The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk warning regarding the significant vulnerabilities discovered in various Microsoft products. These vulnerabilities expose users to high risk and potentially allow attackers to exploit their digital security and compromise systems.
As per CET-In these vulnerabilities could enable an attacker to:
- Obtain information disclosure
- Bypass security restrictions
- Conduct remote code execution attacks
- Perform spoofing attacks
- Cause denial of service conditions
Which are the affected Microsoft products considered vulnerable?
- Windows 10 and Windows 11: Various versions of Windows OS were susceptible to these vulnerabilities. Here, attackers can perform remote code execution and bypass security restrictions.
- Exchange Server: The widely used email and calendar server software also contains vulnerabilities that can be exploited by malicious actors.
- Microsoft Teams: The team is a popular collaboration platform, and it has also made its way to the list of affected products.
- Microsoft Office: Applications like Word, Excel, and PowerPoint are also at risk and users should be cautious when handling Office files.
- Microsoft Azure Services: Microsoft Azure is its cloud computing platform, and CERT-In has emphasized the importance of securing cloud-based resources.
- Developers Tools: The warning has been extended to developer tools as well. It is used for software development and developers should stay informed about the updates.
- Bing: Even Microsoft’s search engine Bing is not immune to these security risks.
- Microsoft Dynamics: Microsoft Dynamics which is an enterprise resource planning (ERP) solution is also part of the list. Organizations relying on Dynamics take necessary precautions.
Although, it is not explicitly mentioned web browsers like Microsoft Edge may also be affected. The advisory includes a broad category of other services indicating that additional Microsoft offerings are also equally vulnerable.
What are the mitigation measures to safeguard our digital space?
In terms of protecting against the risks posed by these Microsoft products, users can take the following cautionary measures:
- Ensure your devices are regularly updated with the latest security patches and updates.
- Run Windows Update to install the latest security updates.
- Visit the Microsoft Update Catalog page and install the KB4012598 security update if needed.
- Stay informed about the security advisories from Microsoft and CERT-In.
Apart from software vulnerabilities, the government has also warned citizens about the “USB charger scam”. Individuals are advised to be cautious while using public phone charging stations, especially at airports, cafes, and hotels.
Also Read:
Microsoft Invests $1.5 Billion in UAE-based G42 to Propel AI Development
Microsoft Enhances Windows 11 with AI-Powered ‘Voice Clarity’ Feature
Microsoft Teams Set to launch on Android Auto in February
Microsoft Unveils Copilot Key on Windows 11: A Leap Towards AI-Powered PCs