The Indian Computer Emergency Response Team (CERT-In), a division under the Ministry of Electronics & Information Technology, issued a warning on Friday regarding several vulnerabilities present in Microsoft products. These vulnerabilities, if exploited, could lead to information disclosure, security restriction bypass, and denial-of-service (DoS) conditions on affected systems.
The affected Microsoft products encompass a wide range, including Microsoft Windows, Microsoft Office, Developer Tools, Azure, Browser, System Center, Microsoft Dynamics, and Exchange Server.
CERT-In's advisory highlighted that these vulnerabilities could enable attackers to gain elevated privileges, disclose information, bypass security restrictions, execute remote code, perform spoofing attacks, or trigger denial of service conditions.
Specifically addressing Microsoft Windows, CERT-In explained that vulnerabilities stem from inadequate access restrictions within the proxy driver and insufficient implementation of the Mark of the Web (MotW) feature.
To mitigate these risks, users are strongly urged to apply the recommended security updates outlined in the company's update guide.
In addition to Microsoft products, CERT-In also cautioned users about vulnerabilities in Android and Mozilla Firefox web browsers. These vulnerabilities could potentially expose sensitive information, allow arbitrary code execution, and induce DoS conditions on targeted systems.
The affected software versions identified in the advisory include 'Android 12, 12L, 13, 14', as well as 'Mozilla Firefox versions prior to 124.0.1 and Mozilla Firefox ESR versions before 115.9.1'.
Some of the multiple vulnerabilities were found in Android and Mozilla Firefox web browsers too which could allow an attacker to obtain sensitive information, execute arbitrary code and cause DoS conditions on the targeted system.
Hence, follow the advisory to update 'Android 12, 12L, 13, 14', and 'Mozilla Firefox versions prior to 124.0.1 and Mozilla Firefox ESR versions before 115.9.1', said the agency.
(With inputs from IANS)