The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning, urging users to update their Microsoft products immediately.
One area of concern highlighted by CERT-In is the access restrictions within the proxy driver and the implementation of the Mark of the Web (MotW) feature in Microsoft Windows.
Researchers have identified spoofing flaws, use-after-free errors, implementation issues, and buffer overflow vulnerabilities that could enable remote code execution and security bypasses.
Microsoft has already released security updates to address these vulnerabilities, and CERT-In has provided links to the company’s update guide and relevant advisories.
Earlier this month, CERT-In alerted about a “high” severity flaw that allowed remote code execution attacks on a wide range of Apple products and several Android versions.
A host of vulnerabilities have been uncovered on Microsoft software that could put your systems at serious risk. The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning, urging users to update their Microsoft products immediately.
The list of affected software is extensive, spanning Windows, Office, Developer Tools, Azure, Edge browser, System Center, Dynamics, and Exchange Server. According to CERT-In, these vulnerabilities could enable attackers to gain elevated privileges, access confidential data, bypass security restrictions, execute remote code, carry out spoofing attacks, or even trigger denial-of-service (DoS) conditions.
One area of concern highlighted by CERT-In is the access restrictions within the proxy driver and the implementation of the Mark of the Web (MotW) feature in Microsoft Windows. Apparently, the SmartScreen security feature bypasses MotW, potentially allowing malware to execute on targeted systems.
Advertisement
But that’s not all. The vulnerabilities extend to Microsoft’s Edge browser as well. Researchers have identified spoofing flaws, use-after-free errors, implementation issues, and buffer overflow vulnerabilities that could enable remote code execution and security bypasses.
If you’re a developer working with Rust on Windows, there’s more bad news. A critical vulnerability in the Rust standard library could allow unauthenticated remote attackers to execute arbitrary code on affected systems. The issue stems from improper argument escaping when invoking Windows batch files via the Command API.
CERT-In’s warning comes with a clear message: update your Microsoft products immediately. The vulnerabilities are severe, and some are already being actively exploited in the wild. Delaying updates could leave your systems vulnerable to attacks, data breaches, and potential system compromise.
Microsoft has already released security updates to address these vulnerabilities, and CERT-In has provided links to the company’s update guide and relevant advisories. It’s crucial that users promptly apply these updates to fortify their systems against potential threats.
Advertisement
Of course, there’s no need to panic – if your Windows machine isn’t displaying any new system or app updates, chances are you’re already on the patched versions.
Earlier this month, CERT-In alerted about a “high” severity flaw that allowed remote code execution attacks on a wide range of Apple products and several Android versions.
