Government issues ‘high risk’ warning for Microsoft Windows users – ET CISO
https://etimg.etb2bimg.com/thumb/msid-114138621,imgsize-37016,width-1200,height=765,overlay-etciso/grc/government-issues-high-risk-warning-for-microsoft-windows-users.jpg
The Indian Computer Emergency Response Team (CERT-In) has issued an advisory for Microsoft Windows users. The cyber security under the aegis of Ministry of Electronics and Information Technology said that it has discovered multiple vulnerabilities in Microsoft products including Microsoft Windows, Microsoft Office, Microsoft Azure, Developer Tools, and Microsoft SQL Server.
What the advisory says
In its advisory, CERT-in says that multiple vulnerabilities have been reported in Microsoft products which could allow an attacker to gain elevated privileges, bypass security restrictions, obtain sensitive information, conduct remote code execution attacks, or cause denial of service (DoS) conditions. The agency advises users to apply appropriate security updates.
CERT-In has issued a second advisory related to Microsoft products this week. It has discovered multiple Vulnerabilities in Microsoft Edge (Chromium-based) with high severity warning. Vulnerability note is CIVN-2024-0316 M.
Affected versions include Microsoft Edge (Chromium-based) version prior to 129.0.2792.79. The vulnerability, CERT-In says can be exploited by a remote attacker to bypass security restrictions and execute arbitrary code on the targeted system.
“These vulnerabilities exist in Microsoft Edge (Chromium-based) due to insufficient data validation in Mojo, Inappropriate implementation in V8 and Integer overflow in Layout. A remote attacker could exploit these vulnerabilities by sending a specially crafted request to the targeted system,” it reads. “Successful exploitation of these vulnerabilities could allow a remote attacker to bypass security restrictions and execute arbitrary code on the targeted system,” it adds.