Using Windows? Government Flags Critical Flaws, Urges Immediate Update

If you’re using a Windows laptop or PC in India, whether for work, school, or everyday tasks, you might want to pause and check for updates. The Indian government has issued a new cybersecurity advisory that affects millions of Microsoft users across the country. The warning highlights several critical flaws that, if left unpatched, could leave your device vulnerable to serious risks.

Government Issues Urgent Cybersecurity Warning

The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, has issued a high-severity warning for users of Microsoft Windows, Office, and related software. The advisory highlights several critical vulnerabilities that cybercriminals could exploit to bypass security protections, install malware, and even take control of affected systems.

The security vulnerabilities flagged by CERT-In extend across a wide spectrum of Microsoft products and services. Users of the following systems and applications may be affected:

• Microsoft Windows 
• Microsoft Office suite 
• Microsoft Dynamics 
• Azure Cloud Services 
• Microsoft SQL Server 
• System Center and Developer Tools 
• Extended Security Update (ESU) Programs
• Microsoft Edge and Other Native Apps 

The flaws span across multiple versions of Microsoft products including Windows 10, Windows 11, Windows Server, Microsoft Office, Microsoft Teams, Microsoft Edge, and Outlook. The vulnerabilities involve issues related to memory corruption, elevation of privilege, security feature bypasses, and denial-of-service scenarios.

Who Is at Risk?

The warning applies to a broad spectrum of users, from everyday consumers to enterprise-level organisations. CERT-In stated, “A remote attacker could exploit these vulnerabilities by sending specially crafted requests to the targeted system.” This means that simply being connected to the internet and using outdated Microsoft products could make users vulnerable to attacks.

Some of the impacted software versions include:

• Windows Server 2016, 2019, and 2022
• Microsoft Office versions from 2013 to 2021
• Microsoft Edge (Chromium-based)
• Microsoft Outlook for Microsoft 365
• Microsoft Teams for desktop

What Should You Do?

To mitigate the risks, CERT-In has strongly recommended that all users install the latest security updates and patches issued by Microsoft. The tech giant has already released a security update to address these vulnerabilities as part of its Patch Tuesday rollout.

The agency added, “Users are advised to apply appropriate patches as mentioned in the Microsoft Security Updates.”

If left unpatched, these vulnerabilities can leave systems open to unauthorised access, data theft, or system crashes. Users and IT administrators are encouraged to regularly monitor advisories from both Microsoft and CERT-In to ensure timely responses to such threats.