CERT-In Discovers Microsoft Product Bugs, Urges Updates

CERT-In Discovers Microsoft Product Bugs, Urges Updates
CERT-In, the Indian Computer Emergency Response Team operating under the Ministry of Electronics & Information Technology, issued a warning regarding several vulnerabilities in various Microsoft products. These vulnerabilities could potentially enable attackers to access sensitive information, bypass security measures, and initiate denial-of-service (DoS) attacks on affected systems.
The range of affected Microsoft products includes Microsoft Windows, Microsoft Office, Developer Tools, Azure, Browser, System Center, Microsoft Dynamics, and Exchange Server. The vulnerabilities identified encompass a spectrum of risks, including elevated privilege escalation, information disclosure, security restriction bypass, remote code execution, spoofing, and DoS.
Specifically highlighted were flaws within Microsoft Windows, attributed to improper access restrictions within the proxy driver and inadequate implementation of the Mark of the Web (MotW) feature.
CERT-In strongly recommended users to promptly apply the appropriate security updates provided in the company's update guide to mitigate these vulnerabilities effectively.
In addition to the Microsoft products, CERT-In also cautioned users about vulnerabilities found in Android and Mozilla Firefox web browsers. These vulnerabilities could potentially facilitate the unauthorized access of sensitive data, execution of arbitrary code, and initiation of DoS attacks on targeted systems.
The affected software versions identified in the advisory are 'Android 12, 12L, 13, 14', and 'Mozilla Firefox versions prior to 124.0.1 and Mozilla Firefox ESR versions before 115.9.1'. Users were urged to remain vigilant and take necessary precautions, including updating to the latest versions of the software to ensure their systems' security and integrity.