{"id":4159,"date":"2025-02-11T14:17:07","date_gmt":"2025-02-11T19:17:07","guid":{"rendered":"https:\/\/cert.pa\/?p=4159"},"modified":"2025-02-11T14:17:10","modified_gmt":"2025-02-11T19:17:10","slug":"csirt-panama-aviso-2025-feb-11-actualizaciones-de-seguridad-de-microsoft-para-febrero-2025","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=4159","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2025-Feb-11 Actualizaciones de seguridad de Microsoft para Febrero 2025."},"content":{"rendered":"\n

CSIRT Panam\u00e1 Aviso 2025-Feb-11 Actualizaciones de seguridad de Microsoft para Febrero 2025.
Gravedad: Alta
Fecha de publicaci\u00f3n: febrero 11, 2025
\u00daltima revisi\u00f3n: febrero 11, 2025
https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2025-Feb<\/p>\n\n\n\n

Sistemas Afectados:
Microsoft Dynamics 365 Sales
Windows DHCP Client
Windows Message Queuing
Windows Resilient File System (ReFS) Deduplication Service
Windows CoreMessaging
Azure Network Watcher
Windows Telephony Service
Microsoft Surface
Microsoft High Performance Compute Pack (HPC) Linux Node Agent
Windows Telephony Server
Visual Studio
Windows Routing and Remote Access Service (RRAS)
Windows Internet Connection Sharing (ICS)
Microsoft Edge for iOS and Android
Outlook for Android
Microsoft Edge (Chromium-based)
Microsoft PC Manager
Microsoft Windows
Windows Update Stack
Windows Remote Desktop Services
Windows Kerberos
Active Directory Domain Services
Windows Kernel
Windows Win32 Kernel Subsystem
Microsoft Digest Authentication
Windows Installer
Microsoft Streaming Service
Windows LDAP – Lightweight Directory Access Protocol
Windows NTLM
Windows DHCP Server
Microsoft Office Excel
Windows Storage
Microsoft Office
Microsoft Office SharePoint
Windows DWM Core Library
Windows Ancillary Function Driver for WinSock
Windows Setup Files Cleanup
Windows Disk Cleanup Tool
Microsoft AutoUpdate (MAU)
Visual Studio Code<\/p>\n\n\n\n

I. Descripci\u00f3n
Microsoft ha liberado sus actualizaciones de seguridad correspondientes al mes de febrero de 2025.
Este conjunto de actualizaciones remedia 55 fallas y 4 d\u00edas cero.<\/p>\n\n\n\n

