CERT-in warns of critical security vulnerabilities in Microsoft products

The Computer Emergency Response Team (CERT-in) has issued a warning for users of various Microsoft products including Windows 10, Windows 11 and Microsoft Office. The cybersecurity watchdog has reported security bypass vulnerabilities in Microsoft Windows products that could be exploited by the attacker to compromise the targeted system.

The agency, which comes under the Ministry of Electronics & Information Technology, classified the vulnerability as ‘critical’ on the severity scale.

“Multiple vulnerabilities have been reported in Microsoft Windows which could allow an attacker to execute arbitrary code, bypass security features, and compromise the targeted system,” Cert-In said.

As per the agency, the vulnerabilities exist due to improper access restrictions within the proxy driver and insufficient implementation of the Mark of the Web (MoW) feature in Microsoft Windows.

“The SmartScreen security feature protection mechanism bypasses the Mark of the Web (MotW) feature and allows malware to execute on a target system. The threat actors may exploit these vulnerabilities by sending specially crafted request,” it added.

Which Microsoft products are vulnerable
The products include — Microsoft Windows, Microsoft Office, Developer Tools, Azure, Brower, System Center, Microsoft Dynamics, and Exchange Server.

The agency advised users to apply appropriate security updates as mentioned in the company’s update guide.

Earlier this year, CERT-in issued a warning for users of Windows 10 and Windows 11 users, saying a vulnerability in Microsoft Windows Kernel that could be exploited by the attacker to gain elevated privileges on the targeted system.

It classified the vulnerability – spotted in both 32-bit and x64-based systems – as ‘high’ on the severity scale. It said the vulnerability exists in Microsoft Windows Kernel due to a flaw in the Kernel component.