The Indian Computer Emergency Response Team (CERT-In) has issued a ‘high severity’ alert for individuals and organisations using Microsoft products.

According to the notice, these vulnerabilities may enable cyber attackers to execute arbitrary code, gain elevated privileges, spoof cryptographic signatures, or bypass security controls on the affected systems.

Affected software

The vulnerabilities impact a range of Microsoft components, including:

  • Microsoft Edge (Chromium-based)
  • Windows Server (Storage component)
  • Windows Certificates component
  • Windows MBT Transport driver
  • Microsoft PC Manager
  • Azure Databricks

Target audience

Since the reported vulnerabilities extend across several Microsoft products, both individual users and organisations face exposure to potential cyber threats.

Microsoft has advised that users of the affected products install the latest security patches without delay to address these loopholes.

Risk assessment

For IT administrators and security professionals managing Microsoft products, it is recommended to adopt stronger preventive measures.

These include restricting administrator privileges to only essential accounts, enforcing robust authentication protocols, maintaining secure backup systems, and keeping a close watch on network traffic and devices for any suspicious patterns of activity.

Impact assessment

According to the notice, successful exploitation of these vulnerabilities could lead to serious consequences, including system compromise, data theft, ransomware attacks or even complete system crashes.

CERT-In has strongly advised users and organisations to apply Microsoft’s latest security updates immediately to minimise risks of exploitation.