CERT-In sounds alarm on ‘critical’ Microsoft product flaws allowing code execution, data theft

If you use Microsoft software, you need to update immediately. Severe vulnerabilities affecting Windows, Office, Edge, and more could allow attackers to steal data, bypass security, and execute malicious code.

CERT-In has issued a high-severity warning about multiple vulnerabilities in Microsoft products. (Image: HolgersFotografie/Pixabay)

A host of vulnerabilities have been uncovered on Microsoft software that could put your systems at serious risk. The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning, urging users to update their Microsoft products immediately.

The list of affected software is extensive, spanning Windows, Office, Developer Tools, Azure, Edge browser, System Center, Dynamics, and Exchange Server. According to CERT-In, these vulnerabilities could enable attackers to gain elevated privileges, access confidential data, bypass security restrictions, execute remote code, carry out spoofing attacks, or even trigger denial-of-service (DoS) conditions.

One area of concern highlighted by CERT-In is the access restrictions within the proxy driver and the implementation of the Mark of the Web (MotW) feature in Microsoft Windows. Apparently, the SmartScreen security feature bypasses MotW, potentially allowing malware to execute on targeted systems.

Story continues below this ad

But that’s not all. The vulnerabilities extend to Microsoft’s Edge browser as well. Researchers have identified spoofing flaws, use-after-free errors, implementation issues, and buffer overflow vulnerabilities that could enable remote code execution and security bypasses.

If you’re a developer working with Rust on Windows, there’s more bad news. A critical vulnerability in the Rust standard library could allow unauthenticated remote attackers to execute arbitrary code on affected systems. The issue stems from improper argument escaping when invoking Windows batch files via the Command API.

CERT-In’s warning comes with a clear message: update your Microsoft products immediately. The vulnerabilities are severe, and some are already being actively exploited in the wild. Delaying updates could leave your systems vulnerable to attacks, data breaches, and potential system compromise.

Microsoft has already released security updates to address these vulnerabilities, and CERT-In has provided links to the company’s update guide and relevant advisories. It’s crucial that users promptly apply these updates to fortify their systems against potential threats.

Story continues below this ad

Of course, there’s no need to panic – if your Windows machine isn’t displaying any new system or app updates, chances are you’re already on the patched versions.

Earlier this month, CERT-In alerted about a “high” severity flaw that allowed remote code execution attacks on a wide range of Apple products and several Android versions.