CSIRT Panamá Aviso 2026-Feb-11 Actualizaciones de seguridad de Microsoft para Febrero 2026.

TOPICS:

Posted By: CSIRT Panamá February 11, 2026

CSIRT Panamá Aviso 2026-Feb-11 Actualizaciones de seguridad de Microsoft para Febrero 2026.
Gravedad: Alta
Fecha de publicación: febrero 11, 2026
Última revisión: febrero 11, 2026
https://msrc.microsoft.com/update-guide/releaseNote/2026-Feb

Sistemas Afectados:
Windows Win32K – GRFX
Microsoft Edge for Android
Windows Notepad App
Windows GDI+
.NET and Visual Studio
Windows Kernel
Azure Local
Power BI
Windows HTTP.sys
Windows Connected Devices Platform Service
Microsoft Graphics Component
Windows Ancillary Function Driver for WinSock
Windows Subsystem for Linux
Windows LDAP – Lightweight Directory Access Protocol
Role: Windows Hyper-V
Windows NTLM
Windows Cluster Client Failover
Mailslot File System
GitHub Copilot and Visual Studio
Microsoft Office Excel
Microsoft Office Word
Windows Storage
Windows Shell
Microsoft Office Outlook
Azure DevOps Server
Internet Explorer
Github Copilot
Windows App for Mac
.NET
Desktop Window Manager
Azure Compute Gallery
Windows Remote Access Connection Manager
Microsoft Exchange Server
Azure IoT SDK
Azure HDInsights
Azure SDK
Azure Function
Windows Remote Desktop
Microsoft Defender for Linux
Azure Front Door (AFD)
Azure Arc

I. Descripción
Microsoft ha liberado sus actualizaciones de seguridad correspondientes al mes de febrero de 2026.
Este conjunto de actualizaciones remedia 58 fallas y 6 día cero.