II. Detalle<\/p>\n\n\n\n

Tag<\/th>CVE ID<\/th>CVE Title<\/th>Severity<\/th><\/tr>
Active Directory Domain Services<\/td>CVE-2025-21351<\/a><\/td>Windows Active Directory Domain Services API Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Azure Network Watcher<\/td>CVE-2025-21188<\/a><\/td>Azure Network Watcher VM Extension Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft AutoUpdate (MAU)<\/td>CVE-2025-24036<\/a><\/td>Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Digest Authentication<\/td>CVE-2025-21368<\/a><\/td>Microsoft Digest Authentication Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Digest Authentication<\/td>CVE-2025-21369<\/a><\/td>Microsoft Digest Authentication Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Dynamics 365 Sales<\/td>CVE-2025-21177<\/a><\/td>Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2025-21267<\/a><\/td>Microsoft Edge (Chromium-based) Spoofing Vulnerability<\/td>Low<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2025-21279<\/a><\/td>Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2025-21342<\/a><\/td>Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2025-0445<\/a><\/td>Chromium: CVE-2025-0445 Use after free in V8<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2025-0451<\/a><\/td>Chromium: CVE-2025-0451 Inappropriate implementation in Extensions API<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2025-0444<\/a><\/td>Chromium: CVE-2025-0444 Use after free in Skia<\/td>Unknown<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2025-21283<\/a><\/td>Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2025-21404<\/a><\/td>Microsoft Edge (Chromium-based) Spoofing Vulnerability<\/td>Low<\/td><\/tr>
Microsoft Edge (Chromium-based)<\/td>CVE-2025-21408<\/a><\/td>Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Edge for iOS and Android<\/td>CVE-2025-21253<\/a><\/td>Microsoft Edge for IOS and Android Spoofing Vulnerability<\/td>Moderate<\/td><\/tr>
Microsoft High Performance Compute Pack (HPC) Linux Node Agent<\/td>CVE-2025-21198<\/a><\/td>Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2025-21392<\/a><\/td>Microsoft Office Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office<\/td>CVE-2025-21397<\/a><\/td>Microsoft Office Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Excel<\/td>CVE-2025-21381<\/a><\/td>Microsoft Excel Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Microsoft Office Excel<\/td>CVE-2025-21394<\/a><\/td>Microsoft Excel Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Excel<\/td>CVE-2025-21383<\/a><\/td>Microsoft Excel Information Disclosure Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Excel<\/td>CVE-2025-21390<\/a><\/td>Microsoft Excel Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Excel<\/td>CVE-2025-21386<\/a><\/td>Microsoft Excel Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office Excel<\/td>CVE-2025-21387<\/a><\/td>Microsoft Excel Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Office SharePoint<\/td>CVE-2025-21400<\/a><\/td>Microsoft SharePoint Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Microsoft PC Manager<\/td>CVE-2025-21322<\/a><\/td>Microsoft PC Manager Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Streaming Service<\/td>CVE-2025-21375<\/a><\/td>Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Surface<\/td>CVE-2025-21194<\/a><\/td>Microsoft Surface Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Microsoft Windows<\/td>CVE-2025-21337<\/a><\/td>Windows NTFS Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Open Source Software<\/td>CVE-2023-32002<\/a><\/td>HackerOne: CVE-2023-32002 Node.js `Module._load()` policy Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Outlook for Android<\/td>CVE-2025-21259<\/a><\/td>Microsoft Outlook Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Visual Studio<\/td>CVE-2025-21206<\/a><\/td>Visual Studio Installer Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Visual Studio Code<\/td>CVE-2025-24039<\/a><\/td>Visual Studio Code Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Visual Studio Code<\/td>CVE-2025-24042<\/a><\/td>Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Ancillary Function Driver for WinSock<\/td>CVE-2025-21418<\/a><\/td>Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows CoreMessaging<\/td>CVE-2025-21358<\/a><\/td>Windows Core Messaging Elevation of Privileges Vulnerability<\/td>Important<\/td><\/tr>
Windows CoreMessaging<\/td>CVE-2025-21184<\/a><\/td>Windows Core Messaging Elevation of Privileges Vulnerability<\/td>Important<\/td><\/tr>
Windows DHCP Client<\/td>CVE-2025-21179<\/a><\/td>DHCP Client Service Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows DHCP Server<\/td>CVE-2025-21379<\/a><\/td>DHCP Client Service Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Disk Cleanup Tool<\/td>CVE-2025-21420<\/a><\/td>Windows Disk Cleanup Tool Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows DWM Core Library<\/td>CVE-2025-21414<\/a><\/td>Windows Core Messaging Elevation of Privileges Vulnerability<\/td>Important<\/td><\/tr>
