CSIRT Panamá Aviso 2025-Nov-12 Actualizaciones de seguridad de Microsoft para Noviembre 2025.

TOPICS:

Posted By: CSIRT Panamá November 12, 2025

CSIRT Panamá Aviso 2025-Nov-12 Actualizaciones de seguridad de Microsoft para Noviembre 2025.
Gravedad: Alta
Fecha de publicación: noviembre 12, 2025
Última revisión: noviembre 12, 2025
https://msrc.microsoft.com/update-guide/releaseNote/2025-Nov

Sistemas Afectados:
Azure Monitor Agent
Customer Experience Improvement Program (CEIP)
Dynamics 365 Field Service (online)
GitHub Copilot and Visual Studio Code
Host Process for Windows Tasks
Microsoft Configuration Manager
Microsoft Dynamics 365 (on-premises)
Microsoft Graphics Component
Microsoft Office
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Office Word
Microsoft Streaming Service
Microsoft Wireless Provisioning System
Multimedia Class Scheduler Service (MMCSS)
Nuance PowerScribe
OneDrive for Android
Role: Windows Hyper-V
SQL Server
Storvsp.sys Driver
Visual Studio
Visual Studio Code CoPilot Chat Extension
Windows Administrator Protection
Windows Ancillary Function Driver for WinSock
Windows Bluetooth RFCOM Protocol Driver
Windows Broadcast DVR User Service
Windows Client-Side Caching (CSC) Service
Windows Common Log File System Driver
Windows DirectX
Windows Kerberos
Windows Kernel
Windows License Manager
Windows OLE
Windows Remote Desktop
Windows Routing and Remote Access Service (RRAS)
Windows Smart Card
Windows Speech
Windows Subsystem for Linux GUI
Windows TDX.sys
Windows WLAN Service

I. Descripción
Microsoft ha liberado sus actualizaciones de seguridad correspondientes al mes de noviembre de 2025.
Este conjunto de actualizaciones remedia 63 fallas y 1 día cero.

