CERT-In Alerts Users to Critical Vulnerabilities Across Multiple Versions of Microsoft Windows OS

The Indian Computer Emergency Response Team (CERT-In) has recently issued a critical advisory highlighting several vulnerabilities affecting various versions of Microsoft’s Windows operating systems. The advisory, released on August 12, details security flaws present in Windows 10, Windows 11, and Windows Server, Microsoft’s platform for network-based applications. The vulnerabilities are categorized as medium risk, meaning they pose a significant threat but are not deemed critical. Despite the severity of the issues, no security patches are currently available to address them.

The identified vulnerabilities pertain to Windows-based systems that support Virtualization Based Security (VBS) and Windows Backup. CERT-In’s advisory points out that these flaws could potentially allow an attacker to gain unauthorized privileges on affected systems. Specifically, an attacker with appropriate permissions could exploit these vulnerabilities to reintroduce previously mitigated issues or bypass the protections offered by VBS.

The absence of security patches presents a challenge for users and administrators seeking to protect their systems from these vulnerabilities. In response, CERT-In has provided a set of interim measures and best practices to help mitigate the risks associated with these security flaws. These measures include updating security configurations and monitoring system activity for any unusual behavior that might indicate an attempt to exploit the vulnerabilities.

It is important for users of affected Windows versions to remain vigilant and apply the recommended mitigations to minimize the risk. Microsoft is expected to address these vulnerabilities in future updates, but the timing and availability of these patches are currently uncertain. In the meantime, users are advised to follow CERT-In’s guidelines to enhance their system security.

Earlier this month, CERT-In also highlighted security flaws in older Apple operating systems, underscoring the broader issue of cybersecurity threats across different platforms. The advisory for Microsoft Windows OS serves as a reminder of the ongoing need for robust security practices and timely updates to protect against emerging vulnerabilities.

For those affected, monitoring official channels for updates from Microsoft and CERT-In will be crucial in staying informed about the availability of patches and further recommendations. The cybersecurity landscape is continuously evolving, and staying proactive is key to safeguarding systems against potential threats.