The affected Microsoft products include a wide range of software, encompassing Microsoft Windows, Microsoft Office, Developer Tools, Azure, Browser, System Center, Microsoft Dynamics, and Exchange Server.
In a recent announcement, the Indian Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics & Information Technology, highlighted significant vulnerabilities in various Microsoft products. These vulnerabilities pose serious risks, potentially enabling attackers to access sensitive information, bypass security measures, and even trigger denial-of-service (DoS) conditions on targeted systems.
The affected Microsoft products include a wide range of software, encompassing Microsoft Windows, Microsoft Office, Developer Tools, Azure, Browser, System Center, Microsoft Dynamics, and Exchange Server.
CERT-In cautioned that these vulnerabilities could empower attackers to exploit elevated privileges, gain access to confidential data, evade security protocols, execute remote code, perpetrate spoofing attacks, or orchestrate DoS incidents. The warning underscores the urgent need for users to take proactive measures to safeguard their systems.
Specifically addressing vulnerabilities within Microsoft Windows, CERT-In identified shortcomings in access restrictions within the proxy driver and deficiencies in the implementation of the Mark of the Web (MotW) feature as key areas of concern.
To mitigate these risks, users are strongly advised to promptly implement the necessary security updates outlined in the company's update guide. By doing so, they can effectively fortify their systems against potential threats.
In addition to the Microsoft vulnerabilities, CERT-In also alerted users to security flaws in Android and Mozilla Firefox web browsers. These vulnerabilities, if exploited, could similarly result in the unauthorized access of sensitive data, execution of arbitrary code, and initiation of DoS attacks.
According to the advisory, versions including 'Android 12, 12L, 13, 14', as well as 'Mozilla Firefox versions before 124.0.1 and Mozilla Firefox ESR versions before 115.9.1', are susceptible to these vulnerabilities.
source
