CERT-In Warns Users of Multiple Vulnerabilities in Different Versions of Microsoft Windows OS

The Indian Computer Emergency Response Team (CERT-In) has issued an advisory concerning a number of vulnerabilities affecting Microsoft’s Windows working programs. Two separate vulnerabilities had been present in numerous builds of Windows 10, Windows 11, and Windows Server, the corporate’s platform for working network-based purposes. The cybersecurity company has flagged these vulnerabilities as medium threat. While no safety patches for them exist presently, Microsoft has launched a set of actions customers can take to safeguard themselves. Notably, CERT-In highlighted a number of safety flaws in older Apple working programs earlier this month.

CERT-In Issues Advisory for Microsoft Windows OS

In an advisory issued on Monday (August 12), the cybersecurity company highlighted two totally different vulnerabilities in Windows OS. These safety flaws can permit an attacker to achieve unauthorised privileges on the focused system.

“These vulnerabilities exist in Windows-based programs supporting Virtualization Based Security (VBS) and Windows Backup. An attacker with applicable privileges may exploit these vulnerabilities to reintroduce beforehand mitigated points or bypass VBS protections,” mentioned CERT-In.

The two vulnerabilities have been labelled CVE-2024-21302 and CVE-2024-38202 by the nodal company, which comes below the Ministry of Electronics and Information Technology (MeitY). Here, CVE stands for widespread vulnerabilities and exposures, and the format is a standardised methodology of figuring out and describing safety flaws in software program. The full listing of affected Windows software program is shared under.

• Windows Server 2016 (Server Core set up)
• Windows Server 2016
• Windows 10 Version 1607 for x64-based Systems
• Windows 10 Version 1607 for 32-bit Systems
• Windows 10 for x64-based Systems
• Windows 10 for 32-bit Systems
• Windows 11 Version 24H2 for x64-based Systems
• Windows 11 Version 24H2 for ARM64-based Systems
• Windows Server 2022, 23H2 Edition (Server Core set up)
• Windows 11 Version 23H2 for x64-based Systems
• Windows 11 Version 23H2 for ARM64-based Systems
• Windows 10 Version 22H2 for 32-bit Systems
• Windows 10 Version 22H2 for ARM64-based Systems
• Windows 10 Version 22H2 for x64-based Systems
• Windows 11 Version 22H2 for x64-based Systems
• Windows 11 Version 22H2 for ARM64-based Systems
• Windows 10 Version 21H2 for x64-based Systems
• Windows 10 Version 21H2 for ARM64-based Systems
• Windows 10 Version 21H2 for 32-bit Systems
• Windows 11 model 21H2 for ARM64-based Systems
• Windows 11 model 21H2 for x64-based Systems
• Windows Server 2022 (Server Core set up)
• Windows Server 2022
• Windows Server 2019 (Server Core set up)
• Windows Server 2019
• Windows 10 Version 1809 for ARM64-based Systems
• Windows 10 Version 1809 for x64-based Systems
• Windows 10 Version 1809 for 32-bit Systems

As per the advisory, presently, there are not any safety patches obtainable for the safety flaws. While this presents a regarding scenario, the scope of the vulnerability just isn’t very broad because the attacker wants to carry some privilege inside the system earlier than exploiting these flaws.

Microsoft has additionally posted a set of advisable actions for every of the vulnerabilities to assist customers mitigate the potential for an assault. The tech large has additionally highlighted that the CVE will likely be up to date and the customers will likely be notified as soon as a safety replace is able to be shipped.