CSIRT Panamá Aviso 2025-Dec-11 Actualizaciones de seguridad de Microsoft para Diciembre 2025.
Gravedad: Alta
Fecha de publicación: diciembre 11, 2025
Última revisión: diciembre 11, 2025
https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec
Sistemas Afectados:
Azure Monitor Agent
Customer Experience Improvement Program (CEIP)
Dynamics 365 Field Service (online)
GitHub Copilot and Visual Studio Code
Host Process for Windows Tasks
Microsoft Configuration Manager
Microsoft Dynamics 365 (on-premises)
Microsoft Graphics Component
Microsoft Office
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Office Word
Microsoft Streaming Service
Microsoft Wireless Provisioning System
Multimedia Class Scheduler Service (MMCSS)
Nuance PowerScribe
OneDrive for Android
Role: Windows Hyper-V
SQL Server
Storvsp.sys Driver
Visual Studio
Visual Studio Code CoPilot Chat Extension
Windows Administrator Protection
Windows Ancillary Function Driver for WinSock
Windows Bluetooth RFCOM Protocol Driver
Windows Broadcast DVR User Service
Windows Client-Side Caching (CSC) Service
Windows Common Log File System Driver
Windows DirectX
Windows Kerberos
Windows Kernel
Windows License Manager
Windows OLE
Windows Remote Desktop
Windows Routing and Remote Access Service (RRAS)
Windows Smart Card
Windows Speech
Windows Subsystem for Linux GUI
Windows TDX.sys
Windows WLAN ServiceWindows PowerShell
Windows Projected File System
Windows Storage VSP Driver
Windows Cloud Files Mini Filter Driver
Microsoft Edge for iOS
Windows Message Queuing
Windows Resilient File System (ReFS)
Windows Win32K – GRFX
Windows Projected File System Filter Driver
Windows DirectX
Windows Client-Side Caching (CSC) Service
Windows Defender Firewall Service
Microsoft Brokering File System
Windows Common Log File System Driver
Windows Remote Access Connection Manager
Windows Routing and Remote Access Service (RRAS)
Azure Monitor Agent
Microsoft Office Access
Microsoft Office Excel
Microsoft Office
Microsoft Office Word
Microsoft Office Outlook
Windows Shell
Windows Hyper-V
Windows Camera Frame Server Monitor
Windows Installer
Application Information Services
Microsoft Exchange Server
Microsoft Graphics Component
Copilot
Microsoft Office SharePoint
Storvsp.sys Driver
Windows DWM Core Library
I. Descripción
Microsoft ha liberado sus actualizaciones de seguridad correspondientes al mes de diciembre de 2025.
Este conjunto de actualizaciones remedia 57 fallas y 3 día cero.
II. Detalle
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Application Information Services | CVE-2025-62572 | Application Information Service Elevation of Privilege Vulnerability | Important |
| Azure Monitor Agent | CVE-2025-62550 | Azure Monitor Agent Remote Code Execution Vulnerability | Important |
| Copilot | CVE-2025-64671 | GitHub Copilot for Jetbrains Remote Code Execution Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-62569 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-62469 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2025-13634 | Chromium: CVE-2025-13634 Inappropriate implementation in Downloads | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13721 | Chromium: CVE-2025-13721 Race in v8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13630 | Chromium: CVE-2025-13630 Type Confusion in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13631 | Chromium: CVE-2025-13631 Inappropriate implementation in Google Updater | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13632 | Chromium: CVE-2025-13632 Inappropriate implementation in DevTools | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13633 | Chromium: CVE-2025-13633 Use after free in Digital Credentials | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13638 | Chromium: CVE-2025-13638 Use after free in Media Stream | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13639 | Chromium: CVE-2025-13639 Inappropriate implementation in WebRTC | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13640 | Chromium: CVE-2025-13640 Inappropriate implementation in Passwords | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13637 | Chromium: CVE-2025-13637 Inappropriate implementation in Downloads | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13720 | Chromium: CVE-2025-13720 Bad cast in Loader | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13635 | Chromium: CVE-2025-13635 Inappropriate implementation in Downloads | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-13636 | Chromium: CVE-2025-13636 Inappropriate implementation in Split View | Unknown |
| Microsoft Edge for iOS | CVE-2025-62223 | Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability | Low |
| Microsoft Exchange Server | CVE-2025-64666 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2025-64667 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Graphics Component | CVE-2025-64670 | Windows DirectX Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2025-62554 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-62557 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Access | CVE-2025-62552 | Microsoft Access Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62560 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62563 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62561 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62564 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62553 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-62556 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2025-62562 | Microsoft Outlook Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2025-64672 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2025-62558 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-62559 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-62555 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Storvsp.sys Driver | CVE-2025-64673 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | Important |
| Windows Camera Frame Server Monitor | CVE-2025-62570 | Windows Camera Frame Server Monitor Information Disclosure Vulnerability | Important |
| Windows Client-Side Caching (CSC) Service | CVE-2025-62466 | Windows Client-Side Caching Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2025-62457 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2025-62454 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2025-62221 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2025-62470 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Defender Firewall Service | CVE-2025-62468 | Windows Defender Firewall Service Information Disclosure Vulnerability | Important |
| Windows DirectX | CVE-2025-62463 | DirectX Graphics Kernel Denial of Service Vulnerability | Important |
| Windows DirectX | CVE-2025-62465 | DirectX Graphics Kernel Denial of Service Vulnerability | Important |
| Windows DirectX | CVE-2025-62573 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2025-64679 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2025-64680 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows Hyper-V | CVE-2025-62567 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Installer | CVE-2025-62571 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Message Queuing | CVE-2025-62455 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
| Windows PowerShell | CVE-2025-54100 | PowerShell Remote Code Execution Vulnerability | Important |
| Windows Projected File System | CVE-2025-62464 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2025-55233 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2025-62462 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2025-62467 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Projected File System Filter Driver | CVE-2025-62461 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2025-62474 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2025-62472 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Resilient File System (ReFS) | CVE-2025-62456 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-62549 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-62473 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-64678 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Shell | CVE-2025-62565 | Windows File Explorer Elevation of Privilege Vulnerability | Important |
| Windows Shell | CVE-2025-64661 | Windows Shell Elevation of Privilege Vulnerability | Important |
| Windows Shell | CVE-2025-64658 | Windows File Explorer Elevation of Privilege Vulnerability | Important |
| Windows Storage VSP Driver | CVE-2025-59517 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | Important |
| Windows Storage VSP Driver | CVE-2025-59516 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2025-62458 | Win32k Elevation of Privilege Vulnerability | Important |
III. Referencia a soluciones, herramientas e información
Actualizar utilizando Microsoft Windows Update o herramientas de administración de actualizaciones centralizadas.
IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: incidentes@cert.pa
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Key ID: 16F2B124