Microsoft product vulnerabilities are discovered by CERT-In: Here’s how to keep yourself safe
The nodal cybersecurity organisation for India has issued a warning over vulnerabilities in Microsoft products in its most recent alert. According to the Ministry of Electronics & Information Technology’s Indian Computer Emergency Response Team (CERT-In), security flaws in Microsoft products could give an attacker access to confidential data, enable them to get around security measures, and even cause a denial-of-service (DoS) attack on the system they are targeting.
Microsoft Windows, Microsoft Office, Developer Tools, Azure, Brower, System Centre, Microsoft Dynamics, and Exchange Server are among the products that are impacted.
“Multiple vulnerabilities have been reported in Microsoft products that could allow an attacker to gain elevated privileges, obtain information disclosure, bypass security restrictions, conduct remote code execution attacks, perform spoofing attacks, or cause denial of service conditions,” according to the advisory from CERT-In.
The agency claims that inappropriate proxy driver access limitations and inadequate Mark of the Web (MotW) feature implementation are the reasons behind the vulnerabilities on Microsoft Windows.
According to the company’s update guide, users should install the relevant security upgrades the agency recommends.
However, CERT-In has alerted users to a number of vulnerabilities in the web browsers for Android and Mozilla Firefox that might let an attacker take control of the targeted machine, execute arbitrary code, and steal sensitive data.
The impacted software versions were listed as “Android 12, 12L, 13, 14,” and “Mozilla Firefox versions prior to 124.0.1 and Mozilla Firefox ESR versions prior to 115.9.1,” respectively, according to the alert.
“Successful exploitation of these vulnerabilities could allow the attacker to obtain sensitive information, gain elevated privileges, and cause a denial-of-service condition on the targeted system,” the alert from CERT-In said.
Android has vulnerabilities that result from flaws in a number of different components, including the system, MediaTek, Qualcomm, Widevine, Framework, and closed-source Qualcomm components. Similar vulnerabilities may be found in Mozilla Firefox as a result of privileged JavaScript execution via event handlers and out-of-bounds access via range analysis bypass.