II. Detalle

TagCVE IDCVE TitleSeverity
Azure Monitor AgentCVE-2025-59504Azure Monitor Agent Remote Code Execution VulnerabilityImportant
Customer Experience Improvement Program (CEIP)CVE-2025-59512Customer Experience Improvement Program (CEIP) Elevation of Privilege VulnerabilityImportant
Dynamics 365 Field Service (online)CVE-2025-62211Dynamics 365 Field Service (online) Spoofing VulnerabilityImportant
Dynamics 365 Field Service (online)CVE-2025-62210Dynamics 365 Field Service (online) Spoofing VulnerabilityImportant
GitHub Copilot and Visual Studio CodeCVE-2025-62453GitHub Copilot and Visual Studio Code Security Feature Bypass VulnerabilityImportant
Host Process for Windows TasksCVE-2025-60710Host Process for Windows Tasks Elevation of Privilege VulnerabilityImportant
Microsoft Configuration ManagerCVE-2025-47179Configuration Manager Elevation of Privilege VulnerabilityImportant
Microsoft Dynamics 365 (on-premises)CVE-2025-62206Microsoft Dynamics 365 (On-Premises) Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2025-60724GDI+ Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-62216Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-62199Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft Office ExcelCVE-2025-62200Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-62201Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-60726Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office ExcelCVE-2025-62203Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-62202Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office ExcelCVE-2025-60727Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-60728Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office ExcelCVE-2025-59240Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2025-62204Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-62205Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Streaming ServiceCVE-2025-59514Microsoft Streaming Service Proxy Elevation of Privilege VulnerabilityImportant
Microsoft Wireless Provisioning SystemCVE-2025-62218Microsoft Wireless Provisioning System Elevation of Privilege VulnerabilityImportant
Microsoft Wireless Provisioning SystemCVE-2025-62219Microsoft Wireless Provisioning System Elevation of Privilege VulnerabilityImportant
Multimedia Class Scheduler Service (MMCSS)CVE-2025-60707Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege VulnerabilityImportant
Nuance PowerScribeCVE-2025-30398Nuance PowerScribe 360 Information Disclosure VulnerabilityCritical
OneDrive for AndroidCVE-2025-60722Microsoft OneDrive for Android Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2025-60706Windows Hyper-V Information Disclosure VulnerabilityImportant
SQL ServerCVE-2025-59499Microsoft SQL Server Elevation of Privilege VulnerabilityImportant
Storvsp.sys DriverCVE-2025-60708Storvsp.sys Driver Denial of Service VulnerabilityImportant
Visual StudioCVE-2025-62214Visual Studio Remote Code Execution VulnerabilityCritical
Visual Studio Code CoPilot Chat ExtensionCVE-2025-62449Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass VulnerabilityImportant
Visual Studio Code CoPilot Chat ExtensionCVE-2025-62222Agentic AI and Visual Studio Code Remote Code Execution VulnerabilityImportant
Windows Administrator ProtectionCVE-2025-60721Windows Administrator Protection Elevation of Privilege VulnerabilityImportant
Windows Administrator ProtectionCVE-2025-60718Windows Administrator Protection Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2025-62217Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2025-60719Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2025-62213Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Bluetooth RFCOM Protocol DriverCVE-2025-59513Windows Bluetooth RFCOM Protocol Driver Information Disclosure VulnerabilityImportant
Windows Broadcast DVR User ServiceCVE-2025-59515Windows Broadcast DVR User Service Elevation of Privilege VulnerabilityImportant
Windows Broadcast DVR User ServiceCVE-2025-60717Windows Broadcast DVR User Service Elevation of Privilege VulnerabilityImportant
Windows Client-Side Caching (CSC) ServiceCVE-2025-60705Windows Client-Side Caching Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2025-60709Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows DirectXCVE-2025-59506DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Windows DirectXCVE-2025-60716DirectX Graphics Kernel Elevation of Privilege VulnerabilityCritical
Windows DirectXCVE-2025-60723DirectX Graphics Kernel Denial of Service VulnerabilityImportant
Windows KerberosCVE-2025-60704Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2025-62215Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows License ManagerCVE-2025-62208Windows License Manager Information Disclosure VulnerabilityImportant
Windows License ManagerCVE-2025-62209Windows License Manager Information Disclosure VulnerabilityImportant
Windows OLECVE-2025-60714Windows OLE Remote Code Execution VulnerabilityImportant
Windows Remote DesktopCVE-2025-60703Windows Remote Desktop Services Elevation of Privilege VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-62452Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-59510Windows Routing and Remote Access Service (RRAS) Denial of Service VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-60715Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-60713Windows Routing and Remote Access Service (RRAS) Elevation of Privilege VulnerabilityImportant
Windows Smart CardCVE-2025-59505Windows Smart Card Reader Elevation of Privilege VulnerabilityImportant
Windows SpeechCVE-2025-59507Windows Speech Runtime Elevation of Privilege VulnerabilityImportant
Windows SpeechCVE-2025-59508Windows Speech Recognition Elevation of Privilege VulnerabilityImportant
Windows SpeechCVE-2025-59509Windows Speech Recognition Information Disclosure VulnerabilityImportant
Windows Subsystem for Linux GUICVE-2025-62220Windows Subsystem for Linux GUI Remote Code Execution VulnerabilityImportant
Windows TDX.sysCVE-2025-60720Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege VulnerabilityImportant
Windows WLAN ServiceCVE-2025-59511Windows WLAN Service Elevation of Privilege VulnerabilityImportant

III. Referencia a soluciones, herramientas e información
Actualizar utilizando Microsoft Windows Update o herramientas de administración de actualizaciones centralizadas.

IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: incidentes@cert.pa
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Key ID: 16F2B124