CERT-In flags serious vulnerabilities in Microsoft products, urges users to update immediately | Technology News

According to CERT-In, the organisation that works under the Ministry of Electronics and Information Technology (MeitY), the flaw could allow threat actors to gain elevated privileges, obtain sensitive information, conduct remote code execution attacks, carry out spoofing attacks, cause denial of service conditions, tamper with system settings and even bypass certain security restrictions in place.

As it turns out, the vulnerability could also enable attackers to potentially compromise the system, exfiltrate data, cause system crashes and even carry out ransomware attacks. According to CERT-In, the vulnerability carries the risk of remote code execution, system instability and the stealing of sensitive information.

Since these security exploits aren’t limited to one or two software products, they put both individuals and organisations at risk. Microsoft recommends that if you are using any of these products, make sure you install the latest security updates as soon as possible to close the security loopholes.

If you happen to be an IT administrator or work on the security team responsible for maintaining and updating Microsoft products, try limiting administrator privileges to select accounts, using strong authentication and a backup system and monitoring the network and devices for any suspicious activity or traffic.

CERT-In has also issued a vulnerability note for Google Chrome desktop users, where an attacker can potentially execute arbitrary code remotely on a system. In case you are wondering, this vulnerability applies to all end-user organisations and individuals using the desktop version of Google Chrome.