Govt agency CERT-In finds multiple bugs in Microsoft products, asks users to update immediately

The Indian Computer Emergency Response Team (CERT-In) on Friday warned users of multiple vulnerabilities in Microsoft products which could allow an attacker to obtain information disclosure, bypass security restriction and cause denial-of-service (DoS) conditions on the targeted system.

The Indian Computer Emergency Response Team (CERT-In), a division under the Ministry of Electronics & Information Technology, issued a warning on Friday regarding several vulnerabilities present in Microsoft products. These vulnerabilities, if exploited, could lead to information disclosure, security restriction bypass, and denial-of-service (DoS) conditions on affected systems.

The affected Microsoft products encompass a wide range, including Microsoft Windows, Microsoft Office, Developer Tools, Azure, Browser, System Center, Microsoft Dynamics, and Exchange Server.

CERT-In's advisory highlighted that these vulnerabilities could enable attackers to gain elevated privileges, disclose information, bypass security restrictions, execute remote code, perform spoofing attacks, or trigger denial of service conditions.

Specifically addressing Microsoft Windows, CERT-In explained that vulnerabilities stem from inadequate access restrictions within the proxy driver and insufficient implementation of the Mark of the Web (MotW) feature.

To mitigate these risks, users are strongly urged to apply the recommended security updates outlined in the company's update guide.

In addition to Microsoft products, CERT-In also cautioned users about vulnerabilities in Android and Mozilla Firefox web browsers. These vulnerabilities could potentially expose sensitive information, allow arbitrary code execution, and induce DoS conditions on targeted systems.

Microsoft testing way to automatically launch its Copilot AI in Windows 11IANS

The affected software versions identified in the advisory include 'Android 12, 12L, 13, 14', as well as 'Mozilla Firefox versions prior to 124.0.1 and Mozilla Firefox ESR versions before 115.9.1'.

Some of the multiple vulnerabilities were found in Android and Mozilla Firefox web browsers too which could allow an attacker to obtain sensitive information, execute arbitrary code and cause DoS conditions on the targeted system.

Hence, follow the advisory to update 'Android 12, 12L, 13, 14', and 'Mozilla Firefox versions prior to 124.0.1 and Mozilla Firefox ESR versions before 115.9.1', said the agency.

(With inputs from IANS)

Microsoft

Trending now

Govt agency CERT-In finds multiple bugs in Microsoft products, asks users to update immediately

The Indian Computer Emergency Response Team (CERT-In) on Friday warned users of multiple vulnerabilities in Microsoft products which could allow an attacker to obtain information disclosure, bypass security restriction and cause denial-of-service (DoS) conditions on the targeted system.

Ola Cabs CEO Hemant Bakshi resigns, firm plans to cut 10 per cent jobs

Dyson Purifier Cool Gen1 review: An antidote for airborne toxins in homes

Krishnakumar Sivagnanam: Leading the Transformation in ERP & GRC Solutions Architecture

Ola Cabs CEO Hemant Bakshi resigns, firm plans to cut 10 per cent jobs

Dyson Purifier Cool Gen1 review: An antidote for airborne toxins in homes

Krishnakumar Sivagnanam: Leading the Transformation in ERP & GRC Solutions Architecture

Credit card data of 17K ICICI Bank users exposed; bank blocks cards, assures compensation