Government's CERT-In Issues 'Critical' Level Warning For Microsoft Windows 10, 11 & Office Users

The Computer Emergency Response Team (CERT-in), a government organisation under the Ministry of Electronics and Information Technology that handles computer security incidents, has issued a warning for Microsoft users, especially the ones who use Windows 10, Windows 11, and Microsoft Office. The security watchdog has observed security bypass vulnerabilities in Microsoft Windows products which hackers can use to exploit the system. The said agency has classified the vulnerability as ‘critical’ on the severity scale.

CERT-In in its warning said, “Multiple vulnerabilities have been reported in Microsoft Windows which could allow an attacker to execute arbitrary code, bypass security features, and compromise the targeted system.” It added that the vulnerabilities exist due to improper access restrictions within the proxy driver and the inadequate implementation of the Mark of the Web (MoW) feature in Windows.

The warning added, “The SmartScreen security feature protection mechanism bypasses the Mark of the Web (MotW) feature and allows malware to execute on a target system. The threat actors may exploit these vulnerabilities by sending specially crafted requests.”

ALSO READ | 'Har Koi Chhoti Umar Se Hi....': PM Modi Goes Candid During Chat With India's Pro Gamers

Which Microsoft Products Are At Threat

The products that are vulnerable as per the warning are — Microsoft Office, Microsoft Windows, Developer Tools, Brower, Azure, Microsoft Dynamics, System Center, and Exchange Server.

CERT-In has advised users to apply appropriate security updates as recommended in the company's update guide.

Earlier this year also, the agency issued a warning for Windows 10 and Windows 11 users while stating that there is a vulnerability in Microsoft Windows Kernel which could be utilised by the attacker to gain elevated privileges on the attacked system. That warning also classified the vulnerability spotted in both 32-bit and x64-based systems as ‘high’ on the severity scale. The security watchdog added that the vulnerability exists in Microsoft Windows Kernel due to a flaw in the Kernel component.