The Government of India has issued a warning to millions of Microsoft Windows and Office users over newly discovered security flaws that could leave devices exposed to cyberattacks.

Windows continues to be the most widely used operating system for personal computers and laptops, while Office powers essential productivity tools such as Word, Excel and PowerPoint. The new alert highlights how vulnerabilities in these products could put both individuals and organisations at considerable risk.

CERT-In flags security risks in Microsoft products

The Indian Computer Emergency Response Team (CERT-In), in its latest advisory released in August 2025, has detailed the potential threats. According to the notice, multiple vulnerabilities have been identified across Microsoft’s ecosystem, creating openings for hackers to exploit.

“Multiple vulnerabilities have been reported in Microsoft Products, which could allow an attacker to gain elevated privileges, obtain sensitive information, conduct remote code execution attacks, bypass security restrictions, conduct spoofing attacks, cause denial of service conditions or tamper with system settings,” the advisory warns.

List of Microsoft products affected

CERT-In has specified that a wide range of Microsoft services and software could be affected, including:

Microsoft Windows

Microsoft Office

Microsoft Dynamics

Browser

Device

Developer Tools

SQL Server

System Center

Open Source Software

Server Software

Extended Security Updates (ESU) for legacy Microsoft products

Azure

Apps

Both Windows 10, which is nearing the end of its official support lifecycle, and the current Windows 11 versions have been named among those impacted.

High risk for businesses and individuals

The advisory warns that the vulnerabilities pose a serious threat to individuals, IT administrators, and enterprise security teams tasked with managing Microsoft environments. If exploited, attackers could compromise systems, exfiltrate sensitive data, deploy ransomware, or even crash entire networks.