CSIRT Panamá Aviso 2025-Feb-11 Actualizaciones de seguridad de Microsoft para Febrero 2025.

TOPICS:

Posted By: CSIRT Panamá February 11, 2025

CSIRT Panamá Aviso 2025-Feb-11 Actualizaciones de seguridad de Microsoft para Febrero 2025.
Gravedad: Alta
Fecha de publicación: febrero 11, 2025
Última revisión: febrero 11, 2025
https://msrc.microsoft.com/update-guide/releaseNote/2025-Feb

Sistemas Afectados:
Microsoft Dynamics 365 Sales
Windows DHCP Client
Windows Message Queuing
Windows Resilient File System (ReFS) Deduplication Service
Windows CoreMessaging
Azure Network Watcher
Windows Telephony Service
Microsoft Surface
Microsoft High Performance Compute Pack (HPC) Linux Node Agent
Windows Telephony Server
Visual Studio
Windows Routing and Remote Access Service (RRAS)
Windows Internet Connection Sharing (ICS)
Microsoft Edge for iOS and Android
Outlook for Android
Microsoft Edge (Chromium-based)
Microsoft PC Manager
Microsoft Windows
Windows Update Stack
Windows Remote Desktop Services
Windows Kerberos
Active Directory Domain Services
Windows Kernel
Windows Win32 Kernel Subsystem
Microsoft Digest Authentication
Windows Installer
Microsoft Streaming Service
Windows LDAP – Lightweight Directory Access Protocol
Windows NTLM
Windows DHCP Server
Microsoft Office Excel
Windows Storage
Microsoft Office
Microsoft Office SharePoint
Windows DWM Core Library
Windows Ancillary Function Driver for WinSock
Windows Setup Files Cleanup
Windows Disk Cleanup Tool
Microsoft AutoUpdate (MAU)
Visual Studio Code

I. Descripción
Microsoft ha liberado sus actualizaciones de seguridad correspondientes al mes de febrero de 2025.
Este conjunto de actualizaciones remedia 55 fallas y 4 días cero.

II. Detalle

TagCVE IDCVE TitleSeverity
Active Directory Domain ServicesCVE-2025-21351Windows Active Directory Domain Services API Denial of Service VulnerabilityImportant
Azure Network WatcherCVE-2025-21188Azure Network Watcher VM Extension Elevation of Privilege VulnerabilityImportant
Microsoft AutoUpdate (MAU)CVE-2025-24036Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityImportant
Microsoft Digest AuthenticationCVE-2025-21368Microsoft Digest Authentication Remote Code Execution VulnerabilityImportant
Microsoft Digest AuthenticationCVE-2025-21369Microsoft Digest Authentication Remote Code Execution VulnerabilityImportant
Microsoft Dynamics 365 SalesCVE-2025-21177Microsoft Dynamics 365 Sales Elevation of Privilege VulnerabilityCritical
Microsoft Edge (Chromium-based)CVE-2025-21267Microsoft Edge (Chromium-based) Spoofing VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2025-21279Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-21342Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-0445Chromium: CVE-2025-0445 Use after free in V8Unknown
Microsoft Edge (Chromium-based)CVE-2025-0451Chromium: CVE-2025-0451 Inappropriate implementation in Extensions APIUnknown
Microsoft Edge (Chromium-based)CVE-2025-0444Chromium: CVE-2025-0444 Use after free in SkiaUnknown
Microsoft Edge (Chromium-based)CVE-2025-21283Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-21404Microsoft Edge (Chromium-based) Spoofing VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2025-21408Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityImportant
Microsoft Edge for iOS and AndroidCVE-2025-21253Microsoft Edge for IOS and Android Spoofing VulnerabilityModerate
Microsoft High Performance Compute Pack (HPC) Linux Node AgentCVE-2025-21198Microsoft High Performance Compute (HPC) Pack Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-21392Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-21397Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-21381Microsoft Excel Remote Code Execution VulnerabilityCritical
Microsoft Office ExcelCVE-2025-21394Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-21383Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office ExcelCVE-2025-21390Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-21386Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-21387Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2025-21400Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft PC ManagerCVE-2025-21322Microsoft PC Manager Elevation of Privilege VulnerabilityImportant
Microsoft Streaming ServiceCVE-2025-21375Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft SurfaceCVE-2025-21194Microsoft Surface Security Feature Bypass VulnerabilityImportant
Microsoft WindowsCVE-2025-21337Windows NTFS Elevation of Privilege VulnerabilityImportant
Open Source SoftwareCVE-2023-32002HackerOne: CVE-2023-32002 Node.js `Module._load()` policy Remote Code Execution VulnerabilityImportant
Outlook for AndroidCVE-2025-21259Microsoft Outlook Spoofing VulnerabilityImportant
Visual StudioCVE-2025-21206Visual Studio Installer Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2025-24039Visual Studio Code Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2025-24042Visual Studio Code JS Debug Extension Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2025-21418Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows CoreMessagingCVE-2025-21358Windows Core Messaging Elevation of Privileges VulnerabilityImportant
Windows CoreMessagingCVE-2025-21184Windows Core Messaging Elevation of Privileges VulnerabilityImportant
Windows DHCP ClientCVE-2025-21179DHCP Client Service Denial of Service VulnerabilityImportant
Windows DHCP ServerCVE-2025-21379DHCP Client Service Remote Code Execution VulnerabilityCritical
Windows Disk Cleanup ToolCVE-2025-21420Windows Disk Cleanup Tool Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-21414Windows Core Messaging Elevation of Privileges VulnerabilityImportant
Windows InstallerCVE-2025-21373Windows Installer Elevation of Privilege VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2025-21216Internet Connection Sharing (ICS) Denial of Service VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2025-21212Internet Connection Sharing (ICS) Denial of Service VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2025-21352Internet Connection Sharing (ICS) Denial of Service VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2025-21254Internet Connection Sharing (ICS) Denial of Service VulnerabilityImportant
Windows KerberosCVE-2025-21350Windows Kerberos Denial of Service VulnerabilityImportant
Windows KernelCVE-2025-21359Windows Kernel Security Feature Bypass VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2025-21376Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityCritical
Windows Message QueuingCVE-2025-21181Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityImportant
Windows NTLMCVE-2025-21377NTLM Hash Disclosure Spoofing VulnerabilityImportant
Windows Remote Desktop ServicesCVE-2025-21349Windows Remote Desktop Configuration Service Tampering VulnerabilityImportant
Windows Resilient File System (ReFS) Deduplication ServiceCVE-2025-21183Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege VulnerabilityImportant
Windows Resilient File System (ReFS) Deduplication ServiceCVE-2025-21182Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-21410Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-21208Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Setup Files CleanupCVE-2025-21419Windows Setup Files Cleanup Elevation of Privilege VulnerabilityImportant
Windows StorageCVE-2025-21391Windows Storage Elevation of Privilege VulnerabilityImportant
Windows Telephony ServerCVE-2025-21201Windows Telephony Server Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21407Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21406Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21200Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21371Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21190Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Update StackCVE-2025-21347Windows Deployment Services Denial of Service VulnerabilityImportant
Windows Win32 Kernel SubsystemCVE-2025-21367Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityImportant

III. Referencia a soluciones, herramientas e información
Actualizar utilizando Microsoft Windows Update o herramientas de administración de actualizaciones centralizadas.

IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovación Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Key ID: 16F2B124