The Computer Emergency Response Team (CERT-In), a governmental body under the Ministry of Electronics and Information Technology that oversees computer security matters, has issued an advisory to Microsoft users, particularly those operating on Windows 10, Windows 11, and utilizing Microsoft Office. The regulatory authority has identified critical security vulnerabilities within Microsoft Windows offerings, presenting opportunities for malicious actors to exploit these weaknesses. The agency has designated the severity of these vulnerabilities as ‘critical’.

CERT-In’s warning indicated, “Multiple vulnerabilities have emerged in Microsoft Windows that may empower an attacker to execute arbitrary code, evade security protocols, and compromise the targeted system.” It further explained that these vulnerabilities stem from deficient access controls in the proxy driver and suboptimal handling of the Mark of the Web (MoW) feature in Windows.

The advisory elaborated, “The SmartScreen protection mechanism circumvents the Mark of the Web (MotW) safeguard and permits malicious software to run on a target system. Malicious parties could leverage these vulnerabilities by sending meticulously crafted requests.”

Microsoft Products at Risk

According to the warning, vulnerable products include Microsoft Office, Microsoft Windows, Developer Tools, Browser, Azure, Microsoft Dynamics, System Center, and Exchange Server.

CERT-In recommends that users promptly apply relevant security updates as outlined in Microsoft’s update guide.

Earlier this year, the agency cautioned Windows 10 and Windows 11 users about a security flaw in the Microsoft Windows Kernel, which could allow attackers to elevate their privileges on compromised systems. This vulnerability was rated as ‘high’ on the severity scale and affected both 32-bit and x64-based systems. The regulatory body pointed out that the flaw resided in the Windows Kernel component.