines Information Disclosure VulnerabilityCritical
Desktop Windows ManagerCVE-2025-53152Desktop Windows Manager Remote Code Execution VulnerabilityImportant
Desktop Windows ManagerCVE-2025-50153Desktop Windows Manager Elevation of Privilege VulnerabilityImportant
GitHub Copilot and Visual StudioCVE-2025-53773GitHub Copilot and Visual Studio Remote Code Execution VulnerabilityImportant
Graphics KernelCVE-2025-50176DirectX Graphics Kernel Remote Code Execution VulnerabilityCritical
Kernel Streaming WOW Thunk Service DriverCVE-2025-53149Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Kernel Transaction ManagerCVE-2025-53140Windows Kernel Transaction Manager Elevation of Privilege VulnerabilityImportant
Microsoft Brokering File SystemCVE-2025-53142Microsoft Brokering File System Elevation of Privilege VulnerabilityImportant
Microsoft Dynamics 365 (on-premises)CVE-2025-49745Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft Dynamics 365 (on-premises)CVE-2025-53728Microsoft Dynamics 365 (On-Premises) Information Disclosure VulnerabilityImportant
Microsoft Edge for AndroidCVE-2025-49755Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityLow
Microsoft Edge for AndroidCVE-2025-49736Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityModerate
Microsoft Exchange ServerCVE-2025-25005Microsoft Exchange Server Tampering VulnerabilityImportant
Microsoft Exchange ServerCVE-2025-25006Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2025-25007Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2025-53786Microsoft Exchange Server Hybrid Deployment Elevation of Privilege VulnerabilityImportant
Microsoft Exchange ServerCVE-2025-33051Microsoft Exchange Server Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2025-49743Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2025-50165Windows Graphics Component Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-53732Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-53740Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-53731Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft Office ExcelCVE-2025-53759Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-53737Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-53739Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-53735Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-53741Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office PowerPointCVE-2025-53761Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2025-53760Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft Office SharePointCVE-2025-49712Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2025-53730Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2025-53734Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-53738Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-53736Microsoft Word Information Disclosure VulnerabilityImportant
Microsoft Office WordCVE-2025-53784Microsoft Word Remote Code Execution VulnerabilityCritical
Microsoft Office WordCVE-2025-53733Microsoft Word Remote Code Execution VulnerabilityCritical
Microsoft TeamsCVE-2025-53783Microsoft Teams Remote Code Execution VulnerabilityImportant
Remote Access Point-to-Point Protocol (PPP) EAP-TLSCVE-2025-50159Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege VulnerabilityImportant
Remote Desktop ServerCVE-2025-50171Remote Desktop Spoofing VulnerabilityImportant
Role: Windows Hyper-VCVE-2025-50167Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2025-53155Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2025-49751Windows Hyper-V Denial of Service VulnerabilityImportant
Role: Windows Hyper-VCVE-2025-53723Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2025-48807Windows Hyper-V Remote Code Execution VulnerabilityCritical
SQL ServerCVE-2025-49758Microsoft SQL Server Elevation of Privilege VulnerabilityImportant
SQL ServerCVE-2025-24999Microsoft SQL Server Elevation of Privilege VulnerabilityImportant
SQL ServerCVE-2025-53727Microsoft SQL Server Elevation of Privilege VulnerabilityImportant
SQL ServerCVE-2025-49759Microsoft SQL Server Elevation of Privilege VulnerabilityImportant
SQL ServerCVE-2025-47954Microsoft SQL Server Elevation of Privilege VulnerabilityImportant
Storage Port DriverCVE-2025-53156Windows Storage Port Driver Information Disclosure VulnerabilityImportant
Web DeployCVE-2025-53772Web Deploy Remote Code Execution VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2025-53718Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2025-53134Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2025-49762Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2025-53147Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2025-53154Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2025-53137Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2025-53141Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2025-50170Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Connected Devices Platform ServiceCVE-2025-53721Windows Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
Windows DirectXCVE-2025-53135DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Windows DirectXCVE-2025-50172DirectX Graphics Kernel Denial of Service VulnerabilityImportant
Windows Distributed Transaction CoordinatorCVE-2025-50166Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure VulnerabilityImportant
Windows File ExplorerCVE-2025-50154Microsoft Windows File Explorer Spoofing VulnerabilityImportant
Windows GDI+CVE-2025-53766GDI+ Remote Code Execution VulnerabilityCritical
Windows InstallerCVE-2025-50173Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2025-53779Windows Kerberos Elevation of Privilege VulnerabilityModerate
Windows KernelCVE-2025-49761Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2025-53151Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Local Security Authority Subsystem Service (LSASS)CVE-2025-53716Local Security Authority Subsystem Service (LSASS) Denial of Service VulnerabilityImportant
Windows MediaCVE-2025-53131Windows Media Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2025-53145Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2025-53143Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2025-50177Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityCritical
Windows Message QueuingCVE-2025-53144Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityImportant
Windows NT OS KernelCVE-2025-53136NT OS Kernel Information Disclosure VulnerabilityImportant
Windows NTFSCVE-2025-50158Windows NTFS Information Disclosure VulnerabilityImportant
Windows NTLMCVE-2025-53778Windows NTLM Elevation of Privilege VulnerabilityCritical
Windows PrintWorkflowUserSvcCVE-2025-53133Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityImportant
Windows Push NotificationsCVE-2025-53725Windows Push Notifications Apps Elevation of Privilege VulnerabilityImportant
Windows Push NotificationsCVE-2025-53724Windows Push Notifications Apps Elevation of Privilege VulnerabilityImportant
Windows Push NotificationsCVE-2025-50155Windows Push Notifications Apps Elevation of Privilege VulnerabilityImportant
Windows Push NotificationsCVE-2025-53726Windows Push Notifications Apps Elevation of Privilege VulnerabilityImportant
Windows Remote Desktop ServicesCVE-2025-53722Windows Remote Desktop Services Denial of Service VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-50157Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-53153Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-50163Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-50162Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-50164Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-53148Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-53138Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-50156Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-49757Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-53719Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-53720Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-50160Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Security AppCVE-2025-53769Windows Security App Spoofing VulnerabilityImportant
Windows SMBCVE-2025-50169Windows SMB Remote Code Execution VulnerabilityImportant
Windows StateRepository APICVE-2025-53789Windows StateRepository API Server file Elevation of Privilege VulnerabilityImportant
Windows Subsystem for LinuxCVE-2025-53788Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege VulnerabilityImportant
Windows Win32K – GRFXCVE-2025-50161Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32K – GRFXCVE-2025-53132Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32K – ICOMPCVE-2025-50168Win32k Elevation of Privilege VulnerabilityImportant

III. Referencia a soluciones, herramientas e información
Actualizar utilizando Microsoft Windows Update o herramientas de administración de actualizaciones centralizadas.

IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: incidentes@cert.pa
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Key ID: 16F2B124