Government has a warning for Microsofts Windows 11, 10 users: Heres what you need to do

The Indian Computer Emergency Response Team (CERT-In) shared an advisory on Friday that warns users of multiple vulnerabilities in Microsoft products. The government body revealed that it found flaws in Windows 11, Windows 10, and some other Windows products and services. These vulnerabilities let attackers bypass security restrictions and obtain vital information about users. Let’s see what are the exact products that are exposed to these vulnerabilities and how you can protect yourself. Also Read: Goodbye Windows 10! After 10 Years, Microsoft Officially Ends Free Support: What Can You Do

Which Microsoft products are affected?

CERT-In in its advisory revealed that there are vulnerabilities in more than 35 versions of Microsoft products. These versions are of the following products products:  Windows 11, Windows 10, Microsoft Office, Browser, Developer tools, Developer Tools, Azure, Microsoft Dynamics, Exchange Server, and System Center. Also Read: PS6 And Next-Gen Xbox Expected to Launch in 2027; Xbox ‘Magnus’ Could Outperform Sony’s Console

“Multiple vulnerabilities have been reported in Microsoft Windows which could allow an attacker to execute arbitrary code, bypass security features, and compromise the target system,” noted the advisory. Also Read: Forget ChatGPT And Gemini Nano Banana! Microsoft Launches MAI-Image-1 - The In House Text-To-Image Tool

These vulnerabilities exist due to improper access restrictions within the proxy driver and insufficient implementation of the Mark of the Web (MotW) feature in Microsoft Windows.

“The SmartScreen Security feature protection mechanism bypasses the Mark of the Web (MotW) feature and allows malware to execute on a target system. The threat acts may exploit these vulnerabilities by sending specially crafted requests.”

What’s the solution?

CERT-In advised the users to download the latest updates of the following apps from the vendor websites.  You can install the latest version of the apps from the Microsoft Store or the product page of these apps. They can also update their Windows version to the latest one.

It’s always better to be on the latest version for apps or OS as the company may have already patched the issues.

Apart from Microsoft vulnerabilities, CERT-In also warned users of a flaw in Android and Mozilla Firefox web browsers. These vulnerabilities could grant unauthorised access to personal data and DoS attacks.

The Android versions with vulnerabilities include Android 12/12L, Android 13, and Android 14. As for Firefox, versions before 124.0.1 and Firefox ESR versions below 115.9.1 are vulnerable to attacks. Again, in this case, users need to update to the latest version.