In a recent advisory, India’s cybersecurity agency, CERT-In, has raised alarms regarding several high-severity vulnerabilities affecting a range of Microsoft products. This advisory, released on Monday, highlights risks associated with multiple versions of Windows, Windows Server, Microsoft Office, and the Chromium-based Microsoft Edge browser. Users of these services, whether individuals or organizations, should take heed of the potential threats.
The vulnerabilities identified can enable attackers to execute malicious code, elevate system privileges, access sensitive data, or disrupt services. CERT-In has detailed that these security flaws stem from issues such as improper input validation, memory corruption, insufficient access control mechanisms, and inadequate handling of objects in memory. Depending on the attack vector, these vulnerabilities can be exploited either remotely or locally. In certain scenarios, user interaction may be necessary—such as opening a crafted file or visiting a malicious webpage—while others may allow exploitation without any authentication.
Should these vulnerabilities be successfully exploited, attackers could gain control over systems, execute arbitrary commands, bypass security measures, or compromise confidential information. This situation poses significant risks for enterprises and government systems that are heavily reliant on Microsoft’s ecosystem.
How to fix
In light of these findings, CERT-In, operating under the Ministry of Electronics and Information Technology, has urged all users and organizations to take immediate action. The agency recommends applying the latest security updates released by Microsoft to mitigate these risks effectively.
