The Indian Computer Emergency Response Team (CERT-In) has discovered serious security loopholes in several Microsoft products. The apex cybersecurity agency in India has issued an advisory over security risks pertaining to widely used Microsoft products such as Windows, Office, SQL Server, Dynamics, System Centre and Azure, as well as older editions under Extended Security Updates (ESU).
“Multiple vulnerabilities have been reported in Microsoft Products, which could allow an attacker to gain elevated privileges, obtain sensitive information, conduct remote code execution attacks, bypass security restrictions, conduct spoofing attacks, cause denial of service conditions, or tamper with system settings,” CERT-In said.
The agency, which operates under the Ministry of Electronics and Information Technology, has advised users to apply relevant security updates from this link. The advisory was issued on Aug. 18.
The advisory suggested that the IT administrators and security teams responsible for maintaining and updating Microsoft products take precautionary measures and apply appropriate security measures.
The latest warning from CERT-In applies not just to big companies but also to everyday computer users. Anyone using Microsoft products at home could be at risk.
By exploiting the existing security flaws, hackers can break into computers, steal important information, such as documents or passwords, and take control of devices. Attackers could crash key programmes or change system settings without the user knowing about it.
If left unpatched, these weaknesses could lead to data theft, ransomware attacks, or disruption of essential services. This is why it is important to install relevant security updates for the software.
Cybersecurity professionals have warned that delaying the required security patches could leave both individuals and organisations exposed to possible cyberattacks. Such vulnerabilities could be exploited to steal money, conduct surveillance, or disrupt operations on a large scale.
Those managing Microsoft systems are advised to put stricter safeguards in place. This includes granting administrator rights only to trusted accounts, enforcing stronger login methods, maintaining reliable backup solutions and keeping a close watch on unusual activity within devices and networks.
Alongside the Microsoft alert, CERT-In has also raised a separate warning for users of Google Chrome on desktops. The advisory notes that a flaw in the browser could let attackers run harmful code on a computer from a remote location.
. Read more on Technology by NDTV Profit.