The Computer Emergency Response Team (CERT-in) has issued a warning to users of various Microsoft products, including Windows 10, Windows 11, and Microsoft Office. The cybersecurity watchdog has reported security bypass vulnerabilities in Microsoft Windows products that could be exploited by the attacker to compromise the targeted system.
The agency, which is under the Ministry of Electronics and Information Technology, classified the vulnerability as “critical” on the severity scale.
“Several vulnerabilities have been reported in Microsoft Windows that could allow an attacker to execute arbitrary code, bypass security features, and compromise the targeted system,” Cert-In said.
According to the agency, the vulnerabilities exist due to inappropriate access restrictions within the proxy driver and insufficient implementation of the Mark of the Web (MoW) functionality in Microsoft Windows.
“The SmartScreen security feature protection mechanism bypasses the Mark of the Web (MotW) feature and allows malware to execute on a target system. Malicious actors can exploit these vulnerabilities by sending specially crafted requests,” he adds.
Which Microsoft products are vulnerable
Products include: Microsoft Windows, Microsoft Office, Developer Tools, Azure, Brower, System Center, Microsoft Dynamics and Exchange Server.
The agency advised users to apply appropriate security updates, as mentioned in the company’s update guide.
Earlier this year, CERT-in issued a warning to Windows 10 and Windows 11 users, indicating a vulnerability in the Microsoft Windows kernel that could be exploited by the attacker to gain elevated privileges on the targeted system .
It rated the vulnerability – spotted in 32-bit and x64 systems – as “high” on the severity scale. It said that the vulnerability exists in the Microsoft Windows kernel due to a flaw in the kernel component.
The agency, which is under the Ministry of Electronics and Information Technology, classified the vulnerability as “critical” on the severity scale.
“Several vulnerabilities have been reported in Microsoft Windows that could allow an attacker to execute arbitrary code, bypass security features, and compromise the targeted system,” Cert-In said.
According to the agency, the vulnerabilities exist due to inappropriate access restrictions within the proxy driver and insufficient implementation of the Mark of the Web (MoW) functionality in Microsoft Windows.
“The SmartScreen security feature protection mechanism bypasses the Mark of the Web (MotW) feature and allows malware to execute on a target system. Malicious actors can exploit these vulnerabilities by sending specially crafted requests,” he adds.
Which Microsoft products are vulnerable
Products include: Microsoft Windows, Microsoft Office, Developer Tools, Azure, Brower, System Center, Microsoft Dynamics and Exchange Server.
The agency advised users to apply appropriate security updates, as mentioned in the company’s update guide.
Develop
Earlier this year, CERT-in issued a warning to Windows 10 and Windows 11 users, indicating a vulnerability in the Microsoft Windows kernel that could be exploited by the attacker to gain elevated privileges on the targeted system .
It rated the vulnerability – spotted in 32-bit and x64 systems – as “high” on the severity scale. It said that the vulnerability exists in the Microsoft Windows kernel due to a flaw in the kernel component.
