CERT-In issues 'high risk' warning, many Microsoft tools affected: Details

CERT-In warns of multiple Microsoft product flaws that could enable attackers to bypass security, execute code remotely, or cause data leaks and service disruption

The Indian Computer Emergency Response Team (CERT-In) has issued an advisory for Microsoft users, warning of security vulnerabilities in their devices. The central government authority has issued this advisory to alert individuals and IT administrators, security teams responsible for maintaining and updating Microsoft products.

 

CERT-In has classified these vulnerabilities as “High risk,” warning they could enable attackers to access sensitive data, disrupt services, and carry out other malicious actions.

 

CERT-In in its blog wrote: “Multiple vulnerabilities have been reported in various Microsoft Products, which could allow an attacker to gain elevated privileges, obtain Information Disclosure, bypass Security restrictions, conduct remote code execution attacks, perform spoofing attacks, or cause denial of service (DoS) conditions.”

Affected software

The full list of affected software includes:

• Microsoft Windows
• Extended Security Updates (ESU) for legacy Microsoft products
• Microsoft Azure
• Microsoft Developer Tools
• Microsoft Office
• Microsoft Apps
• Microsoft System Centre
• Microsoft Dynamics
• How to keep your device protected

CERT-In has advised users to apply appropriate security updates as mentioned in Microsoft’s May 2025 security update release notes.

 

However, as per Microsoft’s website, there are no workarounds to these issues yet, and no mitigation has been done in the matter officially either.

 

In related news, CERT-In issued an advisory for iPhone and iPad users around two weeks back.

CERT-In issues 'very high' level warning for iPhone and iPad users

CERT-In earlier issued a high-severity alert for Apple users, warning of a critical vulnerability affecting iPhones running iOS versions earlier than 18.3 (iPhone XS and later) and several iPad models with outdated iPadOS versions. The warning, marked as “very high” risk, was released on May 12 and highlights the potential threat to device functionality.

 

According to CERT-In, the flaw could allow malicious apps to make devices unresponsive or unusable until restored. Users are advised to update their iOS and iPadOS versions promptly to avoid possible disruptions.