Windows Installer<\/td>CVE-2025-21373<\/a><\/td>Windows Installer Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Internet Connection Sharing (ICS)<\/td>CVE-2025-21216<\/a><\/td>Internet Connection Sharing (ICS) Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Internet Connection Sharing (ICS)<\/td>CVE-2025-21212<\/a><\/td>Internet Connection Sharing (ICS) Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Internet Connection Sharing (ICS)<\/td>CVE-2025-21352<\/a><\/td>Internet Connection Sharing (ICS) Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Internet Connection Sharing (ICS)<\/td>CVE-2025-21254<\/a><\/td>Internet Connection Sharing (ICS) Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Kerberos<\/td>CVE-2025-21350<\/a><\/td>Windows Kerberos Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Kernel<\/td>CVE-2025-21359<\/a><\/td>Windows Kernel Security Feature Bypass Vulnerability<\/td>Important<\/td><\/tr>
Windows LDAP – Lightweight Directory Access Protocol<\/td>CVE-2025-21376<\/a><\/td>Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability<\/td>Critical<\/td><\/tr>
Windows Message Queuing<\/td>CVE-2025-21181<\/a><\/td>Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows NTLM<\/td>CVE-2025-21377<\/a><\/td>NTLM Hash Disclosure Spoofing Vulnerability<\/td>Important<\/td><\/tr>
Windows Remote Desktop Services<\/td>CVE-2025-21349<\/a><\/td>Windows Remote Desktop Configuration Service Tampering Vulnerability<\/td>Important<\/td><\/tr>
Windows Resilient File System (ReFS) Deduplication Service<\/td>CVE-2025-21183<\/a><\/td>Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Resilient File System (ReFS) Deduplication Service<\/td>CVE-2025-21182<\/a><\/td>Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Routing and Remote Access Service (RRAS)<\/td>CVE-2025-21410<\/a><\/td>Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Routing and Remote Access Service (RRAS)<\/td>CVE-2025-21208<\/a><\/td>Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Setup Files Cleanup<\/td>CVE-2025-21419<\/a><\/td>Windows Setup Files Cleanup Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Storage<\/td>CVE-2025-21391<\/a><\/td>Windows Storage Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr>
Windows Telephony Server<\/td>CVE-2025-21201<\/a><\/td>Windows Telephony Server Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Telephony Service<\/td>CVE-2025-21407<\/a><\/td>Windows Telephony Service Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Telephony Service<\/td>CVE-2025-21406<\/a><\/td>Windows Telephony Service Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Telephony Service<\/td>CVE-2025-21200<\/a><\/td>Windows Telephony Service Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Telephony Service<\/td>CVE-2025-21371<\/a><\/td>Windows Telephony Service Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Telephony Service<\/td>CVE-2025-21190<\/a><\/td>Windows Telephony Service Remote Code Execution Vulnerability<\/td>Important<\/td><\/tr>
Windows Update Stack<\/td>CVE-2025-21347<\/a><\/td>Windows Deployment Services Denial of Service Vulnerability<\/td>Important<\/td><\/tr>
Windows Win32 Kernel Subsystem<\/td>CVE-2025-21367<\/a><\/td>Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability<\/td>Important<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

III. Referencia a soluciones, herramientas e informaci\u00f3n
Actualizar utilizando Microsoft Windows Update o herramientas de administraci\u00f3n de actualizaciones centralizadas.<\/p>\n\n\n\n

IV. Informaci\u00f3n de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovaci\u00f3n Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https:\/\/cert.pa
Key ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"

CSIRT Panam\u00e1 Aviso 2025-Feb-11 Actualizaciones de seguridad de Microsoft para Febrero 2025.Gravedad: AltaFecha de publicaci\u00f3n: febrero 11, 2025\u00daltima revisi\u00f3n: febrero 11, 2025https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2025-Feb Sistemas Afectados:Microsoft Dynamics 365 SalesWindows DHCP ClientWindows Message QueuingWindows Resilient File System (ReFS)…<\/p>\n","protected":false},"author":5,"featured_media":1843,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[76,8,72,9,73,68,45,94],"class_list":["post-4159","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-actualizaciones","tag-avisos","tag-avisos-de-seguridad","tag-microsoft","tag-parches","tag-vulnerabilidades","tag-windows","tag-windows-update"],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/4159","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4159"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/4159\/revisions"}],"predecessor-version":[{"id":4160,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/4159\/revisions\/4160"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/1843"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}