MeitY’s CERT-In issues ‘high risk’ warning for Microsoft users

The Indian Computer Emergency Response Team (CERT-In) has issued an advisory for Microsoft users, warning of security vulnerabilities in their devices. This team, under the Union Ministry of Electronics and Information Technology, has issued this advisory to alert individuals and IT administrators, security teams responsible for maintaining and updating Microsoft products.In May 2025, the cyber security nodal agency said, “Multiple vulnerabilities have been reported in various Microsoft Products which could allow an attacker to gain elevated privileges, obtain Information Disclosure, bypass Security restriction, conduct remote code execution attacks, perform spoofing attacks, or cause denial of service (DoS) conditions on the targeted system”.According to CERT-In, the affected softwares include:Microsoft Windows Extended Security Updates (ESU) for legacy Microsoft products Microsoft Azure Microsoft Developer Tools Microsoft Office Microsoft Apps Microsoft System Center Microsoft DynamicsA potential compromise of system, exfiltration of data, and ransomware attacks or system crashes were noted as impact assessment in the CERT-In’s advisory.It has classified the vulnerabilities as “High risk,” warning they could enable attackers to access sensitive data, disrupt services, and carry out other malicious actions.Cybersecurity meetNotably, in the ongoing brainstorming conference ‘CERT-IN SAMVAD 2025’ organised by the CERT-In on Monday, discussions on Cybersecurity audits and emerging technologies dominated the agenda.S Krishnan, Secretary, Ministry of Electronics and Information Technology (MeitY), highlighted the importance of collaboration to address evolving cyber threats and strengthen India’s audit ecosystem.He also mentioned that CERT-In’s initiative offers a valuable opportunity for auditing organisations to upgrade practices and share knowledge, contributing to a more cyber-resilient India, said a statement.The event included a panel discussion on ‘Cybersecurity Audits & Regulatory Expectations: Bridging the Gap’ moderated by S S Sarma, Director Operations, CERT-In, with panellists from various regulators.The management track would explore key topics such as human factors in auditing, C-suite risk management, governance frameworks and strategies for stakeholder communication.The three-day event promises parallel management and technical tracks, with over 70 presentations that would set the standard for cutting-edge cybersecurity audit practices.The technical track would focus on emerging tools for automated audits, securing next-generation technologies (IoT, AI/ML, blockchain, quantum computing), SBOM implementation and innovative approaches to complex and continuous audit environments, including cloud systems, APIs and operational technology.(With inputs from syndicated feed)

May 29, 2025 - 14:40
 0
MeitY’s CERT-In issues ‘high risk’ warning for Microsoft users

MeitY’s CERT In issues high risk warning for Microsoft users

The Indian Computer Emergency Response Team (CERT-In) has issued an advisory for Microsoft users, warning of security vulnerabilities in their devices. 

This team, under the Union Ministry of Electronics and Information Technology, has issued this advisory to alert individuals and IT administrators, security teams responsible for maintaining and updating Microsoft products.

In May 2025, the cyber security nodal agency said, “Multiple vulnerabilities have been reported in various Microsoft Products which could allow an attacker to gain elevated privileges, obtain Information Disclosure, bypass Security restriction, conduct remote code execution attacks, perform spoofing attacks, or cause denial of service (DoS) conditions on the targeted system”.

According to CERT-In, the affected softwares include:

Microsoft Windows 

Extended Security Updates (ESU) for legacy Microsoft products 

Microsoft Azure 

Microsoft Developer Tools 

Microsoft Office 

Microsoft Apps 

Microsoft System Center 

Microsoft Dynamics

A potential compromise of system, exfiltration of data, and ransomware attacks or system crashes were noted as impact assessment in the CERT-In’s advisory.

It has classified the vulnerabilities as “High risk,” warning they could enable attackers to access sensitive data, disrupt services, and carry out other malicious actions.

Cybersecurity meet

Notably, in the ongoing brainstorming conference ‘CERT-IN SAMVAD 2025’ organised by the CERT-In on Monday, discussions on Cybersecurity audits and emerging technologies dominated the agenda.

S Krishnan, Secretary, Ministry of Electronics and Information Technology (MeitY), highlighted the importance of collaboration to address evolving cyber threats and strengthen India’s audit ecosystem.

He also mentioned that CERT-In’s initiative offers a valuable opportunity for auditing organisations to upgrade practices and share knowledge, contributing to a more cyber-resilient India, said a statement.

The event included a panel discussion on ‘Cybersecurity Audits & Regulatory Expectations: Bridging the Gap’ moderated by S S Sarma, Director Operations, CERT-In, with panellists from various regulators.

The management track would explore key topics such as human factors in auditing, C-suite risk management, governance frameworks and strategies for stakeholder communication.

The three-day event promises parallel management and technical tracks, with over 70 presentations that would set the standard for cutting-edge cybersecurity audit practices.

The technical track would focus on emerging tools for automated audits, securing next-generation technologies (IoT, AI/ML, blockchain, quantum computing), SBOM implementation and innovative approaches to complex and continuous audit environments, including cloud systems, APIs and operational technology.

(With inputs from syndicated feed)

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow