If you are a Microsoft service user, then you should read the whole article with your attention. In the latest advisory, India’s cybersecurity agency CERT-In has issued a high-severity warning about a slew of security flaws across widely used Microsoft products. The advisory, which was released on Monday, flags many risks, including several versions of Windows, Windows Server, Microsoft Office and Chromium-based Microsoft Edge.
As per the agency, these vulnerabilities can allow attackers to execute the malicious code and get elevated system privileges, access sensitive data, or disrupt services. If you are an individual user or organisation running on the affected version of the above-listed software, you are at risk.
Also read: Samsung Galaxy S25 Ultra price cut alert! Save up to Rs 30,000 on Amazon
“These vulnerabilities exist in Microsoft products due to improper input validation, memory corruption, insufficient access control mechanisms and improper handling of objects in memory. An attacker could exploit these vulnerabilities remotely or locally, depending on the attack vector, with some cases requiring user interaction (such as opening a crafted file or visiting a malicious webpage) while others may be exploited without authentication,” the advisory added.
The issue starts from weaknesses such as improper input validation, memory handling errors, and gaps in access control mechanisms. CERT-In noted that these flaws could be exploited either remotely or locally. In some cases, attackers may need users to interact with malicious files or links, while other exploits may not require authentication at all.
Also read: AI is costing more than employee salaries? A new report reveals shocking truth
If it gets successfully exploited, the vulnerabilities can give attackers control over systems, allowing them to run arbitrary commands, bypass security safeguards, or compromise confidential information. This raises concerns for enterprises and government systems that rely heavily on Microsoft’s ecosystem.
CERT-In, which operates under the Ministry of Electronics and Information Technology, has urged users and organisations to take immediate action. It is recommended to apply the latest security updates released by Microsoft to mitigate the risks.