II. Detalle

TagCVE IDCVE TitleSeverity
.NETCVE-2026-21218.NET Spoofing VulnerabilityImportant
Azure ArcCVE-2026-24302Azure Arc Elevation of Privilege VulnerabilityCritical
Azure Compute GalleryCVE-2026-23655Microsoft ACI Confidential Containers Information Disclosure VulnerabilityCritical
Azure Compute GalleryCVE-2026-21522Microsoft ACI Confidential Containers Elevation of Privilege VulnerabilityCritical
Azure DevOps ServerCVE-2026-21512Azure DevOps Server Cross-Site Scripting VulnerabilityImportant
Azure Front Door (AFD)CVE-2026-24300Azure Front Door Elevation of Privilege VulnerabilityCritical
Azure FunctionCVE-2026-21532Azure Function Information Disclosure VulnerabilityCritical
Azure HDInsightsCVE-2026-21529Azure HDInsight Spoofing VulnerabilityImportant
Azure IoT SDKCVE-2026-21528Azure IoT Explorer Information Disclosure VulnerabilityImportant
Azure LocalCVE-2026-21228Azure Local Remote Code Execution VulnerabilityImportant
Azure SDKCVE-2026-21531Azure SDK for Python Remote Code Execution VulnerabilityImportant
Desktop Window ManagerCVE-2026-21519Desktop Window Manager Elevation of Privilege VulnerabilityImportant
Github CopilotCVE-2026-21516GitHub Copilot for Jetbrains Remote Code Execution VulnerabilityImportant
GitHub Copilot and Visual StudioCVE-2026-21523GitHub Copilot and Visual Studio Code Remote Code Execution VulnerabilityImportant
GitHub Copilot and Visual StudioCVE-2026-21256GitHub Copilot and Visual Studio Remote Code Execution VulnerabilityImportant
GitHub Copilot and Visual StudioCVE-2026-21257GitHub Copilot and Visual Studio Elevation of Privilege VulnerabilityImportant
GitHub Copilot and Visual Studio CodeCVE-2026-21518GitHub Copilot and Visual Studio Code Security Feature Bypass VulnerabilityImportant
Mailslot File SystemCVE-2026-21253Mailslot File System Elevation of Privilege VulnerabilityImportant
Microsoft Defender for LinuxCVE-2026-21537Microsoft Defender for Endpoint Linux Extension Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2026-1861Chromium: CVE-2026-1861 Heap buffer overflow in libvpxUnknown
Microsoft Edge (Chromium-based)CVE-2026-1862Chromium: CVE-2026-1862 Type Confusion in V8Unknown
Microsoft Edge for AndroidCVE-2026-0391Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityModerate
Microsoft Exchange ServerCVE-2026-21527Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Graphics ComponentCVE-2026-21246Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2026-21235Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Office ExcelCVE-2026-21261Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office ExcelCVE-2026-21258Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office ExcelCVE-2026-21259Microsoft Excel Elevation of Privilege VulnerabilityImportant
Microsoft Office OutlookCVE-2026-21260Microsoft Outlook Spoofing VulnerabilityImportant
Microsoft Office OutlookCVE-2026-21511Microsoft Outlook Spoofing VulnerabilityImportant
Microsoft Office WordCVE-2026-21514Microsoft Word Security Feature Bypass VulnerabilityImportant
MSHTML FrameworkCVE-2026-21513MSHTML Framework Security Feature Bypass VulnerabilityImportant
Power BICVE-2026-21229Power BI Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2026-21244Windows Hyper-V Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2026-21255Windows Hyper-V Security Feature Bypass VulnerabilityImportant
Role: Windows Hyper-VCVE-2026-21248Windows Hyper-V Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2026-21247Windows Hyper-V Remote Code Execution VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2026-21236Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2026-21241Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2026-21238Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows App for MacCVE-2026-21517Windows App for Mac Installer Elevation of Privilege VulnerabilityImportant
Windows Cluster Client FailoverCVE-2026-21251Cluster Client Failover (CCF) Elevation of Privilege VulnerabilityImportant
Windows Connected Devices Platform ServiceCVE-2026-21234Windows Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
Windows GDI+CVE-2026-20846GDI+ Denial of Service VulnerabilityImportant
Windows HTTP.sysCVE-2026-21240Windows HTTP.sys Elevation of Privilege VulnerabilityImportant
Windows HTTP.sysCVE-2026-21250Windows HTTP.sys Elevation of Privilege VulnerabilityImportant
Windows HTTP.sysCVE-2026-21232Windows HTTP.sys Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2026-21231Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2026-21222Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2026-21239Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2026-21245Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2026-21243Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
Windows Notepad AppCVE-2026-20841Windows Notepad App Remote Code Execution VulnerabilityImportant
Windows NTLMCVE-2026-21249Windows NTLM Spoofing VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2026-21525Windows Remote Access Connection Manager Denial of Service VulnerabilityModerate
Windows Remote DesktopCVE-2026-21533Windows Remote Desktop Services Elevation of Privilege VulnerabilityImportant
Windows ShellCVE-2026-21510Windows Shell Security Feature Bypass VulnerabilityImportant
Windows StorageCVE-2026-21508Windows Storage Elevation of Privilege VulnerabilityImportant
Windows Subsystem for LinuxCVE-2026-21237Windows Subsystem for Linux Elevation of Privilege VulnerabilityImportant
Windows Subsystem for LinuxCVE-2026-21242Windows Subsystem for Linux Elevation of Privilege VulnerabilityImportant
Windows Win32K – GRFXCVE-2023-2804Red Hat, Inc. CVE-2023-2804: Heap Based Overflow libjpeg-turboImportant

III. Referencia a soluciones, herramientas e información
Actualizar utilizando Microsoft Windows Update o herramientas de administración de actualizaciones centralizadas.

IV. Información de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: incidentes@cert.pa
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https://cert.pa
Key ID: 16F2B124