In a recent announcement, India’s Computer Emergency Response Team (CERT-In), which operates under the Ministry of Electronics and Information Technology, has highlighted significant vulnerabilities in various Microsoft products. These vulnerabilities pose serious risks, potentially allowing attackers to access sensitive information, bypass security measures, and even trigger denial-of-service (DoS) conditions on targeted systems.
Affected Microsoft products include a wide range of software, including Microsoft Windows, Microsoft Office, Developer Tools, Azure, Browser, System Center, Microsoft Dynamics and Exchange Server.
CERT-In warned that these vulnerabilities could empower attackers to exploit elevated privileges, gain access to confidential data, evade security protocols, execute remote code, commit spoofing attacks, or orchestrate DoS incidents. The warning highlights the urgent need for users to take proactive measures to protect their systems.
Specifically addressing vulnerabilities within Microsoft Windows, CERT-In identified flaws in access restrictions within the proxy driver and flaws in the implementation of the Mark of the Web (MotW) feature as key areas of concern.
To mitigate these risks, users are strongly advised to immediately implement the necessary security updates listed in the company’s update guide. In this way, they can effectively harden their systems against potential threats.
In addition to Microsoft’s vulnerabilities, CERT-In also warned users about security flaws in the Android and Mozilla Firefox web browsers. These vulnerabilities, if exploited, can similarly result in unauthorized access to sensitive data, arbitrary code execution, and DoS attacks.
According to the warning, versions including “Android 12, 12L, 13, 14”, as well as “Mozilla Firefox versions before 124.0.1 and Mozilla Firefox ESR versions before 115.9.1”, are vulnerable to these vulnerabilities.